A quick Saturday digest of cybersecurity news articles from other sources.
7 expert tips on recruiting cybersecurity pros
HR and recruiting experts offer unique ways to find and hire cybersecurity talent. This is an excellent article about what is right and what is wrong in current cybersecurity hiring practices.
Poison packages – “Supply Chain Risks” user hits Python community with 4000 fake modules
To this “researcher”, even a job not worth doing was worth overdoing. Here’s what you can learn from the incident…
Breach Alert from Have I Been Pwned
You signed up for notifications when emails on your domain were pwned in a data breach and unfortunately, it’s happened. Here’s what’s known about the breach:
|Date of breach:||26 Jan 2021|
|Compromised data:||Bank account numbers, Credit status information, Dates of birth, Email addresses, Employers, Health insurance information, Income levels, IP addresses, Names, Personal health data, Phone numbers, Physical addresses, Smoking habits, Social security numbers|
|Description:||In January 2021, the lead generation company Astoria Company allegedly suffered a data breach which exposed over 11M unique email addresses. The data was discovered by Night Lion Security and contained an extensive amount of personal information including names, physical and IP addresses, phone numbers and dates of birth. Some records also contained social security numbers, drivers license details, personal financial information and health-related data, depending on where the information was sourced from. When approached by the press, Astoria did not confirm the origin of the breach and it has consequently been flagged as “unverified” in HIBP.|
|Unverified:||Read more about unverified breaches|
Security Researcher Sued For a Bug Disclosure, Raises Funds For Legal Fight
No good deed goes unpunished. A security researcher has launched a GoFundMe campaign to raise funds for his legal procedures, to fight against a company that’s suing him for making a responsible disclosure. He has found two open repositories exposing sensitive data of a company, and disclosed them to the concerned company for closing it. While they did do, they also sent a legal notice accusing him of the act.
Alan Turing’s £50 banknote officially unveiled
If only he’d been treated like this in his lifetime: the computing pioneer who knew “this is only a foretaste”.
Phish Leads to Breach at Calif. State Controller
A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts.
State of Cybercrime 2020: FBI Internet Crime Report
The FBI just released its annual Internet Crime Report, and it is truly a sign of the times. The FBI notes that the Internet Crime Complaint Center (IC3) has been key to its mission to track cybercrimes. The IC3 received 791,790 complaints from the American public in 2020, the most ever in one year, with reported losses exceeding $4.1 billion. And this year’s report highlights five hot topics… Read more
Human Hack at Tesla: Russian National Pleads Guilty to Ransomware Scheme
A Russian national in a U.S. jail has pleaded guilty to trying to hack Tesla’s computer network. His plot started with an attempt to hack an employee at the company and recruit that person to become an insider threat. But there is much more to this plan, which is full of intrigue, social engineering, diversion, and a seven-figure bribe dangled in front of an employee. Court documents are taking us inside the FBI sting that tripped up the suspect. The cybercriminals involved targeted Tesla through an employee who works at the company’s Gigafactory in Sparks, Nevada. According to the U.S. DOJ, this ransomware plot bubbled to the surface on July 16, 2020, when Russian national Egor Igorevich Kriuchkov used WhatsApp to send… Read more
Corporate doxing is on the rise: Here’s how hackers are doing it and how to stop them
Doxing an individual can be a time-consuming and ultimately fruitless process, but the potential payout for doxing corporate employees can be huge, making them a much more tempting target.
Which IT certifications are in demand in 2021? Does certification still increase salary? That depends: Check out the data on the IT certifications increasing in value
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com