-
World Cybersecurity Forum (1st Quarterly Clubhouse Edition)
We held the first World Cybersecurity Forum this past week and it was a great success! The World Cybersecurity Forum was a 24-hour event held for the first time this year on Clubhouse! The event featured cyber experts from around the world, and was an event open to all with the mission of demystifying cyber, creating awareness and answering the public’s questions. The World Cybersecurity Forum believes that cybersecurity is EVERYONE’S responsibility. Organized by Jacqueline Jayne, Security Awareness Advocate at KnowBe4, Jacqueline or, JJ, for short, can be found on LinkedIn. The session aimed to bring the best minds together from around the world to talk about all things cyber.…
-
News & Notes: July 29, 2021
U.S. President Joe Biden: Severe cyberattacks could escalate to ‘real shooting war’ with a major global power: “You know, we’ve seen how cyber threats, including ransomware attacks, increasingly are able to cause damage and disruption to the real world,” Biden said during a speech at the National Counterterrorism Center of the Office of the Director of National Intelligence. “I can’t guarantee this, and you’re as informed as I am, but I think it’s more likely we’re going to end up — well, if we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great…
-
What is the NSO Group Pegasus Spyware Software? How Does Pegasus Hack Phones?
There was a flurry of news this morning about NSO Group, an Israeli tech firm, and the Pegasus spyware that produces. Al Jazzeera has some interesting reporting and have been following the story for a while. Back in December they reported about their journalists being hacked. “Based on this, we handed the phone to Citizen Lab, who found that the phone was hacked by spyware called Pegasus, which is developed by NSO, an Israeli company,” said Almisshal. “This hacking was done by a so-called zero-click technique where they can access cameras and track the device. They also found that operators in the UAE and Saudi Arabia were behind this hacking.…
-
CompTIA Security Plus + Full Course [VIDEO]
Security+ Full Course video from YouTube. **** Topics Discussed **** Introduction to Network Devices (part 1) (0:00) Introduction to Network Devices (part 2) (8:06) Introduction to Network Devices (part 3) (15:50) Secure Network Administration Concepts (34:00) Cloud Concepts (41:00) Secure Network Design Elements and Components (48:00) Common Network Protocols (part 1) (55:20) Common Network Protocols (part 2) (1:01:00) Common Network Protocols (part 3) (1:08:00) Wireless Security Considerations (1:13:54) Risk Related Concepts (part 1) (1:23:12) Risk Related Concepts (part 2) (1:29:43) Risk Related Concepts (part 3) (1:36:08) Integrating Data and Systems w Third Parties(21:50) Risk Mitigation Strategies (1:41:27) Basic Forensic Procedures (1:46:17) Incident Response Concepts (1:54:15) Security Related Awareness and Training…
-
What is a social engineering attack?
Social engineering is using human interaction (social skills) to obtain or compromise data/information about an organization or its computer systems. This information can them be used to deploy an attack and/or penetrate a network further. Social engineering attacks are particularly dangerous because they prey on our human instincts, interactions and dealings with people and our contextual environment. An attacker may not fit the stereotype we hold in our heads. Social engineering preys on the fact that humans will have our guard up for natural signs of danger and natural enemies, but things get fuzzy when the distinction is not so clear. In social engineering, the attacker may seem unassuming, respectable…
-
Russian Hackers Abusing VPNs to Hijack Accounts, U.S. and British Officials Say
According to an article in Reuters, Russian hackers are accused of abusing VPNs. US and British authorities identify Unit 26165, the arm of Russia’s military spy agency, also accused of interfering in the 2016 US presidential election, as a source behind “widespread, distributed and anonymized brute force access attempts against hundreds of government and private sector targets”. None of the targets, mostly in the United States and Europe, were identified by name, but “included government offices, political parties, energy companies, law firms and media organizations”. “Russian hackers are abusing VPNs to hijack accounts, US and UK officials say” via Reuters
-
Virtual Machines VM’s Are Being Used to Hide Ransomware Activity
As society continues to embrace all things cloud and move more toward virtualization, this field becomes a ripe target for malicious actors (bad people). We are now seeing the use of VMs to implement and hide malicious activity including ransomware. The tactic involves hiding the ransomware payload in a virtual machine on infected hosts. The use of a VM is to provide stealth and help avoid detection for as long as possible. Hosting encryption software within a self-started VM means that typical anti-virus software will not detect it! And when the VM is closed down, it removes a significant amount of possible forensic evidence with it! That’s not good. Some…
-
What is a Ragnar Locker Ransomware Attack?
Ragnar Locker is ransomware that affect devices running Microsoft Windows operating systems. The Ragnar Locker method was first observed in December 2019 as part of a series of attacks against compromised networks. Biblio: Ragnar locker malware: what it is, how it works and how to prevent it–Infosec Institute
-
What are the Different Types of Computer Networks?
Well, first, what a great question! There are NUMEROUS different types of networks, just speaking of the technical kind specifically! While all computers essentially need DATA to be useful, it is when two (or more!) computers are connected to each other, that they can exchange/share data and thus compounding/magnifying their usefulness. CAN—Campus Area Network LAN—Local Area Network MAN—Metropolitan Area Network WAN-Wide Area Network SD-WAN—Software Defined Wide Area Network
-
Post-Quantum Cryptography: The Race Is On
Quantum computers and quantum cryptography have become hot industry buzzwords that are popping up more in the press. With that, the question becomes what happens to the security of our data covered by today’s pre-quantum cryptography technology? This Forbes article helps highlight solutions on the way in the race to post-quantum cryptography: The good news is that solutions are on the way. Recognizing the urgency of the task and the time needed to formulate, choose, standardize and deploy new systems, the U.S. National Institute of Standards and Technology (NIST) launched a Post-Quantum Cryptography (PQC) standardization process in 2016. In July 2020, NIST announced seven third-round candidates, covering both public-key encryption (PKE) and digital…
