Author: rescue@crimefire.in

source

Coupons: All the latest trending fashion deals
© 2023 Nine Entertainment Co.

source

DENVER (AP) — The pressure was on. Someone, somewhere, was attacking computer systems so customers couldn’t reach certain websites. In a windowless room in Denver, Zack Privette had worked all morning with his security team to figure out what the cyber strangers were up to.
“What’s happened is that we have an attacker who has been going through our different websites and they found a vulnerability into our active directory and .,” Privette explained to Richard Mac Namee, identified as chief operating officer of the company under attack.
“OK, I’m not technical. What does that mean?” interrupted Mac Namee, who is really the director of the new Cybersecurity Center at Metropolitan State University of Denver. And he’s actually quite technical.
This was a simulation.
The makeshift “Cyber Range” command center inside MSU Denver’s Cybersecurity Center had multiple TV screens showing ominous maps of live cyber threats. It’s part of a unique training ground for students, recent grads and people who don’t even attend the college but are interested in cybersecurity careers.
Privette, who isn’t an MSU student, got to experience the Cyber Range program because it’s open to outsiders. The industry needs more outsiders. According to one estimate, there are 66 cybersecurity professionals for every 100 job openings nationwide. It’s tighter in Colorado, where there are 59 for every 100. And demand is growing faster than training programs like MSU can graduate.
Mac Namee is behind the school’s Cybersecurity Center and getting the school designated as a National Centers of Academic Excellence in Cyber Defense in March. A former commander in the United Kingdom’s Special Forces who’s worked as a specialist in counterterrorism, Mac Namee keeps it practical. During the simulation, he pretends to be an ordinary company executive. Students must figure out how to explain the cyber mayhem to non-techies — and fast!
“It is a giant database that … holds their DNS server. And what a DNS server does is when you type in Google.com, it will change that to the IP address that the computer actually reads. That went down, which is why people are not able to access websites correctly,” Privette told Mac Namee. “That was down at 3:30:29. We have since brought it back up at 3:44.”
“So, 14 minutes of outage,” Mac Namee said. “Fourteen minutes with our athletes and the way they’re trying to log on, that’s quite a big problem. How will we resolve this?”
Privette went on to explain that there was a backup so the data is safe. But he acknowledged the attackers were still inside the system and his team was now trying to figure out if data had been stolen. His team thinks credentials were taken, but he doesn’t think the theft involved customers’ personally identifiable data, he said. Mac Namee gave him an hour to figure it out.
Targeted training programs have been popping up nationwide for the past decade as nearly every business with a website, ecommerce offering or other internet-based operation must deal with data breaches, ransomware and other cyber threats.
According to the Identity Theft Resource Center, which tracks breaches and supports victims, the number of publicly reported data breaches in the U.S. more than doubled since 2015 to 1,862 last year. Regulations in Colorado and around the globe also put the onus on companies to protect customers’ personal data.
Back in 1999, partly to address the lack of qualified professionals, the U.S. National Security Agency launched its National Centers of Academic Excellence program. It certifies schools with a cybersecurity curriculum for cyber research, defense education and cyber operations. There are now about 380 colleges and universities in the U.S. Such designations require standardized cybersecurity curriculum, active challenges and professional development. There are 13 schools in Colorado and include state, community and private colleges.
The partnership with industry and MSU Denver is credited to Mac Namee, said Steve Beaty, a professor in the school’s computer science department. While Beaty started teaching cybersecurity courses in 2004, a cybersecurity degree debuted just four years ago. The new center and partnerships with private cybersecurity companies such as Atos, a European information technology firm that is now taking up space in the facility, really took off after Mac Namee arrived.
“He had the bandwidth. Some of us haven’t had the bandwidth to do a lot of this stuff. Atos is due to him,” Beaty said. “Richard is the one who put the fire under what’s going on here.”
And looking at the heat map of cybersecurity job openings at CyberSeek.org, the U.S. needs it.
In the past 12 months, 714,548 cybersecurity jobs were posted in the U.S. according to EMSI Burning Glass, a firm that analyzes job openings and labor data. EMSI partnered with the Computing Technology Industry Association (CompTIA) and the National Initiative for Cybersecurity Education on the CyberSeek effort to document the need for more trained workers. Colorado, among the top 10 states with the most openings, had 25,761 as of April.
“The field is just growing so fast that even if we churn out many graduates, which we have seen a significant uptick in, it still often doesn’t keep pace with the growth in demand,” said Will Markow, an EMSI Burning Glass cybersecurity expert. “We’ve seen about a 40%-50% increase in the number of graduates from cybersecurity programs across the country. The problem is that during the same timeframe, demand for cybersecurity workers grew about twice that rate.”
The industry has a number of unique issues that compound the shortage, Markow said. New threats erupt all the time, so the industry is constantly scrambling. Workers need a mix of different IT skill sets plus credentials, some that require years of experience. That makes it difficult for those starting out who have no experience.
“Employers are also not offering many opportunities for people who either don’t have a bachelor’s degree or who don’t have at least three to five years of prior work experience,” Markow said. “What that means is that there aren’t many entry level opportunities (and that) presents a unique challenge for building the pipeline of cybersecurity workers.”
Cybersecurity jobs stay open 20% longer than other tech jobs, which are already notoriously hard to fill, he added. And because of the required degrees and certifications, the jobs pay about $15,000 more compared to other IT jobs.
Government agencies are more open to hiring skilled workers without college backgrounds. That’s true with the state Governor’s Office of Information Technology. A paid apprenticeship for veterans requires “some IT experience but no degree,” said Ray Yepes, Colorado’s chief information security officer.
“It’s also worth noting that for the majority of OIT positions we will accept years of experience as a substitute for education,” Yates said in an email.
With the growth of college programs, boot camps and other training programs, Markow said that it’s up to companies to adjust hiring requirements if they really want to fill openings and feed their own talent pipeline.
“I think that really the question is whether employers are going to be receptive (and) hire those workers,” he said. “They’re learning the right skills for cybersecurity. What we need are employers to also recognize that they need to take more of a skills-based lens towards recruiting cybersecurity workers as opposed to a credential- or experience-based lens which they have done historically.”
While security simulations were happening in one part of the room at MSU Denver, in another, Nathan Shelley was at work. Literally. The recent MSU graduate with a Bachelor of Science in cybersecurity was hired by Atos as an intern just before his December graduation. He became a full-time employee May 30. Atos is a massive European IT firm based in Paris.
“We monitor public-sector clouds,” said Shelley, who grew up in Estes Park and was drawn to MSU Denver because of its new cybersecurity degree. “We are responsible for monitoring log traffic and determining if there are false positives or true positives.”
Shelley was monitoring computer systems of actual government agencies that hire Atos to make sure what is stored in the internet cloud isn’t being compromised. Security analysts like Shelley spend hours watching the online activity and thanks to artificial intelligence and monitoring tools, they get alerts when something is awry and must determine if the issue is real.
That may not seem very exciting but a cheery Shelley speaks enthusiastically about his gig, which includes plugging holes discovered only after software was released. In other words, bugs born on day zero that online mischief makers are constantly hunting for.
“Probably the most active that I’ve been this week was yesterday when we were patching for a recently discovered CVE, that is a vulnerability with Follina, it’s a proliferating, zero-day exploit,” he said. “This is very widespread for the Microsoft environment. It’s an Office 365 zero-day vulnerability so that means (the software) was released with the vulnerability. It’s now flaring up in the cybersecurity realm. It allows remote code execution and that can be done through a certain domain.”
Microsoft had not yet issued a fix for Follina, named after an Italian village with a postal code that was found in the exploit.
The MSU Cybersecurity Center is a resource for others, too. Helping potential IT workers get hired is the mission of ActivateWork, a nonprofit IT recruiting and training organization that connects employers to the overlooked talent.
“We believe the traditional hiring process leaves extremely valuable talent out. We help employers solve talent gaps by finding underrepresented candidates and preparing them to excel in new careers,” said Susan Hobson, the nonprofit’s director of apprenticeships and evaluation.
Its first-ever 15-week security fundamentals course culminated last week with MSU Denver’s Cyber Range simulation. Hobson said ActivateWork focuses on the workforce employers need.
“We know that cybersecurity has a gap, especially here in the Denver area,” she said. “If you look at local area labor data, there were 13,000 open cybersecurity jobs as of March this year. We knew the need was there and we drive our course offerings based on local employer needs.”
ActivateWork’s learners aren’t typical students. Most don’t have a college credential. Many are unemployed or are looking for a better job in IT. The recent cohort of security fundamentals graduates left with CompTIA A+ certification and over 100 hours of soft skills and life skills training including resume reviews, interview prep and financial capability training. After graduation, ActivateWork helps them find a job in the field and coaches them for 12 months as they transition into a career.
The organization also has a registered apprenticeship program with the U.S. Department of Labor and works with area employers to hire graduates from their boot camps. Three of the 20 graduates start cybersecurity apprenticeships this month, and ActivateWork is always looking for more companies to partner with to build a talent pipeline in cybersecurity.
“They’re struggling to hire because they’re looking for individuals with three to five years of experience,” Hobson said. “This is a way to equip talent through 12-months of on-the-job learning with the exact skills an employer needs.”
Privette, who was part of the MSU Denver cybersecurity simulation, stopped the bug from wreaking more havoc. They brought back the websites and, well, he hopes he continues to keep learning more. He is very excited to start his ActivateWork cybersecurity apprenticeship on Monday as an information security analyst.
“I’ve been wanting to get into this since high school and I feel like ActivateWork has really given me the opportunity to pursue it,” said Privette, an electrician until he fell from the ceiling at one client location. “I didn’t have the money to afford college. And then I didn’t really realize the path to get to it (cybersecurity). I didn’t want to be an electrician forever. Falling through the ceiling gave me the opportunity to pursue this.”
About the photo: Sam Madison, front, is quizzed by Richard Mac Namee, back right, director of the Cyber Security Center at Metropolitan State University of Denver, and Klaus Streicher, back left, a graduate of the program, during a cybersecurity training exercise, Wednesday, June 1, 2022, in Denver, hosted by the school to help interest potential students who may want to pursue careers in field. (Tamara Chuang/The Colorado Sun via AP)
Was this article valuable?
Thank you! Please tell us what we can do to improve this article.
Thank you! % of people found this article valuable. Please tell us what you liked about it.
Here are more articles you may enjoy.
Get the latest insurance news
sent straight to your inbox.
Your email address will not be published. Required fields are marked *
Name *
Email *
Comment


Δ
Notify me of comments via e-mail
We have updated our privacy policy to be more clear and meet the new requirements of the GDPR. By continuing to use our site, you accept our revised Privacy Policy.

source

Minneapolis Public School students and staff returned to classrooms on Monday this week, but disruptions caused by an “encryption virus” —  including losing access to district accounts, devices and shutting down after-school activities —  continued throughout much of the week. 
“I think the district is trying very hard not to flat-out say that they’ve experienced a ransomware incident… But this has all the hallmarks of those sorts of incidents and that’s what I would consider it to be,” said Doug Levin, national director of the K12 Security Information Exchange and an expert on school cybersecurity.
Cybersecurity is becoming an increasingly prominent concern for public school districts.
In September of last year, the country’s second-largest district was targeted. According to Levin, there have been approximately 200 similar incidents targeting both big and small districts throughout the country in the last three years — and the ransom demanded has grown from $5-$10 thousand to closer to $1 million or more. 
What does that mean? The news, analysis and community conversation found here is funded by donations from individuals. Make a gift of any amount today to support this resource for everyone.
“(This is) affecting school districts from coast to coast — from some of the largest school districts in the nation to much smaller and more rural school districts,” Levin said. “I do think that these incidents are happening more frequently than people realize.” 
The Minneapolis district has moved from saying on Monday this week that it’s found “no evidence” that personal information was compromised, to emailing families that “an unauthorized threat actor may have been able to access certain data located within the MPS environment.”  
Here’s what Levin thinks you need to know about what’s happening in Minneapolis: What is a ransomware attack? 
A ransomware attack is carried out almost exclusively by criminal gangs operating overseas, largely in Russia, according to Levin. 
The groups gain access to a computer system and make it unusable and then demand a payment from their victims.
The Minneapolis school district has denied MPR News requests for interviews on the ongoing incident. According to Levin, there may be several different issues at stake.
First, most states do not have reporting requirements when it comes to what school districts are obligated to do when they experience a cyber attack. Most states also lack any sort of cybersecurity standard that school districts are required to adhere to.
Levin also posits the Minneapolis district may be getting advice from insurance providers or lawyers who are telling them they can limit their liability if they avoid using certain words in public communications. 
Levin suggests people connected to the district change their passwords — especially if they’re reusing them on multiple accounts — enable two-factor authentication, and keep a closer eye on email, social media and financial accounts.
Parents should freeze their minors’ credit accounts to prevent identity theft (The Minneapolis district is directing people to report major fraud or freeze credit through credit reporting bureaus such as Equifax, Experian and TransUnion) . 
“Presume that data has been breached by criminal actors,” Levin said. “Take steps to protect your identity.” 
Levin said it’s possible the district will continue to experience cyber attacks. 
“Unfortunately, a school system that themselves are victims of cybersecurity attacks like this one are actually fairly likely to experience repeat attacks going forward,” Levin said. 
He also suggests families and staff ask their board and district leaders to make sure there is a dedicated budget for cyber security, and a plan in place to address cyber attacks when they occur. 
“What I would suggest for parents… make sure that the school board and superintendent are ensuring that the school system takes cybersecurity risks just as seriously as they take risks of physical violence on the school campus,” Levin said. 
Cyber attacks are becoming increasingly common, and have the potential to actually halt school programming and shut down systems. 
“At this point, given the data that we've seen, it's really only a matter of time before you know any particular school system is a victim,” Levin said. “We've seen attacks in, you know, some of the largest school districts from, you know, state to state to state, as well, as many small ones.”
Levin points school leaders to a recent federal report on cyber security threats to schools, but also says districts may need help from state and federal sources. 
“This is a growing national crisis,” Levin said. “While there are certainly things that we should and can expect superintendents and school boards to do, ultimately we’re going to need more help from the state and federal government.”

source

Luis Alvarez/Getty Images

By Tom Kennedy
Everything gets more complex over time. That’s true according to the second law of thermodynamics and of the cybersecurity skills gap. A decade ago, the cybersecurity industry suffered a shortage of 10,000 professionals. Today, that number has reached 2.72 million. How did we manage to get to this point?
For one, the approach to solving the cybersecurity talent gap focuses too much on filling experienced positions and not enough on welcoming true entry-level candidates. Nearly 400 cybersecurity programs exist in the U.S. today, but there aren’t enough entry-level positions open within the public sector to meet the demand from graduating students.
The good news is that both the public and private sectors recognize how critical it is that we find a solution to bridging the gap between talent and open positions. In July, the Biden administration held its first National Cyber Workforce and Education Summit at the White House, bringing together leaders from the private sector, public sector and even academia to identify solutions to help fill cybersecurity jobs.
While the discussions during that Summit have yet to be made public, the following offers a few suggestions for what should have been proposed.  
Adjust your entry-level expectations
The public sector can be deliberately hard to understand. From the multiple terms and acronyms used to describe programs and agencies, to an incredibly complex technological infrastructure, beginning a career in government can seem daunting. That is compounded when realizing even entry-level roles often require at least five years of experience. Many cybersecurity job descriptions highlight requirements for certifications and achievements, which can only be earned after a certain amount of time in the field. 
Instead of having such high expectations for entry-level candidates, which will only continue to leave hundreds of jobs unfilled, government agencies need to update their job descriptions to be truly entry-level and seek out college graduates or individuals who might have just completed a cybersecurity bootcamp or training program—and who have yet to gain any experience. 
It would also be beneficial to look at talent that might not come from a STEM field. Candidates with backgrounds in history or English can bring skills like analytical thinking and communication to the table—skills that are often a lot harder to teach than computer science.
Be open to the fact that on-the-job teaching will be required. 
Promote from within 
Both the private and public sector should aim to promote from within their current organizations. Whether it is someone who has already been working on the IT or security teams or someone who might be interested in transitioning from another department, agencies need to be open to hiring individuals with a diverse set of skills.
Establishing agency-specific cybersecurity apprenticeship programs would enable interested candidates from non-technical backgrounds to receive hands-on training without having to go back to school—and without needing to further delay the ability to fill critical roles quickly and from within.
Promoting from within also helps build loyalty and trust among employees. Giving employees the opportunity to grow within their careers signals that you value their hard work and will make them more willing to stick with the agency, even in tighter and more competitive job markets. 
After all, as Jen Easterly aptly shared during a discussion at RSA, “… nobody really comes into the government to make money. They come in, because they are motivated to raise their hand to support and defend the Constitution of the United States and defend their nation and America.”
But the public sector should still seek to close the public-private compensation disparity. 
Level the income playing field 
Despite suffering from an equally severe cybersecurity talent gap, private organizations often come out ahead because of their ability to offer candidates higher salaries. Recent data from labor market research firm Lightcast.io found cybersecurity professionals in the private sector make 14% more than their public sector counterparts. 
To solve the pay disparity between the public and private sectors, government agencies should allocate more of their spend toward talent acquisition. The president’s budget plan for fiscal year 2023 includes $10.9 billion for cybersecurity to “help improve the protection of federal infrastructure and service delivery against sophisticated cyber threats.” One could argue that infrastructure includes talent, and by directing more funds toward an increase in salaries, the public sector could start to see an increase in interested applicants.
But these are only three potential avenues for helping to close the cybersecurity talent gap. Those in the private sector must continue to cooperate and converse with the government and agree to share their ideas, successes and failures, in order to continue to identify long-term solutions. We’ve got a long way to go, but by coming together, we can help pass legislation that will improve existing hiring programs that work, continue to invest in our current cybersecurity workforce and ultimately improve our national security.
Tom Kennedy is the vice president of Axonius Federal Systems, LLC.
NEXT STORY: NASA is Crashing a Spacecraft into an Asteroid to Test a Plan That Could One Day Save Earth From Catastrophe
Do Not Sell My Personal Information
When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.
Manage Consent Preferences
Strictly Necessary Cookies – Always Active
We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.
Sale of Personal Data, Targeting & Social Media Cookies
Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link
If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.
Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.
If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Cookie List
A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:
Strictly Necessary Cookies
We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.
Functional Cookies
We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.
Performance Cookies
We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.
Sale of Personal Data
We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.
Social Media Cookies
We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.
Targeting Cookies
We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.
Help us tailor content specifically for you:

source

GoDaddy has revealed it suffered a multiyear data breach in which unknown hackers stole source code and installed malware on the company’s servers. 
The hosting company has attributed the security incident to a breach of its cPanel shared hosting environment by a “sophisticated and organized group targeting hosting services like GoDaddy.”
“According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities,” GoDaddy said. 
GoDaddy said it discovered the data breach in December after it received customer reports that their websites were being used to redirect web users to random domains.
In a filing with the U.S. Securities and Exchange Commission, GoDaddy said its investigation determined the data breach has been part of a “multi-year campaign by a sophisticated threat actor group.” 
GoDaddy has linked the “campaign” back to previous breach disclosures the company made in March 2020 and November 2021. 
In the November 2021 data breach, hackers reportedly used a compromised password to breach GoDaddy’s WordPress hosting environment, affecting 1.2 million Managed WordPress customers. 
GoDaddy customers affected by the November 2021 breach had their email addresses, database credentials, WordPress Admin passwords, and other information exposed during the attack. 
The company had previously notified 28,000 of its customers in March 2020 that they had been affected by a data breach that was attributed to a hacker who made unauthorized use of web hosting account credentials in October 2019. 
GoDaddy said it has begun working with external cybersecurity forensic experts and law enforcement agencies around the world to try and determine how the breach could have occurred. 
In other recent data breach news, LendUS agreed to a settlement last month to resolve claims the company failed to protect consumers during a 2021 data breach that compromised information that included Social Security numbers. 
Have you been impacted by a GoDaddy data breach? Let us know in the comments.
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
Δ
please add me
add me
Please add me
Please add me
I had a go daddy account.
Closed my account but still have hackers tracking my activities every day: changing settings, deleting emails & contacts, stealing documents, and calling impersonating my bank’s security department. Have had to beef up my security and keep my phone off to all because they will even use my contacts’ phone numbers! Please add me.
Please add me
Add me please.
W/ thousands of names at GoDaddy, the diff between their security today, and 20+ yrs ago, is a bit distressing. Having been moving chunks of domains to other registrars. Question is, are any safe? Can’t think of anything more likely to be effective than dividing your domains amongst multiple registrars, ie: Porkbun,; NameCheap, or whichever you’re comfortable with. #GoDaddy #notrust #registrars #GoDaddySucks
How does this affect my certs with godaddy? I have both domains and certs with them.
The GoDaddy account resulted in multiple affected products and at the time, witnessing the events occur live, GoDaddy was not able to confirm or deny the situation. For multiple years, law firms including GoDaddy failed to provide a resolution of these terms which remain unresolved today. After attempting to regain access to these products through external terms from a data breach all attempts were exhausted.
If these individuals were able to manipulate products it would not surprise me what they are capable of doing with preliminary or financial information.
Yes please add me.
Me to add me to godaddy breach
I had several GoDaddy accounts. Please add me to the list.
Add me please I have go daddy account
Affected
ADD ME
Add me
Yes, I have an account with GoDaddy and they have all of my account information
Your email address will not be published. By submitting your comment and contact information, you agree to receive marketing emails from Top Class Actions regarding this and/or similar lawsuits or settlements, and/or to be contacted by an attorney or law firm to discuss the details of your potential case at no charge to you if you qualify. Required fields are marked *
Comment *
Name *
Email *


Δ
Δ
please add me
add me
Please add me
Please add me
I had a go daddy account.
Closed my account but still have hackers tracking my activities every day: changing settings, deleting emails & contacts, stealing documents, and calling impersonating my bank’s security department. Have had to beef up my security and keep my phone off to all because they will even use my contacts’ phone numbers! Please add me.
Please add me
Add me please.
W/ thousands of names at GoDaddy, the diff between their security today, and 20+ yrs ago, is a bit distressing. Having been moving chunks of domains to other registrars. Question is, are any safe? Can’t think of anything more likely to be effective than dividing your domains amongst multiple registrars, ie: Porkbun,; NameCheap, or whichever you’re comfortable with. #GoDaddy #notrust #registrars #GoDaddySucks
How does this affect my certs with godaddy? I have both domains and certs with them.
The GoDaddy account resulted in multiple affected products and at the time, witnessing the events occur live, GoDaddy was not able to confirm or deny the situation. For multiple years, law firms including GoDaddy failed to provide a resolution of these terms which remain unresolved today. After attempting to regain access to these products through external terms from a data breach all attempts were exhausted.
If these individuals were able to manipulate products it would not surprise me what they are capable of doing with preliminary or financial information.
Yes please add me.
Me to add me to godaddy breach
I had several GoDaddy accounts. Please add me to the list.
Add me please I have go daddy account
Affected
ADD ME
Add me
Yes, I have an account with GoDaddy and they have all of my account information
Your email address will not be published. By submitting your comment and contact information, you agree to receive marketing emails from Top Class Actions regarding this and/or similar lawsuits or settlements, and/or to be contacted by an attorney or law firm to discuss the details of your potential case at no charge to you if you qualify. Required fields are marked *
Comment *
Name *
Email *


Δ
Please note: Top Class Actions is not a settlement administrator or law firm. Top Class Actions is a legal news source that reports on class action lawsuits, class action settlements, drug injury lawsuits and product liability lawsuits. Top Class Actions does not process claims and we cannot advise you on the status of any class action settlement claim. You must contact the settlement administrator or your attorney for any updates regarding your claim status, claim form or questions about when payments are expected to be mailed out.

Δ
@2023 Top Class Actions. All Rights Reserved. Privacy Policy | Terms and Conditions

source

The Good Guys customers possibly affected by data breach at former third-party provider My Rewards
Up to 1.5 million customers of The Good Guys loyalty program may have had their personal information hacked in a data breach at a third-party company. 
The electronics retailer released a statement saying the IT systems of a former third-party supplier, Pegasus Group Australia, now known as My Rewards, had been improperly accessed by an unauthorised user.
The Good Guys said My Rewards had previously been used for reward services for "Concierge" members and it collected names, addresses, phone numbers and emails and, for some, dates of birth.
However, it said drivers licence, passport and credit card data was not involved in the breach.
The Good Guys has directly contacted 325,000 Concierge members who had set up a My Rewards account, and a further 1.5 million Concierge members whose contact details might have been impacted by the breach, which is believed to have occurred in August 2021. 
The Good Guys no longer uses My Rewards, and accounts linked to Concierge member benefits have been closed.
The Good Guys managing director Biag Capasso apologised for concern the issue had caused. 
New data from the Australian Bureau of Statistics shows more of us were exposed to scams in the past financial year. But, encouragingly, fewer of us are falling victim to them. 
"The Good Guys take the matter of privacy and data security very seriously," he said. 
"It is extremely disappointing that My Rewards, a former services provider, has experienced this breach."
A spokesman for My Rewards, said: "While we believe no serious harm has been caused by the breach, we are very concerned with the unauthorised access to the information and are working closely with the federal government authorities to minimise the impact of the data breach." 
Anyone who has concerns about their personal information should contact IDCare, a national identity and cyber-support community service.
We acknowledge Aboriginal and Torres Strait Islander peoples as the First Australians and Traditional Custodians of the lands where we live, learn, and work.
This service may include material from Agence France-Presse (AFP), APTN, Reuters, AAP, CNN and the BBC World Service which is copyright and cannot be reproduced.
AEST = Australian Eastern Standard Time which is 10 hours ahead of GMT (Greenwich Mean Time)

source

Call of Duty creators Activision recently confirmed that the company suffered a major data breach, with both sensitive and product-related employee information stolen from the website.
The news comes as Microsoft defends its $69 billion acquisition of the company at an EU competitions hearing, with the supra-national political body currently scrutinizing the tech giant’s decision to buy the gaming company.
Cybersecurity tools like password managers provide protection against common tactics like credential stuffing, but this case is the latest reminder that educating employees so they can identify suspicious correspondence is equally important to cybersecurity.
Verifying
Don’t miss out on the top business tech news with Tech.co’s weekly highlights reel
Activision confirmed this week that towards the end of last year, hackers successfully breached the company’s systems. The threat actors exfiltrated sensitive employee data and information about yet-to-be-released game content.
The stolen data includes full names, email addresses, and phone numbers, as well as confidential information like salaries and work locations.
The breach officially occurred on December 4, 2022, but at that time, Activision did not announce or confirm that a cyber attack had taken place, continuing the trend of large companies prolonging the time between breach discovery and disclosure.
According to gaming publication Insider Gaming, the leaked documents seem to highlight “the entire year ahead for Call of Duty.”
Seven “Core Maps” and a “Haunting of Saba event for Halloween” are scheduled for season 6 (September-November 2023), while one “small map” will be arriving beforehand as part of Season 4 (May – July 2023).
As you can see from the image below (credit: @vxunderground), the leaked documents contain plans for at least “one ‘Licensed’ operator every season, which means a collaboration or crossover… more Gunfights, Spec Ops missions, Raids, and Tier 1 Events starting from Season Three” and “at least another 240 bundles”.
At the bottom of the screenshot, you can just about see date information about “Jupiter” – thought to be a new installment in the Call of Duty franchise.
“Jupiter GL4” is penciled in for April 7 to April 28, “Jupiter Alpha” for May 26 to June 2, and “Jupiter GL5” for June 9 to June 30.
As is often the case with data breaches, the hackers found their way in after an employee fell for a text message phishing scam, rather than by exploiting a technical vulnerability.
This emphasizes, rather emphatically, the importance of ensuring your staff are well-trained in recognizing the telltale signs that an email may be suspicious. Password managers and other cybersecurity tools can only do so much.
You can have an extremely secure network and still provide a hacker with an endpoint to exploit by not adequately training your staff.
Verifying
We’re sorry this article didn’t help you today – we welcome feedback, so if there’s any way you feel we could improve our content, please email us at contact@tech.co
Aaron Drapkin is a Senior Writer at Tech.co. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol five years ago. As a writer, Aaron takes a special interest in VPNs, cybersecurity, and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, Cybernews, and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, ProPrivacy, The Week, and Politics.co.uk covering a wide range of topics.
The vulnerability, also discovered on some Google Pixel…
Despite the escalating costs of cyberattacks, only 15% of…
Despite a decrease in attacks, “ransomware remains a…
Keeping drivers safe is a top-three concern for any fleet….
© Copyright 2023

source

The number of cyberattacks continues to rise as we spend more time online and assets are moved to the digital universe. In fact, the average number of cybersecurity attacks per company per year rose 31%, to 270 attacks, according to a 2021 report from Accenture. In reaction to the growing number of cyberattacks, companies are spending more money to protect their digital assets.
The global cybersecurity market is projected grow to a $2 trillion addressable market, which is 10 to 15 times the amount of current spending, according to a new survey conducted by McKinsey & Co. This steep market projection puts pressure on companies to invest in the right cybersecurity talent. 
“The biggest challenge that our market faces is that threat actors are working around the clock to find new ways to exploit and attack their victims. There are no days off. There are no hours off,” Nick Schneider, CEO of cybersecurity firm Arctic Wolf, tells Fortune. “In many ways, the bar of innovation in cybersecurity is set from the outside, as our industry races to stay one step ahead of threat actors, creating an ever-present challenge for the cyber teams protecting businesses of all sizes.”
The challenge of combating a growing number of cyberattacks may seem unattainable, but the solution is finding and retaining top cybersecurity talent.
Yet, there’s already a massive talent gap in the cybersecurity industry. In the U.S. alone, there are more than 700,000 unfilled cybersecurity jobs, data from Cybersecurity Ventures shows. While the global cybersecurity workforce has reached an all-time high with an estimated 4.7 million professionals, there’s still an overall shortage of 3.4 million workers, according to the 2022 (ISC)2 Cybersecurity Workforce Study.
Fighting this talent gap is no small feat, but there are tactics both cybersecurity applicants and recruiters can take to curb the growing number of cyberattacks. Cybersecurity experts agree that companies need to be more lenient with their candidate expectations and invest in leadership at the very top.
Companies big and small also need to hire and compensate someone who is fluent in cybersecurity at the executive board level, Peter Trinh, a cybersecurity architect at TBI Inc., tells Fortune. “Whether you’re hiring a cybersecurity team in-house or partnering with a third party, cybersecurity is expensive, but increasingly necessary to ensure organizational health.”
With so many open cybersecurity jobs, the common conclusions are that there either aren’t enough qualified people to fill the positions or that companies aren’t offering the right compensation packages. While both of these ideas are partially true, cybersecurity experts also argue that the market could stand to have improved recruitment measures and be more open to hiring people with varied professional experience. 
“Companies need to understand that exceptional candidates are out there, but we need to be flexible with the job requirements we set,” Schneider says. “Businesses aren’t looking at nontraditional candidates enough—folks that don’t have a college degree, neurodiverse candidates, veterans, etc. Whether your background is in construction, health care, or even food services, I promise that there is room for you in cyber.”
Learning the tricks of the trade takes time, however. Companies are increasingly offering upskilling opportunities for employees who are interested in making a career switch. Other ways to enter the cybersecurity field include earning a master’s degree, taking certifications, or even start taking a few free classes at a time. 
Because cybersecurity professionals are learning in a variety of ways, companies should pursue a variety of avenues for recruitment, Schneider suggests. 
“Too often, companies spend massive amounts of money recruiting in a stereotypical talent hub like the Silicon Valley and end up competing in an overinflated market,” he says. “Businesses should take stock of the universities that are investing in cyber programs and degrees and make inroads into their internship and professional development programs.”
No matter how professionals enter the industry, they can expect a good payday. The current median salary for cybersecurity professionals in the U.S. is $135,000, the (ISC)2 study shows. Also, nearly 30% of cybersecurity professionals enter the industry for the potential of high salaries and strong compensation packages. 
“The race for cybersecurity talent has been underway for several years and the shortages of skilled employees is difficult to overcome,” Trinh says. “Security specialists are very fluid in their employment choices as compensation, titles, responsibilities, and job pressures all play into the career choices made by these individuals.”
As the talent gap continues to widen, however, so will the need for companies to pursue more automated avenues of protection against cyberattacks, says Sumedh Thakar, CEO of cybersecurity company Qualys, which Fortune has recognized as one of the 100 Fastest-Growing Companies. 
“Shortage of talent in anything always drives toward wage expansion, which in this case, also increases the cost for enterprises to secure themselves,” he tells Fortune. But even as companies become more willing to pay higher wages to cybersecurity professionals, it is still incredibly difficult for them to find qualified experts.”
And for the hires that companies have already made, cybersecurity experts make one thing clear: cybercriminals are motivated to work faster than their victims, which means that cybersecurity professionals need to work to stay one step ahead of bad actors.
“As the number of vulnerabilities continues to explode, the amount of time it takes for attackers to weaponize and exploit these vulnerabilities continues to contract,” Thakar adds. “Essentially, cybersecurity is a challenge of speed. Can the attackers get to your weak points faster than you can?”
See how the schools you’re considering fared in Fortune’s rankings of the best master’s degree programs in data science (in-person and online), nursing, computer science, cybersecurity, psychology, public health, and business analytics, as well as the best doctorate in education programs and MBA programs (part-time, executive, full-time, and online).

source

Illustration: Maura Losch/Axios
Russia's cybercrime underground is starting to recover from the disruptions caused during the ongoing war, which could spell bad news for U.S. companies, experts told Axios.
The big picture: Before the war started, some still hoped Russian President Vladimir Putin might crack down on the deluge of ransomware gangs in his country.
Why it matters: The war has killed off any incentive Putin may have had to stop cybercrime operations from targeting Western organizations.
Flashback: When the war started, factions formed within cybercrime forums between those who supported Russia's war and those who stood with Ukraine.
What's happening: Initial slowdowns in the Russian cybercrime underground have proven to be only blips, experts told Axios.
Between the lines: Even Russian cybercriminals who have fled their country to avoid the draft are seemingly starting to deploy ransomware attacks, Thanos said.
The intrigue: By enabling cybercrime gangs, the Russian government can claim it wasn't responsible for any of the groups' attacks while reaping the benefits of seeing Western organizations hindered.
Sign up for Axios’ cybersecurity newsletter Codebook here.

source