Cyber Security Skills in 2018

Last week I passed the EC-Council Certified Ethical Hacker exam.  Yay to me.  I am a professional penetration tester right?  Negatory.  I sat the exam more as an exercise to see if I “still had it”.  A boxer returning to the ring.  It is over 10 years since I passed my CISSP.  The 6-hour multi-choice horror of an exam, that was still being conducted using pencil and paper down at the Royal Holloway University.  In honesty, that was a great general information security bench mark and allowed you to go in multiple different directions as an “infosec pro”.  So back to the CEH…

Give Yourself a Brain Massage With 10 Straight Hours of Ocean Footage

The sound of lapping ripples, the hypnotic blue depths, the sunlit sparkles on wavetops—these elements, and more, make Earth’s seas a serene and enchanting environment. If you feel like you could use some of this premium aquatic inspiration right now, you’re in luck, because the BBC just released a full ten hours of continuous open “oceanscapes” on YouTube.

Does Your Business Really Know How To Handle A Data Breach?

Whilst data breaches can result in substantial fines that can hit company finances hard, they have many, often more immediate, impacts. Businesses that do not respond quickly and decisively at the first sign of a data breach will find themselves constantly struggling to play catch-up. This means that when the fine hits they are often in such a weakened state that they cannot recover. The brutal truth is that 66% of small to medium businesses go out of business after a data breach.

ActiveX Zero-Day found in Recent N. Korean cyber attacks

A North Korean cyber-espionage group has exploited an ActiveX zero-day to infect South Korean targets with malware or steal data from compromised systems, local media and security researchers have reported. The perpetrators of these attacks are known as the Andariel Group. According to a report authored by South Korean cyber-security firm AhnLab, the Andariel Group is a smaller unit of the larger and more well-known Lazarus Group —North Korea’s cyber-espionage apparatus, believed to be a unit of its military.

27% of security teams receive over 1 million security alerts every day

A new survey from Imperva has revealed that 27 percent of today’s security teams receive over 1 million security alerts every day, which leaves 53 percent of IT professionals struggling to identify critical security incidents over false positives. As a result of the huge volume of alerts security teams are faced with today, the study also revealed that 30 percent of IT professionals have flat-out ignored certain categories of alerts, while four percent have turned off the alert notifications altogether.

World Cup phishing scams on the rise

Dean is Features Editor at IT Security Guru. Aside from cyber security and all things tech, Dean’s interests include wine tasting, roller blading and playing the oboe in his Christian rock band, Noughts & Crosses.

You can reach Dean via email – dean@itsecurityguru.org

The Right Way to Respond to Negative Feedback

Feedback, as they say, is a gift. Research bears this out, suggesting that it’s a key driver of performance and leadership effectiveness. Negative feedback in particular can be valuable because it allows us to monitor our performance and alerts us to important changes we need to make. And indeed, leaders who ask for critical feedback are seen as more effective by superiors, employees, and peers, while those who seek primarily positive feedback are rated lower in effectiveness.

Dozens of Vulnerabilities Found Under Hack the DTS Bug Bounty Program

The Hack the DTS bug bounty program uncovered dozens of vulnerabilities in the Defense Travel System serving the Department of Defense.On 30 May, vulnerability coordination platform HackerOne revealed the results of Hack the DTS. Nineteen trusted security researchers participated in the 29-day program and submitted 100 vulnerability reports over the course of the exercise. Their findings uncovered 65 unique security weaknesses in the Defense Travel System, which facilitates the travel requirements of the U.S. Department of Defense (DoD). Nearly half (28 bugs) contained a high or critical severity warning.For helping to make the DTS more secure, the researchers received $78,650 in reward money.Hack the DTS proceeded under the auspices of Hack the Pentagon, one of the 10 essential bug bounty programs of 2017. The Department of Defense partnered with HackerOne to run the pilot of Hack the Pentagon in the spring of 2016. After the success of the program, DoD officials announced it would expand its contract with HackerOne to other departments. Hack the Army was the first of these initiatives, with Hack the DTS following approximately two years later..Reina Staley, chief of staff and Hack the Pentagon program manager at Defense Digital Service, said she’s happy with the results of the Hack the DTS program. As quoted by BusinessWire:Securing sensitive information for millions of government employees and contractors is no easy task. No system is infallible, and this assessment was the first time we employed a crowd-sourced approach to improve the security aspect of DTS. We’d like to thank the participating hackers for contributing their time to help us safeguard sensitive information.Staley shared additional thoughts about working with white hat hackers in the video posted below.