#cybersecurity #securitytips #infosec #privacy

Did you ask yourself how secure you are?
Even if you think you are in control of your online security & privacy please double check the following:
1. Do you use VPN?
It can significantly enhance your security. Note: make sure that service provider doesn’t keep your logs.
2. Do you run antivirus software?
Windows,Mac,Linus,Android... Don’t think you are secure...
3. Do you create data backups?
To protect yourself make data backups regularly.
4. Do you use public Wi-Fi?
If you are checking your mail in Starbucks or making a mobile payment in airport, you are taking a big risk to be hacked.
5. Do you use simple passwords?
If you password is something like “John10january1992” think one more time. 🙂
🖥 🔐 Stay Safe!

#elearning #wordpress #cyberattack #cybersecurity

During the COVID-19 lockdown the use of e-leaning platforms(learning management systems, LMS) significantly increased. 
On Thursday the Check Point Research Team flagged that the three WordPress plugins (LearnPress, LearnDash and LifterLMS) have vulnerabilities (CVE-2020-6008, CVE-2020-6009, CVE-2020-6010, and CVE-2020-6011) which ranged from privilege escalation to remote code execution (RCE). 
According to the team: "These vulnerabilities allow regular students and sometimes even unauthenticated users to gain sensitive information or take control of the LMS platforms".
These three plugins are installed on approximately 100,000 different educational platforms, including major universities such as the University of Florida, the University of Michigan, and the University of Washington.
Earlier this month, a cross-site scripting (XSS) vulnerability was discovered in OneTone (Magee WP WP Theme). This vulnerability allowed attackers to inject malicious code into the settings area of the theme, resulting the creation of backdoor administrator accounts.

#cybersecurity #apple #google #covid19

Previously announced collaboration between Apple and Google regarding a new tracing technology may become a “tidbit” for cybercriminals.

Attackers may intercept the transmitted data in order to undermine confidence in the healthcare system.
Two major concerns of new development are:
📱 Identification a device-sender(there is no mechanism to verify that device which has sent an information is actually a “right” one)
and
🗝 Privacy(protection of the integrity of people using the apps)

Electronic Frontier Foundation (EFF) provided suggestions for developers regarding these two issues.

#adobe #vulvulnerability #patch #magento #adobeillustrator

Adobe just released emergency update for Adobe Bridge, Adobe Illustrator and the Magento e-commerce platform. 
35 vulnerabilities were found, the most severe vulnerabilities could enable remote code execution on affected systems.
Widely used Adobe Illustrator contains 5 critical code execution flaws, all existed due to memory corruption bugs in the Windows version of the software.
17 new flaws have been found in Adobe Bridge and 13 (including 6 critical) in Magento.
According to security advisory released by Adobe, critical flows can be exploited by admin-level user or malicious authenticated user. However, some of the important and moderate flaws don’t require admin rights.
So, if you have a Magento e-commerce store, it is highly recommended to upgrade it as soon as possible.

#ittrends2020 #programming #ITlearning 

While few years ago every second person dreamed to become MD, lawyer or financial adviser, today a lot of people try to learn programming languages.
Here are the most popular programming languages in 2020-2021:
1. Python
It is widely accepted as the best programming language to learn first. Python is fast, easy-to-use, and easy-to-deploy programming language that is being actively used to develop scalable web applications. 
2. Javascript
If you are looking for interesting tech job you should seriously consider learning JavaScript. JS is used to develop interactive frontend applications. No compilation requirements.
3. Java
If you are looking for a stable language for large enterprise, that's your choice.
4. C/C++
Still very useful. A lot of low-level systems are still developed on C-family.
5. Go
Also known as Golang, a programming language built by Google. Actively used in Silicon Valley startups. From the cons of Go: absence of virtual machine affects efficiency.

#cybersecurity #zoom #videoconference

New popular topic on the underground forums: how to obtain more information from Zoom,WebEx, Skype and other collaboration tools.

Researchers found more than 2000 Zoom credentials recently. Cases are significantly climbing from March and we are asking everyone to be very careful with using credentials.
Because underground forums are very collaborative there are a lot of cases when hackers just shared these findings without even asking to pay for them.
Credentials stuffing attacks, phishing campaigns, DDoS attacks and data exfiltration attacks against remote workers... Not a full list of “dark” forums...
Stay Safe!

#cybersecurity #securityposture

#cybersecurity #globalrisks2020 #worldeconomicforum

#nintendo #security #nintendoswitch #securitynews

Nintendo is disabling the ability to log into a Nintendo Account through a Nintendo Network ID (NNID) after the confirmation that up to 160,000 Nintendo accounts have been accessed in an enormous privacy breach. That led to the limited amount of PII information exposure. 
Gaming company is unaware how exactly the intrusion was conducted saying only ‘seems to have been made by impersonating login to “Nintendo Network ID”.
Customers (mostly Switch users) who used MFA (multi-factor authentication) are safe, others can expect exposure of Names, Nicknames, gender, countries, date of birth and emails.
Nintendo is asking affected users to contact the company so it can investigate the purchase history and cancel purchases.

#ITcareer #ITcertification

If you are looking to improve your skills during the lockdown there are 10 best IT certification to consider:

1. Google Certified Professional Cloud Architect
2. AWS Certified Solutions Architect/Associate/Practitioner 
3. Certified Information Security Manager (CISM)
4. Certified in Risk and Information Systems Control (CRISC)
5. Project Management Professional (PMP)
6. Certified Ethical Hacker (CEH)
7. Certified Information Systems Security Professional (CISSP)
8. VCP-DCV: VMware Certified Professional 6 - Data Center Virtualization
9. Information Technology Infrastructure Library (ITIL)
10. CompTIA's Security+

Follow our page and we will provide more detailed way to prepare yourself for the certification.

#education #computerscience

Free online courses during the lockdown:

https://online-learning.harvard.edu/subject/computer-science

2020 Trends in IoT security

#IoT #cybersecurity #cybersecuritytrends

Cybercriminals are constantly searching for vulnerabilities in enterprise networks, home computers, cell phones and collaboration tools. IoT devices also became an opportunity to steal sensitive information and take control of computer systems remotely. That's relatively new area for attackers but it involves very fast.

Some 2020 trends in IoT security:

🔒 IoT Devices were always based on "connectivity first" principle but in 2020 this approach should change to "security first devices"
🔒 5G introduced a lot of security challenges due to amount of sensitive data shared via IoT and 5G
🔒 Medical devices(such as insulin pumps or pacemakers) should be designed with a goal to minimize a risk for patients
🔒 Re-evaluation of shared responsibilities for the cloud

#cybersecurity #vulvulnerability #patch

Last Monday Microsoft has fixed a subdomain takeover vulnerability in the collaboration platform MS Teams that allowed an attacker to get Company's Teams accounts. An attack used a malicious GIF to trick the Users.
Vulnerability was discovered by CyberArk and Omer Tsarfati (cybersecurity researcher at CyberArk) said: "Even if an attacker doesn’t gather much information from a Teams’ account, they could use the account to traverse throughout an organization (just like a worm)".
CyberArk researchers found that attacker was able to get hold of a cookie (called "authtoken") that grants access to a resource server (api.spaces.skype.com), and used it to create a "skype token". Abuse of these tokens gave a permissions to send messages, read messages, create groups, add new users or remove users from groups, change permissions in groups via the Teams API.
"The victim will never know that they've been attacked, making the exploitation of this vulnerability stealthy and dangerous," the researchers said.