Author: rescue@crimefire.in

Deputy Communications and Digital Minister Teo Nie Ching has announced that almost RM600 million has been lost throughout the year of 2022, as a result of cyber crime in Malaysia. She said that the data showed that cyber crime in the country was “quite serious”.
Teo Nie Ching added that the Communications and Digital Ministry (KKD) will be focusing on educating the public to become more digitally literate and not become victims. One of the steps that will be implemented is working with platforms like TikTok to promote a programme called “Stop For Three Seconds” which aims to be launched in February and March.
“The ‘three seconds’ here is to help the community to think first whether any information received is authentic or not,” she explained.
In October 2022, regulators brought up a Stop, Think, Block mantra for the public to remember whenever they get suspicious calls or messages asking for any personal and banking details. It also came with the tagline “Ingat 3 Saat Ok” (Think for Three Seconds) and the hashtag #JanganKenaScam. The government’s upcoming campaign might mirror last year’s mantra.
Late last year, the Malaysian government even reminded the public to dial 997 if they’ve been scammed. Teo even brought it up, saying that the 997 hotline was still little known by the community.
“Thus far, the 997 hotline operates 12 hours daily and it is a one-stop centre comprising representatives from Bank Negara Malaysia, private banks, MCMC, and the police, who will do their best to immediately stop the flow of victims’ money… The ministry wants to help the victims because we know if we don’t act quick enough, even though the person may eventually be caught, the victims won’t be able to get their money back,” she continued.
[ SOURCE, IMAGE SOURCE ]

source

President Biden’s new cybersecurity policy allows U.S. agencies to …  Slate
source

Popular short-form social video service TikTok denied reports that it was breached by a hacking group, after it claimed to have gained access to an insecure cloud server.
“TikTok prioritizes the privacy and security of our users’ data,” the ByteDance-owned company told The Hacker News. “Our security team investigated these claims and found no evidence of a security breach.”
The denial follows alleged reports of a hack that surfaced on the Breach Forums message board on September 3, with the threat actor noting that the server holds 2.05 billion records in a humongous 790GB database.
“Who would have thought that TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?,” the hacking group known as BlueHornet (aka AgainstTheWest) tweeted over the weekend.
Bob Diachenko, threat intelligence researcher at Security Discovery, said the breach is “real” and that the data is likely to have originated from “Hangzhou Julun Network Technology Co., Ltd rather than TikTok.”
That said, it’s far from clear at the moment where exactly the data has come from and whether third-parties have access to this kind of information.
“This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info,” security researcher Troy Hunt said in a tweet. “Some data is junk, but it could be non-production or test data. It’s a bit of a mixed bag so far.”
The development comes at an inopportune time, as the company continues to face mounting scrutiny for its data security practices owing to its links to China.
Update: In a follow-up statement shared with The Hacker News, the social media company reiterated its security team found no evidence of a security breach.
“We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases,” a spokesperson for the company said.
“The samples also appear to contain data from one or more third-party sources not affiliated with TikTok. We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community.”
Additionally, the Twitter account of AgainstTheWest has since been suspended and allegations of the break-in have since been modified on Breach Forums to mention that “the breach is not from TikTok, and that he most likely was lying or didn’t even investigate it before making such outrageous claims.”
“AgainstTheWest has had a long history of lying about breaches or other things (saying he’s a state-sponsored hacking group… LOL) and this was just the tipping point,” pompompurin, the actor who launched Breach Forums earlier this March, said.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

The cybersecurity industry has taken a hit recently, with economic headwinds prompting layoffs and a broad investor pullback. But some firms have escaped unscathed, like cybersecurity training platform Cybrary, which today announced that it raised $25 million in a Series C funding round. CEO Kevin Hanes conveyed to TechCrunch that the round, which brings Cybrary’s total raised to $48 million, was led by BuildGroup and Gula Tech Adventure and will be put toward developing “content and capabilities” on the company’s platform.
Cybrary was launched in 2015 by co-founders Ralph Sita and Ryan Corey (Hanes joined as CEO a year ago). As Hanes tells it, their mission was to break down barriers to the cybersecurity industry by creating a way for aspiring professionals to enter the field — no matter their background or experience.
“There are an estimated 3.5 million unfilled cybersecurity roles today. Studies suggest the global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets. Introducing more products and technology will not help organizations solve this fundamental issue,” Hanes told TechCrunch via email. “Investing in people is key to narrowing the cybersecurity skills gap and helping to combat increasing burnout and human error. Cybersecurity professionals at every stage of their careers need an affordable and accessible training platform to arm them with the skills and confidence to respond to threats.”
Cybrary’s e-learning portal offers access to training content, including online courses and tools, built around adversary techniques and vulnerabilities. Contained within the catalog are activities led by cybersecurity experts, covering topics like ethical hacking, digital forensics, web app security and networking and operating systems.
Hanes makes the case that Cybrary is a more affordable alternative to in-person bootcamps and other cybersecurity e-learning platforms on the market. A Pro plan, which includes certification prep, labs, and practice assessments, starts at $59. While some might argue that Cybrary isn’t as comprehensive as an intensive, weeks-long bootcamp, it’s indeed a fraction of the cost — most cybersecurity bootcamps average in the thousands of dollars.
“Decision makers should assess the most risk they can reduce with the next dollars they spend and consider the case for training their team,” Hanes said. “Worldwide, 80% of organizations suffered one or more breaches that they could attribute to a lack of cybersecurity skills and awareness. So leaders need to invest in their people, not only to reduce organizational risk, but also to build a cybersecurity talent pipeline across their organizations.”
Eighty-employee Cybrary has reasonably strong traction in the market, with more than 3.7 million users and 742 companies enrolled in its Cybrary for Teams product. The startup also has a budding defense business, involving what Hanes vaguely described as “many” different government groups and military branches.
“Ramping up our in-house cybersecurity expertise has enabled us to create a new style of training that is focused on hands-on skills and understanding real-world threats and vulnerabilities, and how to ensure your organization is protected,” Hanes said. “While Cybrary has historically been focused on helping people enter the workforce and earn their fundamental certifications, [recent] additions to our platform allow us to support these individuals in their journey long after they land their first role.”

source

The push to fast-track veterans into the trucking industry as part of a White House plan announced in April to improve the post-COVID supply-chain logjam has proven so successful, Task Force Movement is adding another sector in need of skilled personnel: cybersecurity.
“Cybersecurity is critically important,” Task Force Movement Chairman Patrick Murphy told veterans and industry representatives gathered Wednesday for The American Legion’s National Higher Education & Credentialing Summit in Milwaukee during the organization’s 103rd National Convention. “Right now, in the federal government, we are 40,000 cyber-professionals short. That’s just in the federal government, not even the private sector … We have to get after it.”
Task Force Movement works to connect veterans and the military community with industry – specifically the trucking sector since April – to speed the process and “bridge the gap between policy and pavement” for transitioning military personnel and veterans. More than 500 veterans have been awarded free scholarships, and more than 130 employers participate in the program’s apprenticeship program.
“This is a public-private partnership,” said Murphy, an Army veteran and the first who served in Iraq to be elected to Congress. “When we launched this on the south lawn of the White House in April, we never thought we would have this much success in four months. It’s making a positive difference.”
The nation’s staff shortages in key industries like trucking and cybersecurity will take collaboration with veterans service organizations like The American Legion, industry leaders in specialized fields, credentialing agencies and government.  And while the nation’s current trouble with filling positions and keeping products moving will require emphasis from many fronts, the military-affiliated community stands to be a catalyst, Murphy suggested. “Will it be solved by veterans fully? Absolutely not. But it will be led by veterans and military families.”
Now, for the trucking industry and cybersecurity alike, the Task Force Movement program has online guidance specifically indexed according to the following categories: Industry Partners, Government Agencies, Foundations, Veterans Service Organizations and Education Partners.
To learn more, visit www.taskforcemovement.org which has recently added a platform for cybersecurity.
 

The American Legion was chartered and incorporated by Congress in 1919 as a patriotic veterans organization devoted to mutual helpfulness.

source

Job cuts hit cybersecurity industry despite surging growth from ransomware attacks  CNBC
source

Most Popular
Three law firms in Australia have teamed up to run a “landmark” case against Medibank involving last October’s data breach. Comprising Maurice Blackburn Lawyers, Bannister Law Class Actions, and Centennial Lawyers, the trio will jointly seek compensation for affected customers. 
Specifically, they will push through a complaint filed with the Office of the Australian Information Commissioner (OAIC) to secure the compensation. Maurice Blackburn last November initiated the formal representative complaint with OAIC, which has the authority to issue the directive for compensation. 
The three law firms said in a joint statement Monday that “tens of thousands” of affected customers already had registered for the class action suit. 
Medibank last October revealed a security incident that compromised the data of 9.7 million current and former customers, including 1.8 million international customers. After the health insurer refused to pay the ransom demands, hackers dumped large batches of the data on the dark web, claiming the files contained all of the data they took in the heist.
The data security incident, alongside others such as the Optus’ breach, prompted the Australian government to push for stiffer penalties. The country’s legislation eventually was revised, increasing maximum fines for serious or repeated breaches to AU$50 million or three times the value of any benefit obtained through the data misuse, or 30% of the company’s adjusted turnover in the relevant period, whichever is greater. 
Bannister Law Class Actions’ principal Charles Bannister expressed hope the joint cooperation would lead to swift compensation payments for Medibank customers impacted in the breach. “We believe the data breach is a betrayal of Medibank’s customers and a breach of the Privacy Act,” Bannister said. “Medibank has a duty to keep this kind of information confidential.” 
Centennial Lawyers’ adjunct professor George Newhouse added that the data breach revealed the lack of safeguards that should have been in place, to prevent private and personal data from being accessed by hackers. 
Describing the law firms’ cooperation as a significant development, Maurice Blackburn’s head of class actions Andrew Watson said the agreement would ensure all three firms worked together with the common goal of obtaining compensation as quickly as possible. 
Maurice Blackburn also filed a representative complaint to the OAIC against Optus with regards to the telco’s data breach. 

source

Continuous integration and delivery platform CircleCI has confirmed that a data breach that occurred on January 04, 2023, was caused by an infostealer being deployed on an employee’s laptop.
“We have learned that an unauthorized third party leveraged malware deployed to a CircleCI engineer’s laptop in order to steal a valid, [two-factor authentication] 2FA-backed SSO [single sign-on] session. This machine was compromised on December 16, 2022,” CircleCI wrote on Friday.
According to the blog post by CircleCI chief technology officer (CTO) Rob Zuber, the malware was not detected by the CircleCI antivirus program.
“Our investigation indicates that the malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate access to a subset of our production systems,” Zuber explained.
The executive added that because the targeted employee had privileges to generate production access tokens, the attacker was able to potentially access and steal data from a subset of databases and stores.
“Though all the data exfiltrated was encrypted at rest, the third party extracted encryption keys from a running process, enabling them to potentially access the encrypted data,” Zuber warned.
Despite the data breach and ongoing investigation, the CTO said that customers can now return to safely build using the CircleCI platform.
“We have taken many steps since becoming aware of this attack, both to close the attack vector and add additional layers of security.”
These include adding detection and blocking through the company’s MDM and A/V solutions for the techniques used by the malware.
CircleCI said it restricted production environment access to “a very limited number” of employees. The firm also reported it had implemented additional security measures.
“For the employees who retain production access, we have added additional step-up authentication steps and controls.”
Zuber concluded that there is no way for the company to know if specific secrets were used for unauthorized access to third-party systems.
“If you stored secrets on our platform during this time period, assume they have been accessed and take the recommended mitigation steps.”
The blog post comes roughly two months after a data breach impacted Dropbox with threat actors impersonating CircleCI employees.

source

Select Page
CompTIA graphic
by Eileen Ristau Tauchman, CompTIA — October 10, 2022 .
Editor’s note: It’s Cybersecurity Awareness Month and thousands of jobs are going unfilled across the United States as cyberthreats and crimes increase. Tech group CompTIA is seeking to help match people seeking cybersecurity careers with resources to develop one.
+++
Interested in a career in cybersecurity? With more than 700,000 job postings for open cybersecurity positions in the United States, you chose a great time to join a booming industry – but where to start? To help close the cybersecurity skills gap, CyberSeek provides detailed, actionable data about supply and demand in the cybersecurity job market, which helps job seekers identify what they need to transition between cybersecurity roles and advance in their careers.
By the way, more than 24,000 of those open jobs are in North Carolina.
In this blog post, we will share the top nine cybersecurity job titles requested by employers within the U.S. cybersecurity job market and the education requirements, certifications and skills needed to find a job in one of these high-demand roles.
To begin, here are the top cybersecurity job titles and their average salaries, according to CyberSeek:
* Salaries marked with (*) came from the U.S. Bureau of Labor Statistics.
^ Salaries marked with (^) came from the CompTIA IT Salary Calculator.
It’s important to note that a cybersecurity salary can vary depending on a variety of factors including the size and scope of the employer, geographic location and a candidate’s experience.


Learn more about cybersecurity from CompTIA.

In addition to these top nine jobs in cybersecurity, CyberSeek data shows that there is a plethora of entry-level job postings for these job titles:
While several of the top nine jobs in cybersecurity are mid-level and advanced-level job roles, these two cyber roles also boast a healthy number of job openings:
From network security to an incident responder or an ethical hacker, an IT security manager may be tasked with anything from installing, administering and troubleshooting security solutions to writing up security policies and training documents for colleagues. While other job roles are responsible for a specific part of the overall system, cybersecurity talent must be able to take a step back and see the big picture to keep it secure from cyberattacks and data breaches.
If you already have some technical skills under your belt, the first step is discovering how your knowledge transfers to the cybersecurity field. For example, if you understand code, you’ll be able to identify and protect against malicious code.
Of course, in technology there’s always something new to learn – and when fighting cybercrime, it’s even more true. Start by taking inventory of your transferable technical skills and make note of the skills you’d like to learn to land a job in cybersecurity. This applies to professional skills as well.
For those without a technical background, the entry to cybersecurity is a little different, but there’s still plenty of opportunity. For example, cyber policy analyst and technical writer are positions that you could obtain without the technical know-how. Think of these entry-level jobs as steppingstones to more advanced cybersecurity jobs as you gain more experience and training.
A cybersecurity career is extremely fulfilling! You get to do things like:
If you want to be a the cyber law enforcement at your organization in a field that continues to grow and offer financial stability, a cybersecurity career is calling your name.
Many cybersecurity jobs require formal training and education. CyberSeek breaks down education requirements and shows the percentage of online job listings requiring either less than a bachelor’s degree, a bachelor’s degree or a graduate degree.
For example, cybersecurity specialist is a term used to categorize entry-level cybersecurity jobs or jobs that perform cybersecurity tasks in addition to other IT tasks, such as tech support or networking. Job titles may include IT specialist information security or IT security specialist. The job postings for this role don’t require as much education as others – 19% of cybersecurity specialist postings require less than a bachelor’s degree, which is higher than more advanced job titles.
In contrast, a cybersecurity engineer is on the advanced-level career track, so if you’re interested in a career as such, you should know that 89% of job openings require higher education. In fact, 66% of cybersecurity engineer postings require a bachelor’s degree and 23% require a graduate degree.
Even more training and experience is required to become a chief information security officer (CISO). Typically, a candidate for this type of position is expected to have a bachelor’s degree in computer science or a related field and 7-12 years of work experience – including at least half of those years in a management role. A CISO is also expected to have deep technical knowledge.
You can dig deep into CyberSeek’s data for any of the top nine job titles and discover what education level is most common for your dream job.

If you’ve done any research on the topic, you know that the choices in information technology (IT) certifications are endless! We’ve combed through the recommendations for these top nine cybersecurity job titles and identified the certifications most requested.
It’s easy to assume that a top skill set recommended for any of these job titles would contain the word “security.” But what about the less obvious skills? As with IT certifications, we’ve filtered through the most popular skills on the job postings.
CyberSeek identified five feeder roles that often serve as steppingstones into an IT security  career because of the similarities in skill requirements and significant skill overlap with multiple core cybersecurity roles. Click below to learn more about what those career paths look like:
The CyberSeek interactive heat map provides a granular snapshot of the demand for cybersecurity pros with the number of job openings in a state or metro area, and the number of active cybersecurity professionals in that area, too.
1. Texas: 83,126 job openings
Top metro area: Dallas-Forth Worth
2. California: 77,141 job openings
Top metro area: San Francisco
3. Virginia: 56,416 job openings
Top Metro area: Washington, DC
The COVID-19 pandemic forced IT pros to work remotely, and it even reinforced that many thrive in this type of work environment. You can check out our full list of top 11 remote IT jobs, and one particular cyber role made this list: cybersecurity analyst. If you’re hoping to score a full-time remote security job, check postings for this role first!
Now that you know more about what education, certifications and skills are recommended for these particular security job titles, you can plan your career journey accordingly. CyberSeek data is constantly updated, so come back often to find new skills or certifications you can add to your repertoire to make yourself a more attractive job candidate. If you are currently in an entry-level role and looking to get ahead, hone in on the items needed for that dream job, and you’ll be on your way to cybersecurity expert status.
Check out the CompTIA Cybersecurity Career Pathway to see how CompTIA certifications can help you get into cybersecurity and advance your cybersecurity career.
(C) CompTIA
Latest headlines delivered to you twice daily
© 2023 WRAL TechWire.   |   Site designed and managed by WRAL Digital Solutions.   |   Privacy Policy.   |   Terms and Conditions

source

Is a Network Security Job a Good Career Move?  EC-Council
source