CyberSecure Specialist

05 May

Google launches entry-level cybersecurity certificate to teach threat detection skills

Data Breaches, Malware, Social Engineering

Google has announced a new entry-level cybersecurity certificate to teach learners how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them. Designed and taught by Google’s cybersecurity experts, the Google Cybersecurity Certificate aims to prepare learners for entry-level jobs in cybersecurity in less than six months with no prior experience required, create greater opportunities for people around the world, and help fill the growing number of open cyber roles,…

Read More
05 May

The top 8 password attacks and how to defend against them

Attacks, Data Breaches

Did you know that the very first password attack happened in 1962? At that time, MIT’s CTSS (Compatible Time-Sharing System) was the first to utilize passwords for granting individual access. Allen Scherr, a Ph.D. researcher, wanted to use the CTSS beyond his allocated weekly hours. In order to extend his usage time, he decided to borrow passwords from other people. Scherr managed to obtain all the passwords stored in the CTSS system by submitting a…

Read More
05 May

The Merck appeal: cyber insurance and the definition of war

Data Breaches, Malware, Social Engineering

Pharmaceutical firm Merck recently won an appeal that could mean its insurers will have to pay up on a $1.4-billion judgment related to the NotPetya cyberattack in 2017. The New Jersey appellate division judges hearing the appeal judge noted that the plain definition of war applies to the various insurance policies and that a cyberattack against an accounting firm not engaged in hostilities, while criminal and based on ill-will, was not tantamount to an act…

Read More
04 May

$10M Is Yours If You Can Get This Guy to Leave Russia

Information, Insights

The U.S. government this week put a $10 million bounty on a Russian man who for the past 18 years operated Try2Check, one of the cybercrime underground’s most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkov‘s card-checking service made him at least $18 million, which he used to buy a Ferrari, Land Rover, and other luxury items. Denis Kulkov, a.k.a. “Nordex,” in his Ferrari. Image: USDOJ.…

Read More
04 May

Patch manager Action1 to add vulnerability discovery, prioritization

Data Breaches, Malware, Social Engineering

Cloud-native, patch-management application provider Action1 is set to add vulnerability discovery and prioritization capabilities to its namesake flagship platform to help businesses stay ahead of software exploits. The plan is part of a company strategy to expand beyond its traditional patch management features and add capabilities aimed at enhancing an organization’s resilience to cybersecurity threats. “The new features will enable customers to see beyond what is patchable into what is actually vulnerable,” said Mike Walters,…

Read More
02 May

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Information, Insights

A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network’s chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has…

Read More
01 May

CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans

Attacks, Insights, Malware

The Federal Communications Commission (FCC) maintains a Covered List of communications equipment and services that have been determined by the U.S. government to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons to national security pursuant to the Secure and Trusted Communications Networks Act of 2019. As the 6th annual National Supply Chain Integrity Month concludes, CISA reminds all critical infrastructure owners and operators…

Read More
28 Apr

IOTW: American Bar Association accused of data breach affecting 1.4 million peop…

Attacks, Data Breaches

In a class action lawsuit, the American Bar Association (ABA) has been accused of “grossly fail[ing] to comply with security standards” and causing a data breach that affected approximately 1.5 million people. The data breach, which occurred in March 2023, saw a malicious actor gain access to the ABA’s systems and steal the data of approximately 1.4 million members. The data stolen included personal information such as name, phone number, address and email address. The…

Read More
28 Apr

CISA Requests for Comment on Secure Software Self-Attestation Form

Attacks, Insights, Malware

CISA has issued requests for comment on the Secure Software Self-Attestation Form. CISA, in coordination with the Office of Budget and Management (OMB), released proposed guidance on secure software. This guidance seeks to secure software leveraged by the federal government. CISA expects agencies to use this proposed form to reduce the risk to the federal environment, thereby implementing a standardized process for agencies and software producers that will create transparency on the security of software…

Read More
27 Apr

Many Public Salesforce Sites are Leaking Private Data

Information, Insights

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in. A researcher found DC Health had five Salesforce Community sites exposing data. Salesforce Community is a widely-used cloud-based software product that…

Read More