Month: August 2018

Thousands of WordPress websites infected by new malware that maliciously redirects unsuspecting visitors

Original article posted on indivigital.com

According to security firm Sucuri, the alleged “main contributors” to the spread of the infection are the tagDiv Newspaper theme and the Ultimate Member Plugin. Conservative estimates suggest the malware has infected at least 2,200 websites.

At least 2,200 WordPress websites have been infected by new malware that maliciously redirects visitors to third party websites to mislead them into accepting requests for browser notifications, according to a post published by cyber security firm Sucuri.

The malicious redirects send users to various URLs on the domain utroro.com, at which point they are seemingly served browser notification opt-ins masquerading as reCAPTCHA images.

Anatomy of a Phishing Scam

Original article posted on datadriveninvestor.com

Avoid Being Tricked By The Automated Army Of Hackers

Part I: Identifying the Problem

“Phishing” is the practice of fooling unsuspecting people into voluntarily giving away their most sensitive data—user names, passwords, social security number, birth dates, and more—by disguising their communication requests to look authentic. Given how easy it is to digitally copy a corporation’s official communication template, this problem is actually far worse than you could ever imagine. Hackers leverage the power of computers to automate sending phishing scams. Hundreds of millions of phishing emails are sent every day for pennies and only a small percent need to work for the system to be rewarded. And rewarded it has been.

  • In 2016, 85 percent of all organizations had suffered phishing attacks and 30% of all phishing emails were opened.
  • In 2017, fake invoicing emails sky-rocketed, CEO fraud emails total $5 billion in losses, and phishing emails that targeted people filing their W-2 forms increased 870%.
  • In 2018, fake invoices becomes the #1 disguise for distributing malware, Dropbox phishing scams surge and DocuSign lures are the most effective.

Top Security Mistakes Putting Your Company at Risk

Original article posted on informationweek.com

Cybersecurity is more painful to manage as technology architectures become more complex. Simplify your approach by avoiding these major security mistakes.

Effective cybersecurity is becoming a tougher problem as organizations embrace more types of devices and hardware. Protecting organizations requires more than tools, which companies tend to learn the hard way. Granted, as the technology stack changes, new cybersecurity tools become necessary. However, the problem has become so complex that no organization can afford all the tools, all the people, and all of the other resources it would need to protect itself against everything.

“You need to take a risk-based approach to security,” said Garrett Bekker, principal analyst, Information Security at 451 Research. “You have to figure out what is an acceptable level of risk, which is easier said than done.”

Bay Area Cyber Camps Wrap Up Another Successful Summer

Over the past three months, Irvin Lemus logged more than 7,000 miles and 70 hours on the road. He wasn’t taking a summer vacation road trip — he was checking in on more than 1,000 students who participated in 29 cyber camps throughout the Bay Area.

The 28 Bay Region community colleges voted overwhelmingly to support the summer CyberCamp program over the past two summers. Strong Workforce Program Regional Funding was dedicated to this effort. 

Lemus is the cybersecurity instructor at Cabrillo College and the Bay Area Cyber Competitions Regional Coordinator for the Western Academy Support and Training Center. In that role, he’s built the Bay Area Cyber Competitions program from the ground up and said he does not plan to stop any time soon.

How California Is Improving Cyber Threat Information Sharing

The state wants to add every city and county government to its automated threat feed program in the next three to four years.

The California Cybersecurity Integration Center alerted its partners to the Thomas Fire along Interstate 5, before the largest wildfire in the state’s modern history was phoned in last December.

Someone had taken to Twitter to first report the blaze, and Cal-CSIC’s media scrapers—which plug into its automated threat feed—noticed.

Cal-CSIC, pronounced “cal-sick,” was created by Gov. Jerry Brown’s executive order in August 2015 to prioritize cyber threats to public sector agencies and expand into the private sector.

GO-Biz Releases Cybersecurity Labor Market Study

Study documents growing need for qualified cybersecurity workers in the marketplace.

Sacramento, Calif. – Today, the Governor’s Office of Business and Economic Development (GO-Biz), in conjunction with the Governor’s Office of Planning and Research (OPR), released the results of a California Cybersecurity Labor Market Analysis and Statewide Survey. This document details the findings of a study done by the California Community Colleges Centers of Excellence for Labor Market Research and demonstrates that there is much work to be done in order to adequately prepare Californians for the demands of the digital and cyber economy.

Conducted as part of the California Advanced Supply Chain Analysis & Diversification Effort (CASCADE) initiative funded by the U.S. Department of Defense, the study gathered information about workforce needs in California and the scope of training being provided by educational providers across the state. It found an alarming gap in the supply of qualified cybersecurity workers prepared to fill the 35,000 cybersecurity-related annual job openings that exist in California.

GSCH

Cyber Heroes Carrie Raleigh and Knea Hawley Empower Middle and High School Girls Through Cybersecurity

GenCyber Camp Brings Technology to Underserved Groups

Carrie Raleigh didn’t know the first thing about cybersecurity when she started working for the Girl Scouts of San Gorgonio Council. And, who could blame her? It’s a far cry from the things traditionally associated with the scouting program.

Over the past three years, Raleigh and colleague Knea Hawley brought the GenCyber program under the Girl Scouts umbrella and opened the doors for even more young women to learn about cybersecurity.

“I’ve learned so much and it’s been an amazing journey. Now it’s one of those things I talk about all the time,” Raleigh said. “It’s been so eye opening to me realizing the potential in the field for these girls. We can connect them with the training they need for this large opportunity in front of them.”

GenCyber is a nationwide program with camps in nearly all 50 states. The San Bernardino camps were held June 18-22 at CSU San Bernardino. The program was funded by a National Science Foundation grant received by CSUSB that made it free to all attendees. CSUSB has invited the Girl Scouts of San Gorgonio Council to participate in their GenCyber camp since 2015.

Beyond learning the basics of cybersecurity, girls had the opportunity to meet with industry professionals from Google, Facebook and Bank of America just to name a few. While it took a lot of coordination from the GenCyber planning team, Raleigh said it was worth it for the students and the employers.

Search
Generic filters

KB Table of Content

close-link
KB Table of Content
Scroll to Top
X