Category: Uncategorized

Many American institutions provide free online courses which anyone, including non-students, can access if they want to venture in the cybersecurity field without investing too much time or money. There are also courses that will not cost an arm and a leg.
The democratisination of these courses has to do with the yawning gap in cybersecurity skills and talents in the United States and around the world. It is not just a talent shortage issue, but also a major concern for executive leaders around the world.
This is because, according to a recent report, 80% of organizations worldwide have experienced one or more data breaches in the last year which can be attributed to a lack of cybersecurity skills and/or awareness.
In fact, a 2021 analysis from Accenture indicates that the number of attacks each year increased by 31% to 270 between 2020 and 2021. There were 29 successful attacks on average per organization.
According to a 2022 research from Cybersecurity Ventures, the number of unfilled cybersecurity positions has increased by 350% from 1 million to 3.5 million since 2013. This booming cybersecurity field offers a variety of entry points, including a master’s degree program, employer-sponsored training programs, and certification programs.
Some of the free and paid courses are listed below:
This Network and Security Foundations course covers the elements of computer networks and the fundamental security principles related to networks. The course is recognized by Fortune as one of the top online master’s programs in cybersecurity in the United States.
This introductory-level course also introduces students to network security, threat, risk mitigation, and security management concepts and practices.  The course instructors are Gerri Light, program chair of WGU’s College of IT, and Michelle Watt, a WGU instructor.
Over the course of eight weeks, the self-paced course can be finished in as little as 10 hours each week. For $166.08, WGU also provides an unlimited-access version of the course that enables students to continue using the materials even after the course has ended. Students can also finish the course for free with just temporary access to the materials.
This four-week online course offered by New York University will train you on cybersecurity risks, vulnerabilities, and threats.
The courses are: Basic security frameworks and risk analysis in relation to cybersecurity and Introduction to Cyber attacks. The next session this year will be led by Edward G. Amoroso, a professor and researcher at NYU’s Tandon School of Engineering. Amoroso founded and serves as the CEO of the cybersecurity advising and consultancy firm TAG Cyber.
Cryptography aids in the secure communication of only the sender and the intended recipient. In other words, this critical cybersecurity measure aids in the prevention of adversary interference. Students learn the inner workings of cryptographic systems and how to use them in practice.
Participants in this Stanford University-hosted course will also have the opportunity to work on field practice problems. The course takes approximately 23 hours to complete over a seven-week period and has flexible assignment deadlines.
Cryptography I is taught by professor Dan Boneh of Cryptography and Electrical Engineering at Stanford university.
This course offered in 10 weeks introduces students to Internet History, Technology and Security. The course is taught by Charles Russel Severance who will teach on web security and encrypting to protect data. He will also cover an overview of the impact of technology in culture and society and network technology and internet commercialization.
The University of Maryland’s online cybersecurity concentration program includes a course on hardware security that covers the basics of cybersecurity, as well as cryptography. The course is a 12-hour course which runs for over seven weeks.
The course enables students to have an understanding of digital system design flow vulnerabilities and physical attacks on these systems.

Interested in the course
I want to be part of this online program
I want to be a part of this online program
I’m interested in the online cybersecurity course
I’m interested in the online cyber security course
I really want to be part of the online program.
Hello, good piece you highlighted. According to your write up, does it mean the second to the fifth universities run free courses right? Thank you.
How can one appy for the program?
I’m interested in the free cyber security knowledge acquisition programs
I am interested
How do I apply..
I want to be part of the cyber security training program.
Am interested, how can I apply for the program
No link to the course?
Am interested in the online class from Nigeria
I’m interested in the course
I am interested how do i apply
Am interested in recruitment of 2022 Npower program
We are interested in the free program. However, no application links attached to the announcement.
How do I apply please.
I’m interested please
I like challenges of this nature. I will like to be a nightmare to Cyber criminals.
I am interested in the online cyber security course, how can I apply?
How do I apply for the courses coz I’m very much interested in taking them.
Am interested
Please I’m interested
I’m interested. How do I go about it?
I’m Interested in the cyber security course. What is the way out
How do I apply for the course I am interested
I’m interested
Please how do I apply
I am Interested in the online cyber security force How can apply for this?









Business News | Stock Market | Money Market | Cryptos | Financial Literacy | SME |
Follow us on social media:
© 2023 Nairametrics
© 2023 Nairametrics

source

By India Today Web Desk:
It might be a bit of an understatement to say that cybersecurity is a constantly evolving field. Cybersecurity professionals have to stay abreast of new developments constantly, and it’s one of the few jobs that’s practically guaranteed to never get dull.
If you’re looking to launch a career in this exciting and lucrative field or to learn a new skill , then it can be hard to know where to start. In this era of advanced technology , there are many online ways to pursue the course without any hassle. Top institutes and colleges are offering the best cybersecurity courses in partnership with edtech platforms to help the learners upskill and to excel in the industry.
IIT Roorkee recently launched the 4th batch of the Advanced Certification Programme in Cybersecurity along with Imarticus Learning. This 6-month online programme commencing on October 1st, 2022 is designed in collaboration with CEC, IIT Roorkee and industry stalwarts, and intends to offer the best learning outcome for aspiring Cybersecurity professionals.
Overall, the programme will cover multiple cyber security processes and tools ranging from ethical hacking to incident handling. The participant will also get a chance to join in a 3-day campus immersion module and visit IIT Roorkee, which will provide them with valuable professional networking opportunities.
This 6-month online programme provides a high-engagement learning experience with real-world applications and is designed for individuals who want to start a new, more fulfilling career. It will help you develop expertise in defensive cybersecurity, application security, malware analysis, ethical hacking, etc.
In partnership with IIIT Bangalore and NPCI, the CyberSecurity program provides you with a deep understanding needed to spot the opportunities for disruption in the cybersecurity industry.

IIT Kanpur, in association with TalentSprint has designed an Advanced Certification Programme in Cyber Security and Cyber Defence for current and aspiring professionals who are keen to explore and exploit the latest trends in Cyber Security Technologies.
A combination of deep academic rigour and intense practical approach will allow participants to master in-demand skills and build world-class expertise.

This online programme in Advance Cyber Defence is a blended training provided by top IIT faculty and Israeli experts. The module is a 6 months, 480 hours course with 1 year extended access to Israeli labs with cyber attack and defence simulated projects, open to all graduates with strong passion for a career in cyber security.

The course provides 100% placement support in most challenging projects with top employers and 50% training on hands on personalised cloud based live labs.

This advanced certification programme aims at helping you gain expertise and knowledge in Cyber Security. The IIT Guwahati faculty will help you cover all the required Cyber Security skills such as cryptography, ethical hacking, application security, etc.
Also, you will get to master tools such as Linux, SQL, Nikto, and Microsoft Baseline, among others.

E&ICT, IIT Guwahati is an initiative of MeitY (Ministry of Electronics and Information Technology, Govt. of India) and formed with the team of IIT Guwahati professors to provide high quality education programmes.

Add IndiaToday to Home Screen

source

As 2022 ended, OpenAI made ChatGPT live to the world. It is an artificially intelligent research and deployment chatbot that interacts through text using realistic human responses. Its deep learning techniques can generate conversations that convince anyone they are interacting with an actual human. 
Like opening the jar and releasing the genie, its impact is relatively unknown, but grave intrigue and curiosity surrounded it. How will it be used; how does it work; is it for good or evil? No, this is not the next Terminator sequel…
Its intentions are certainly for positive use, and its articulate responses have led many to claim it as the best chatbot to be released. However, in a short period, ChatGPT has already been linked to cyber threats as cyber-criminals leverage its advanced capabilities for nefarious means. 
How is this possible, you ask? Well, for starters, it is entirely possible to use an AI chatbot to create a completed infection chain that starts with a spear phishing email and uses convincing human language to dupe a victim into having their systems infected. 
Security vendors have even explored this by creating phishing emails on ChatGPT and the results were worryingly accurate. For instance, CheckPoint created a phishing email with an attached Excel document containing malicious code that downloads a reverse shell to the victim’s system. 
This is deeply concerning as the threshold and knowledge to create such a threat have been removed with AI. Of course, there is already phishing-as-a-service (PhaaS) and ransomware-as-a-service (RaaS) that provide tool kits for a fee that enable threat actors to carry out such attacks. However, we are seeing another evolution of cyber-criminal activity because many dangers can sprout from this genius creation, which is free and open to the public.
Some of the most obvious threats that come to mind involving ChatGPT include the following:
These are just some possible ways cyber-criminals can leverage ChatGPT, and as the technology advances, more will likely become prevalent. Therefore, organizations and the wider workforce must remain vigilant and become aware of these possible risks. 
Unfortunately, the phishing messages created by ChatGPT are so convincing that it is significantly better at creating them than those that initially wrote them. The language and designs are of higher quality, especially when you consider many phishing campaigns are created by actors who are not proficient in American/British English.   
Yes, it will likely become harder to spot these threats, but that doesn’t mean we can’t do it. We absolutely can, and tools are being tested that can detect ChatGPT’s written text. 
Cybersecurity defenses will meet this test head-on like it always has. 
From a human security perspective, organizations can take mitigating steps to provide individuals/the workforce with new-school cyber-awareness training to arm them with the knowledge of identifying a social engineering attack. We can then look to security technology to effectively remediate the threat.
There would always be a host of new world opportunities and possibilities presented as AI was explored and increasingly provided to the masses. However, with reward also comes risk, and the cybersecurity industry must remain alert to the possible threats that will likely manifest from the wide adoption of technologies like ChatGPT. 

source

Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication.
“This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services,” Microsoft said in an alert.
Microsoft also emphasized that the B2B leak was “caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability.”
The misconfiguration of the Azure Blob Storage was spotted on September 24, 2022, by cybersecurity company SOCRadar, which termed the leak BlueBleed. Microsoft said it’s in the process of directly notifying impacted customers.
The Windows maker did not reveal the scale of the data leak, but according to SOCRadar, it affects more than 65,000 entities in 111 countries. The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others.
“The exposed data include files dated from 2017 to August 2022,” SOCRadar said.
Microsoft, however, has disputed the extent of the issue, stating the data included names, email addresses, email content, company name, and phone numbers, and attached files relating to business “between a customer and Microsoft or an authorized Microsoft partner.”
It also claimed in its disclosure that the threat intel company “greatly exaggerated” the scope of the problem as the data set contains “duplicate information, with multiple references to the same emails, projects, and users.”
On top of that, Redmond expressed its disappointment over SOCRadar’s decision to release a public search tool that it said exposes customers to unnecessary security risks.
SOCRadar, in a follow-up post on Thursday, likened the BlueBleed search engine to data breach notification service “Have I Been Pwned,” describing it as a way for organizations to search if their data was exposed in a cloud data leak.
The cybersecurity vendor also said it has temporarily suspended all BlueBleed queries in the Threat Hunting module it offers to its customers as of October 19, 2022, following Microsoft’s request.
“Microsoft being unable (read: refusing) to tell customers what data was taken and apparently not notifying regulators – a legal requirement – has the hallmarks of a major botched response,” security researcher Kevin Beaumont tweeted. “I hope it isn’t.”
Beaumont further said the Microsoft bucket “has been publicly indexed for months” by services like Grayhat Warfare and that “it’s even in search engines.”
There is no evidence that the information was improperly accessed by threat actors prior to the disclosure, but such leaks could be exploited for malicious purposes such as extortion, social engineering attacks, or a quick profit.
“While some of the data that may have been accessed seems trivial, if SOCRadar is correct in what was exposed, it could include some sensitive information about the infrastructure and network configuration of potential customers,” Erich Kron, security awareness advocate at KnowBe4, told The Hacker News in an email.
“This information could be valuable to potential attackers who may be looking for vulnerabilities within one of these organizations’ networks.”
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

Free online cybersecurity courses are a great place to start your learning journey if you’re considering a career in this field. Enrolling in a cybersecurity course will build a strong foundational base, and you will gain highly advanced technical skills.
With the unprecedented rise in data breaches and theft, cybersecurity has become one of the top priorities for organizations and governments. Cyberattacks can cost companies millions and even disrupt economies and business operations. With these incredibly high stakes, the demand for skilled security professionals is increasing every day.
The growing intensity and sophistication of the threat landscape has forced companies to spend a fortune on strengthening their defenses. According to a Markets and Markets report, the cybersecurity market is estimated to rise from USD 240.27 billion in 2022 to USD 345.38 billion by 2026 (Markets and Markets). EC-Council’s Essential Series offers free online cybersecurity courses to help cybersecurity aspirants break into this field and prepare them for real-world industry challenges.
This blog explores how the top 3 free online cybersecurity courses offered as a part of the Essentials Series by EC-Council can help kickstart your cybersecurity career.
The Ethical Hacking Essentials (E|HE), Digital Forensics Essentials (D|FE), and Network Defense Essentials (N|DE) teach students a range of baseline cybersecurity skills across industry verticals; this essential knowledge includes ethical hacking, penetration testing, conducting forensic investigations, data security, threats and vulnerabilities, web application attacks, IoT and OT attacks, information security, and more.
These foundational courses contain detailed manuals, expert videos, and lab tutorials. Each Essentials Series course includes 12 modules with learning exercises and lab ranges (optional add-on) that provide practical, hands-on experience to help you gain proficiency in network defense, ethical hacking, and digital forensics. The series prepares students for entry-level job roles such as a cybersecurity technician. The Essentials Series courses include:
Industry experts have designed EC-Council’s Essential Series with the goal of training students in the best industry practices, tools, and methodologies to enable them to defeat threat actors from a theoretical and tactical perspective. This initiative includes three free online cybersecurity courses with certifications to educate learners in network security, digital forensics, and ethical hacking.
The curriculum offers an unbiased learning approach and exposure to industry standards. The courses are tailored for IT and early-career professionals and cybersecurity enthusiasts looking to build their skills and get first-hand experience using the technologies and techniques of the trade. Students can expect to receive industry-recognized certifications with each course.
Network Defense Essentials (N|DE) provides a holistic view of network defense and information security concepts. The interactive labs will enable you to gain foundational knowledge in cybersecurity and core competency in defending networks and investigating them.
Wireshark, AWS, Miradore MDM, HashCalc, Docker Bench for security, MD5 calculator, VeraCrypt, HashMyFiles, and Data Recovery Wizard.
Boost your resume by gaining expertise in digital forensics fundamentals and the digital forensics investigation process. Digital Forensics Essentials (D|FE) will enhance your knowledge base, and the add-on labs will prepare you for industry-ready jobs.
Linux, Windows, Wireshark, Sleuth Kit, TOR browser, Splunk, ESEDatabaseView
Gain a comprehensive understanding of ethical hacking and penetration testing fundamentals with Ethical Hacking Essentials (E|HE). Master fundamental ethical hacking concepts such as threats and vulnerabilities, password cracking, web application attacks, IoT and OT attacks, and cloud computing.
Netcraft, L0phtCrack, Web Application Security Scanners, ARP Spoofing Detection Tools, and SQL Injection Detection Tools
The Essentials Series is EC-Council’s massive open online course (MOOCs) initiative to fill the cybersecurity skills gap for entry-level job roles. The series aims to train tomorrow’s cybersecurity workforce and equip them with industry-relevant knowledge. These self-paced, free online cybersecurity courses teach students the latest security standards and how to apply best practices while remaining up to date on changes and trends in the field. With the Essentials Series, you will develop the skills you need for a successful cybersecurity career. Everyone is welcome—there are no eligibility criteria to enroll in the Essentials Series.
MarketsandMarkets. (2021, June 21). Cybersecurity market by component (software, hardware, and services), software (IAM, encryption, APT, firewall), security type, deployment mode, organization size, vertical, and region (2022 – 2026). https://www.marketsandmarkets.com/Market-Reports/cyber-security-market-505.html

source

An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search
By: Matt Hartman, Deputy Executive Assistant Director for Cybersecurity and Infrastructure Security Agency (CISA)
Got tech skills? Talent? Motivation? How about a desire to use those skills for good? If so, then Cybersecurity and Infrastructure Security Agency (CISA) is looking for you. We have nearly 150 open cybersecurity positions that we need to fill fast so we can meet the equally fast-evolving range of cybersecurity threats to our nation.  
 
If you think this may be “just” another federal job—think again. CISA isn’t your typical agency. We do things differently here. We like pushing boundaries smartly and using imagination and innovation to get things done. We have a culture that not only embraces—but actively seeks—diversity. (Looking at you, ethical hackers and people of all backgrounds).  Whether you’re just entering the workforce or have decades of experience, we have vacancies at all levels. 
  
Sound Like You? Then Let’s Meet Up! 
On June 29, 2022, CISA will host a virtual Cyber Hiring event from 11 a.m. to 4 p.m.  The event will provide an opportunity for qualified applicants to interview with CISA hiring managers on the spot for more than 150 CISA cybersecurity positions.      
 
Are these positions competitive? Heck yeah-We have already received more than 1,000 resumes that we are pre-screening prior to the event to help match applicants for vacant cyber positions across our workforce.  
  
We offer a diverse set of career prospects, from ethical hackers, who are engaged in penetration testing or “red team” activities, to malware analysts, who study the functionality and potential origins of malware samples. We also have jobs focused on cybersecurity operational planning, partnerships, and program management. A job at CISA means that you would be working at the forefront of the cybersecurity challenges facing our nation and be able to collaborate with other US Government agencies, state and local government organizations, private industry, and top-tier researchers. 
  
At the event, jobseekers can speak with hiring managers and Office of the Chief Human Capital Officer (OCHCO) representatives in division-specific virtual booths, learn about our inclusive culture at CISA, and acquire additional knowledge and understanding about opportunities at the agency. Or come chat with me at the CSD Information Booth, where I’ll be for the duration of the event meeting interested applicants and directing them to hiring managers based on their skills and interests. Rumor has it CISA Jen may stop by, too. 
 
Applicants can participate online through CISA’s portal at: https://app.brazenconnect.com/events/A3nJDHw 
  
For more information about the event, please visit: https://www.cisa.gov/hiring
 
Heard Rumors About the Federal Hiring? We’ve Beat that System, Too. 
Let’s be real – federal hiring can be a drag, the result of interaction of multiple human resources processes and rules.  BUT there is great news on this front for positions in cybersecurity. Specific to this event, we’ve already begun qualifying candidates to reduce the timeframe to job offers. We’d like to have 100+ offers out within two weeks of the 6/29 event. 
Additionally, last summer the Department of Homeland Security, CISA, and our interagency partners, started rolling out an innovative new approach to hiring and retaining top cyber talent, using a new federal personnel system called the DHS Cybersecurity Talent Management System (CTMS).   
  
CTMS is designed to be agile and adaptable, with a variety of hiring and compensation flexibilities intended to enable DHS to compete in the cybersecurity labor market. It is also intended to address recruitment and retention challenges comprehensively.  With CTMS, we expect DHS will be able to streamline hiring, improve the quality of hires, and improve the competitiveness of compensation packages—while ensuring legal defensibility.    
 
We (the Nation) have a problem: About a 500,000+ person gap in the cyber talent pool. 
Today there are hundreds of thousands more vacancies than people with the right skills. CISA is working to address this broader issue by promoting cyber education for K-12 and higher education students, so we can grow our pipeline of future talent.  
 
CISA is also committed to diversity in cybersecurity. The agency has set a goal of 50% women in the cyber workforce by 2030. We work with organizations that represent underserved communities, HBCUs, and others to raise interest and build capability in the cybersecurity field.  These are just a few examples of our commitment to diversity and to working with others to solve a critical national need. 
 
To be the cyber defense agency that the nation deserves, it’s critical that we bring qualified, excited people into CISA that bring the right skills. We need cyber professionals who can work in a fast-pace environment to solve the most pressing and complex problems in our cyber threat landscape. 
  
Not to brag, but we’re a pretty awesome place to work, too.   
Flexible schedules. Cyber Pay. Generous benefit packages. Telework or remote work. A cool mission. Yup, we pretty much have it all.  
The bottom line – A career at CISA will give you a rewarding work/life balance that includes working with great people on challenging projects all aimed at securing our nation’s cyber landscape. If you like puzzles, if you like to solve problems, if you like working in an inclusive culture with diverse teams to solve crazy challenges—then check us out at our hiring fair next Wednesday, June 29.     
 
Applicants can participate online through CISA’s portal at https://app.brazenconnect.com/events/A3nJDHw. For more information about the event, please visit: https://www.cisa.gov/hiring 

source

By Cynthia Brumfield
CSO |
Since Elon Musk purchased Twitter in late October, non-stop turmoil and controversy have dogged the company, from massive staff firings and resignations to reputational damage from Musk’s careless and often bizarre tweets. Now, mushrooming concern around a possible data breach stemming from a now-fixed Twitter flaw is poised to drive the company further down unless Twitter takes quick action.
Even as regulators in Europe begin to probe what appears to be a massive Twitter data breach, Twitter and Elon Musk have failed to comment publicly on the true extent of the breach. Experts say that unless Twitter gets ahead of the curve, informs regulators of the facts, and notifies users of how much of their public and private information has been exposed, the company could suffer serious financial and operating consequences.
In keeping with the nature of dark web data merchants, the picture surrounding Twitter’s data breach is murky. This latest headache for the company began in July when an actor known as “devil” put up for sale on a breached data forum a database of phone numbers and email addresses belonging to 5.4 million Twitter accounts. Devil demanded payment of $30,000 for the data and claimed to have swiped it via a vulnerability disclosed to Twitter on January 1, 2022. Twitter fixed the flaw on January 13, 2022.
The vulnerability affected Android users and allowed anyone without authentication to obtain a Twitter ID for any user by submitting a phone number or email handle, even if the user prohibited this action in the privacy setting. About a month after devil’s posting, Twitter confirmed that a bad actor had taken advantage of the vulnerability and said it would send out notices to account owners affected by the breach.
The data containing the 5.4 million users’ data was released for free on November 27, 2022. However, another database allegedly containing details on 17 million users was also circulating privately in November.
Then, in late December, Alon Gal, the co-founder and CTO of Israeli cybercrime intelligence company Hudson Rock spotted on a criminal data breach forum a posting by a user called “Ryushi” offering to sell the emails and phone numbers of 400 million Twitter users. After another threat actor released a massive database related to 235 million Twitter users for free, Gal said that the initial figure of 400 million users included duplicates. However, the breach was still one of the “most significant” he’d ever seen.
Gal said that two different threat actors corroborated the 235 million figure. He also said the database likely contains the email addresses and public information of Twitter users but not their phone numbers, although a database of phone numbers of an unknown number of Twitter users likely exists.
Troy Hunt, who runs the data breach reporting site HaveIBeenPwned, says he found 211.5 million unique email addresses in the leaked database. Possibly yet another threat actor released a data set consisting of 200 million Twitter profiles on the Breached hacking forum for eight credits of the forum’s currency, worth approximately $2.
During the year-end holidays and shortly after the New Year, the Twitter accounts of high-profile celebrities in the UK, India, and Australia were hacked. Among the hacked profiles were TV commentator Piers Morgan, UK education secretary Gillian Keegan, Northern Ireland secretary Chris Heaton-Harris, singer Ed Sheeran, and Indian TV star Salman Khan.
Although it’s possible these hacks were unrelated to the sample files released by Ryushi, Gal thinks they’re connected. “This is likely not a coincidence: The reveal of the email address may have been just what the hacker needed to find passwords for the account, or social engineer his way,” Gal said in a tweet.
As conflicting reports about the Twitter breach continue to mount, cybersecurity experts call on Musk to clear up the confusion. Cybersecurity journalist Brian Krebs said in a tweet, “Hey @elonmusk , since you don’t seem to have much of a media/comms team anymore, can you address the apparently legitimate claim that someone scraped and is now selling data on hundreds of millions of Twitter accounts? Maybe it didn’t happen on your watch, but you owe Twitter a reply.”
Gal tells CSO, “Twitter failed to acknowledge this breach, and it is a shame. They should acknowledge it as soon as possible, so users are alert to the risks they are now facing. I urge Twitter users to change passwords and be suspicious of phishing attempts and for Twitter to acknowledge this breach as soon as possible.”
Douglas J. McNamara, Partner in Cohen Milstein’s Consumer Protection practice, tells CSO he assumes that Twitter has “engaged and looked at some of this. But they may not be doing it publicly, and they may not want to share this publicly.” But as far as the law in the US is concerned, “it’s kind of fuzzy,” McNamara says, given the differences in state laws surrounding breach notifications. “You would have to see who is in there, what PII [personally identifiable information] is in there. Is it the kind of PII that would trigger a reporting requirement [under typical risk of harm analysis required by state data breach notification laws]?”
Moreover, at this point, “It really isn’t clear if this was a couple of different breaches, or if this was somebody using scripts to pull this information and add it to what was out there by mixing and matching or if somebody bought different things on the dark web and put them together. It’s just not clear,” McNamara says. “To say this is squishy is an understatement.”
But he says from a good corporate governance perspective, Twitter would be in a better position if it came clean. “If I cared about my customers, the first thing I would do is check to see if it was legit or not and then assuage their concerns.” It does not matter if the data breach preceded Musk’s tenure as Twitter owner, he still must deal with the breach responsibly. “He bought the company. He bought the liability,” says McNamara.
Even if Twitter were to take comfort in the currently squishy nature of the data breach under US state laws, European regulations might be able to inflict the most damage on Twitter. European authorities have a wider range of factors to analyze in determining whether and the degree to which Twitter faces liability related to the breach. 
On December 23, 2022, even before news hit that potentially hundreds of millions of Twitter users’ data might have been breached, the Irish Data Protection Commission (DPC) launched a probe into the initial incident involving 5.4 million Twitter users. The DPC said Twitter had furnished several responses to its queries and believes the company may have violated one or more of the EU’s General Data Protection Regulation (GDPR) provisions.
Amy Worley, managing director and associate general counsel at Berkeley Research, tells CSO that “The GDPR has very strict data breach reporting requirements. It also has a very broad definition of what is a data breach. So, it’s much broader than what exists under most of the US statutes.”
Worley says that “the GDPR is not limited to economic harms the way US laws have been interpreted. So, privacy is a fundamental right in the EU, and it is tied to the rights and freedoms of data subjects.”
Under the GDPR, companies have 72 hours to report a data breach and must report significant changes in their assessments of how many users have been affected. “If they think a company is just ignoring or flouting the law, then the company is likely to get into trouble for that,” Worley says. Fines under the GDPR can reach up to 4% of the company’s global revenue, although that fine level is rare.
Perhaps what should be even more concerning to Twitter is that the European Union could force Twitter to effectively shut down operations in Europe if evidence of an egregious violation emerges. “The European Union can also revoke their ability to process European resident data,” says Worley. “They also have the ability to stop international internet data transfers. And they have the ability to say, ‘You’re not permitted to process the personal data of European residents.’”
Her advice to Twitter or any organization in similar circumstances is: “Understand what happened as quickly as possible. Then really be mindful of that analysis. Is this reasonably likely to impact the rights and freedoms of the data subject? Understand the fulsome way that the EU interprets that. It is not just economic harm.”
Copyright © 2023 IDG Communications, Inc.
Copyright © 2023 IDG Communications, Inc.

source

While earning a master’s degree or another advanced degree can be a great way to make a career switch or earn a higher salary, these programs often require a significant investment of both time and money. For example, a master’s degree in cybersecurity from the University of California—Berkeley, which Fortune ranks as having the No. 1 program in the U.S., costs about $75,000 to complete.
However, these programs can help graduates achieve robust career outcomes. Some cybersecurity grads from UC Berkeley’s program manage to double their salaries post grad, to $200,000. Cybersecurity workers are also in high demand with more than 700,000 open positions in the U.S. alone. Worldwide, the number of unfilled cybersecurity jobs grew by 350%, from 1 million positions in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures.
“Today’s labor market is all about skills,” Jeff Kellum, senior content manager of tech content at LinkedIn Learning, tells Fortune. “With an estimated 3.5 million unfulfilled cybersecurity roles by 2025, the ability to learn and showcase in-demand skills is critical for anyone hoping to get their foot in the door in the space.”
One way to start on your journey to becoming a cybersecurity professional is to start with the basics. LinkedIn Learning offers a variety of courses focused on cybersecurity from a foundational level all the way to preparation for advanced certifications. 
“In the face of an uncertain macroeconomic climate, the ability to learn and showcase in-demand skills is critical to helping people get a foot in the door with a new company or finding a new role within their organization,” Hari Srinivasan, vice of product at LinkedIn, wrote in a late August blog post. “For many professions, certifications have emerged as key to this, with the number of people on LinkedIn who’ve added certifications to their profile increasing 44% over the last two years.”
Fortune has compiled a few cybersecurity courses to check out on LinkedIn Learning for people interested in learning more about the field. We’ve also included a list of the 19 learning paths and courses LinkedIn offers to prepare cybersecurity workers for the most in-demand certifications. LinkedIn Learning is available to LinkedIn users with a premium account, which can cost about $30 to $60 per month, depending on the package you purchase. 
This course helps learners understand the basics of cybersecurity including explainers on cyber threats, cyber criminals, managing cyber risk, and responding to cybersecurity incidents. Cybersecurity Foundations is taught by Malcom Shore, who served as director of New Zealand’s Government Communications Security Bureau (GCSB). The course takes roughly two hours total to complete, and includes instructional videos, chapter quizzes, and a final exam. 
This course is tailor-made for professionals looking to make a career switch to cybersecurity. Transitioning to a Career in Cybersecurity helps learners to leverage their current skills, whether it’s in IT or a related field, in cybersecurity. The course also includes resume tips, interview strategies, and resources for finding a job in cybersecurity. The course, which takes a little over an hour to complete, is taught by Marc Menninger, who’s worked in cybersecurity for more than 20 years.
LinkedIn also offers a complete learning path for professionals who are interested in pursuing a career in cybersecurity. The learning path, Become a Cybersecurity Professional, takes about six-and-a-half hours to complete, and includes five courses: Cybersecurity Foundations, The Cybersecurity Threat Landscape, Learning the OWASP Top 10, IT Security Careers and Certifications: First Steps, and Land Your First Cybersecurity Job. If you complete the entire learning path, you receive a certificate of completion for your work.
LinkedIn Learning also offers 19 prep courses for the top cybersecurity-related certifications. Among the top 15 highest-paying IT certifications in 2022, three of them were cybersecurity-related, according to Skillsoft, which offers online training and courses on tech subjects. These certifications also helped professionals land paychecks of $150,000-plus.
“Security has always been well-paying and it really comes down to scarcity—both in the number of professionals and in the required skills,” Mike Hendrickson, Skillsoft’s vice president of tech and development, previously told Fortune. “With today’s limited pool of security professionals, organizations need to make their offers quite attractive, both in compensation and opportunities for professional development. Skills expectations are also high for these professionals.”
Here’s a list of the cybersecurity certification prep courses that LinkedIn offers:
See how the schools you’re considering fared in Fortune’s rankings of the best master’s degree programs in data science (in-person and online), nursing, computer science, cybersecurity, psychology, public health, and business analytics, as well as the doctorate in education programs MBA programs (part-time, executive, full-time, and online).

source

Last week, Australian telecommunications giant Optus revealed about 10 million customers – about 40% of the population – had personal data stolen in what it calls a cyber-attack.
Some experts say it may be the worst data breach in Australia's history.
But this week has seen more dramatic and messy developments – including ransom threats, tense public exchanges and scrutiny over whether this constituted a "hack" at all.
It's also ignited critical questions about how Australia handles data and privacy.
Optus – a subsidiary of Singapore Telecommunications Ltd – went public with the breach about 24 hours after it noticed suspicious activity on its network.
Australia's second-largest telecoms provider said current and former customers' data was stolen – including names, birthdates, home addresses, phone and email contacts, and passport and driving licence numbers. It stressed that payment details and account passwords were not compromised.
Those whose passport or licence numbers were taken – roughly 2.8 million people – are at a "quite significant" risk of identity theft and fraud, the government has since said.
Optus said it was investigating the breach and had notified police, financial institutions, and government regulators. The breach appears to have originated overseas, local media reported.
In an emotional apology, Optus chief executive Kelly Bayer Rosmarin called it a "sophisticated attack", saying the company has very strong cybersecurity.
"Obviously, I am angry that there are people out there that want to do this to our customers, and I'm disappointed that we couldn't have prevented it," she said on Friday.
Early on Saturday, an internet user published data samples on an online forum and demanded a ransom of $1m (A$1.5m; £938,000) in cryptocurrency from Optus.
The company had a week to pay or the other stolen data would be sold off in batches, the person said.
Investigators are yet to verify the user's claims, but some experts quickly said the sample data – which contained about 100 records – appeared legitimate.
Sydney-based tech reporter Jeremy Kirk contacted the purported hacker and said the person gave him a detailed explanation of how they stole the data.
The user contradicted Optus's claims the breach was "sophisticated", saying they pulled the data from a freely accessible software interface.
"No authenticate needed… All open to internet for any one to use," they said in a message, according to Kirk.
In another escalation on Tuesday, the person claiming to be the hacker released 10,000 customer records and reiterated the ransom deadline.
But just hours later, the user apologised – saying it had been a "mistake" – and deleted the previously posted data sets.
"Too many eyes. We will not sale [sic] data to anyone," they posted. "Deepest apology to Optus for this. Hope all goes well from this."
That sparked speculation about whether Optus had paid the ransom – which the company denies – or whether the user had been spooked by the police investigation.
Adding to the problem, others on the forum had copied the now-deleted data sets, and continued to distribute them.
It also emerged some customers' Medicare details – government identification numbers that could provide access to medical records – had also been stolen, something Optus did not previously disclose.
Late on Wednesday, the company said this had affected almost 37,000 Medicare cards.
Optus has been inundated with messages from angry customers since last week.
People have been warned to watch out for signs of identity theft and for opportunistic scammers, who are said to be already cashing in on the confusion.
A class-action lawsuit could soon be filed against the company. "This is potentially the most serious privacy breach in Australian history, both in terms of the number of affected people and the nature of the information disclosed," said Ben Zocco from Slater and Gordon Lawyers.
The government has called the breach "unprecedented" and blamed Optus, saying it "effectively left the window open" for sensitive data to be stolen.
In an ABC television interview on Monday, Cyber Security Minister Clare O'Neil was asked: "You certainly don't seem to be buying the line from Optus that this was a sophisticated attack?"
"Well, it wasn't. So no," Ms O'Neil replied. The moment drew lots of attention online.
What happened at Optus wasn't a sophisticated attack.

We should not have a telecommunications provider in this country that has effectively left the window open for data of this nature to be stolen.#abc730 pic.twitter.com/KamkiapcZl
Ms Bayer Rosmarin told News Corp Australia on Tuesday: "We have multiple layers of protection. So it is not the case of having some sort of completely exposed APIs [software interfaces] sitting out there.
"I think most customers understand that we are not the villains," she said, adding Optus could not say more while the investigation was ongoing.
The company has faced calls to cover the costs of replacement passport and driving licences, as people scramble to protect themselves.
The breach highlights how much Australia lags behind other parts of the world on privacy and cyber issues, Ms O'Neil says.
"We are probably a decade behind… where we ought to be," she told the ABC.
Both sides of politics have traded blame on the issue. Opposition MPs have said the Labor government is "asleep at the wheel", but the government points out it was only elected in May after a decade of conservative rule.
Ms O'Neil pointed to two areas needing urgent reform.
She argues the government should be able to better penalise companies like Optus. In some countries, the company would have faced hundreds of millions of dollars in penalties but Australia's fine is capped at about $2m, she said.
She also wants to expand cyber-security laws that were introduced last year to include telecommunications companies.
"At the time, the telecommunications sector said: "Don't worry about us – we're really good at cybersecurity. We'll do it without being regulated. I would say that this incident really calls that assertion into question."
Security experts have also suggested reforming data retention laws so telecommunication companies don't have to keep sensitive information for so long. Ex-customers should also have the right to request companies delete their data, experts say.
Optus says it is required to keep identity data for six years under the current rules.
Other industry figures have argued consumers should be able to take companies that lose control of their information to court, instead of the industry regulator.
Could my BeReal get me sacked?
How your data is being scraped from social media
Don’t underestimate Russian cyber-threat, warns US
The three Russian cyber-attacks the West most fears
Bitter divisions over Ukraine dominate G20 talks
Lab leak divisions toxify Covid origins search
Professional hockey player died in Italy shipwreck
Lab leak divisions toxify Covid origins search
Where do Harry and Meghan get their money?
'Why did you torture me?'
How 10% of Nigerian registered voters delivered victory
Sake brewers toast big rise in global sales
The Indian-American CEO who wants to be US president
The problem confronting women of colour
Blackpink lead top stars back on the road in Asia
Why Covid lab-leak theory is so disputed
The iconic outfits that cause outrage
Why Gen Z are feeling stressed at work
NZ's battle with a ruthless predator
© 2023 BBC. The BBC is not responsible for the content of external sites. Read about our approach to external linking.

source

HONOLULU (HawaiiNewsNow) – This week on “Muthaship,” we’re talking with a man who was once America’s most wanted cyber criminal.
Brett Johnson was caught, spent time in jail and is now working to protect large corporations and everyday people from being a victim of cyber crime.
He breaks down the most common scams and simple steps to protect your personal and financial information.
Remember to subscribe to the “Muthaship” podcast on any of the following platforms:
For more episodes with Steph, Noli and Brooke, click here to visit the ‘Muthaship’ archives.
Copyright 2021 Hawaii News Now. All rights reserved.

source