IT Security from ZDNet: “Reaper, a massive new botnet, is a cyberattack waiting to happen”

Reaper, a massive new botnet, is a cyberattack waiting to happen

Reaper is on track to become one of the largest botnets recorded in recent years — and yet nobody seems to know what it will do or when. But researchers say the damage could be bigger than last year’s cyberattack.

A little over a month ago, a sizable botnet of infected Internet of Things devices began appearing on the radar of security researchers.

Now, just weeks later, it’s on track to become one of the largest botnets recorded in recent years.

The botnet, dubbed “Reaper” by researchers at Netlab 360, is said to have ensnared almost two million internet-connected webcams, security cameras, and digital video recorders (DVRs) in the past month, says Check Point, which also published research, putting its growth at a far faster pace than Mirai.

Source: www.zdnet.com/article/reaper-botnet-could-be-worse-than-mirai-cyberattack/

Continue Reading

IT Security from bleepingcomputer: “Backdoor Account Found in Popular Ship Satellite Communications System”

Backdoor Account Found in Popular Ship Satellite Communications System

A popular satellite communications (SATCOM) system installed on ships across the world is affected by two serious security flaws — a hidden backdoor account with full system privileges access and an SQL injection in the login form.

These vulnerabilities affect the AmosConnect 8 designed and sold by Stratos Global, a company acquired in 2009 by mobile satellite services firm Inmarsat Group.

Source: www.bleepingcomputer.com/news/security/backdoor-account-found-in-popular-ship-satellite-communications-system/

Continue Reading

Cybersecurity Career Pathways

Click around the different paths and build your career towards your end goal!

There are many opportunities for workers to start and advance their careers within cybersecurity. This interactive career pathway shows key jobs within cybersecurity, common transition opportunities between them, and detailed information about the salaries, credentials, and skillsets associated with each role.

Continue Reading

CISSP Practice question #28

An alert is:
A: Something changed, neither negative or positive.
B: A triggered warning when something predefined happens (i.e. disk usage over 85%).
C: A system has crashed.
D: We are being hacked.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


B: Alert: Triggers warnings if certain event happens. This can be traffic utilization above 75% or memory usage at 90% or more for more than 2 minutes.

show less

Continue Reading

IT Security from Forbes “BlackBerry CEO: We’ll Try To Break Our Own Encryption If Feds Demand It”

BlackBerry CEO: We’ll Try To Break Our Own Encryption If Feds Demand It

Unlike Apple, Google and Microsoft, who’ve had their separate battles with U.S. law enforcement over recent years, BlackBerry hasn’t been as strong in its condemnation of potential government overreach in accessing user data. And CEO John Chen today told Forbesthe company would comply with court orders asking it to break its encryption and carry out wiretaps on targets specified.

Source: www.forbes.com/sites/thomasbrewster/2017/10/25/blackberry-ceo-well-try-to-break-our-own-encryption-if-feds-demand-it/

Continue Reading

Reach your goals before the end of the year CISSP Sale!

All 4 of my CISSP practice tests for $12 each.

Each test is a full 250 questions CISSP test just like the real exam and the domains are weighted at the same percentage.

You can take this test as many times as you want, the questions and the answer order is randomized.

CISSP study and training! | Study material recommendations image 1 CISSP certification: Full 250 question practice test #1 2017

CISSP study and training! | Study material recommendations image 2CISSP certification: Full 250 question practice test #2 2017

CISSP study and training! | Study material recommendations image 3CISSP certification: Full 250 question practice test #3 2017

CISSP study and training! | Study material recommendations image 4CISSP certification: Full 250 question practice test #4 2017

You will get a overall and domain score after each attempt:

You can look at all the answers, get explanation and sort by domain, right, wrong, skipped or marked for review. 

 

Question example:

Continue Reading

CISSP Practice question #27

Who should be involved in building the SOW for our penetration testers?
A: Senior management.
B: Our legal department.
C: IT security
D: All of these.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


D: To have a proper clear SOW, we need senior managements approval and outlines, legal approval and IT security’s input.

show less

Continue Reading

IT Security IOT from Forbes: “Time To Update Your Vacuum Cleaner — Hack Turns LG Robot Hoover Into A Spy”

Time To Update Your Vacuum Cleaner — Hack Turns LG Robot Hoover Into A Spy

Got a robot hoover buzzing around your home? It’s time to take a look at its security, especially if its an LG device. Researchers from Israeli firm Check Point reported a hack of the LG SmartThinQ app that allowed them to remotely take control of the manufacturer’s Hom-Bot hoover and use the video feed to spy on anything in the device’s vicinity. And, the researchers said, the attack could also compromise refrigerators, ovens, dishwashers, washing machines, dryers and air conditioners — any connected thing controlled by the LG app.

Source: www.forbes.com/sites/thomasbrewster/2017/10/26/lg-hom-bot-robot-hoover-hacked-into-surveillance-device/

Continue Reading

CISSP Practice question #26

Which of these is not a common problem organizations face with audit record management?
A: Log are not reviewed on a regular and timely basis.
B: Logs are stored on a central secure server.
C: Audit logs and audit trails are not stored for a long enough time period.
D: Logs are not standardized or viewable by a SIEM.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


“B: Centralized storage is not a problem, that is good. Security Audit Logs (Audit trail): Audit record management typically faces five distinct problems: Log are not reviewed on a regular and timely basis. Audit logs and audit trails are not stored for a long enough time period. Logs are not standardized or viewable by correlation toolsets – they are only viewable from the system being audited. Log entries and alerts are not prioritized. Audit records are only reviewed for the bad stuff.


show less

Continue Reading