HR and recruiting experts offer unique ways to find and hire cybersecurity talent. This is an excellent article about what is right and what is wrong in current cybersecurity hiring practices.
To this “researcher”, even a job not worth doing was worth overdoing. Here’s what you can learn from the incident…
Breach Alert from Have I Been Pwned
You signed up for notifications when emails on your domain were pwned in a data breach and unfortunately, it’s happened. Here’s what’s known about the breach:
|Date of breach:||26 Jan 2021|
|Compromised data:||Bank account numbers, Credit status information, Dates of birth, Email addresses, Employers, Health insurance information, Income levels, IP addresses, Names, Personal health data, Phone numbers, Physical addresses, Smoking habits, Social security numbers|
|Description:||In January 2021, the lead generation company Astoria Company allegedly suffered a data breach which exposed over 11M unique email addresses. The data was discovered by Night Lion Security and contained an extensive amount of personal information including names, physical and IP addresses, phone numbers and dates of birth. Some records also contained social security numbers, drivers license details, personal financial information and health-related data, depending on where the information was sourced from. When approached by the press, Astoria did not confirm the origin of the breach and it has consequently been flagged as “unverified” in HIBP.|
|Unverified:||Read more about unverified breaches|
No good deed goes unpunished. A security researcher has launched a GoFundMe campaign to raise funds for his legal procedures, to fight against a company that’s suing him for making a responsible disclosure. He has found two open repositories exposing sensitive data of a company, and disclosed them to the concerned company for closing it. While they did do, they also sent a legal notice accusing him of the act.
If only he’d been treated like this in his lifetime: the computing pioneer who knew “this is only a foretaste”.
A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts.
The FBI just released its annual Internet Crime Report, and it is truly a sign of the times. The FBI notes that the Internet Crime Complaint Center (IC3) has been key to its mission to track cybercrimes. The IC3 received 791,790 complaints from the American public in 2020, the most ever in one year, with reported losses exceeding $4.1 billion. And this year’s report highlights five hot topics… Read more
A Russian national in a U.S. jail has pleaded guilty to trying to hack Tesla’s computer network. His plot started with an attempt to hack an employee at the company and recruit that person to become an insider threat. But there is much more to this plan, which is full of intrigue, social engineering, diversion, and a seven-figure bribe dangled in front of an employee. Court documents are taking us inside the FBI sting that tripped up the suspect. The cybercriminals involved targeted Tesla through an employee who works at the company’s Gigafactory in Sparks, Nevada. According to the U.S. DOJ, this ransomware plot bubbled to the surface on July 16, 2020, when Russian national Egor Igorevich Kriuchkov used WhatsApp to send… Read more
Doxing an individual can be a time-consuming and ultimately fruitless process, but the potential payout for doxing corporate employees can be huge, making them a much more tempting target.
Which IT certifications are in demand in 2021? Does certification still increase salary? That depends: Check out the data on the IT certifications increasing in value