Emory University to Launch Online Coding, Cybersecurity Training Programs in Atlanta through Partnership with Fullstack Academy

prnewswire | August 27, 2020

Emory University to Launch Online Coding, Cybersecurity Training Programs in Atlanta through Partnership with Fullstack Academy
Fullstack Academy and Emory University's non-credit division, Emory Continuing Education (ECE), today announced the establishment of a partnership to offer programs aimed at developing qualified professionals to meet the staffing needs of Atlanta's prospering technology sector. According to Forbes, Atlanta's total tech jobs have grown by 46.7% since 2010, almost 20% higher than the national average. Home to Fortune 100 companies such as The Coca-Cola Company, Home Depot, United Parcel Service, Delta Air Lines, AT&T Mobility, and Newell Rubbermaid, the region's tech growth has resulted in a need for more skilled professionals.

Spotlight

Banking Cybersecurity is Just a Technology Issue Banks are in cyber attackers’ crosshairs. And now, there are even more risks to manage as the Internet of Things spans new organizations, services and data sources. Fewer than of banking execs indicate their organization will increase investment in crisis readiness in 2016. The Threat Gap that exists between investments in technology, people, and processes to mitigate emerging threats continues to widen. Meeting these challenges means creating a new mindset — and skill set.

Related News

Garmin Facing U.S. Investigation Over Payments to Terrorists By Third Party Following Cyber Attack

channelnews | August 05, 2020

Garmin is believed to be under investigation by US authorities, for paying cyber terrorists millions of dollars via a third party after their data operations were taken down in a major hack attack by an organisation called Evil Corp.The US Company who like to present themselves as a squeaky-clean Company appears to have had no hesitation in paying Evil Corp who has been sanctioned by the US Treasury as a terrorist organisation.

Read More

DATA SECURITY

Detectify Introduces an Open Source Security Tool for Ethical Hackers

Detectify | May 19, 2021

Ugly Duckling, a stand-alone application security tool specially designed for ethical hackers to make it easier for them to share their discoveries, is now available from Detectify, the SaaS security company powered by ethical hackers. To keep on top of web application security, it's important to find web vulnerabilities as soon as they appear - before attackers exploit them. By offering ethical hackers the tools to build further test modules independently, Ugly Duckling speeds up the integration of vulnerabilities discovered by ethical hackers into automatic security tests on Detectify's platform. When an ethical hacker discovers a loophole, he or she will create a module as a JSON file and test it in Ugly Duckling to ensure that it works. The JSON file is then implemented on Detectify's platform, allowing thousands of app owners and security teams to access the quality-checked findings. Vulnerability reports submitted to Ugly Duckling can be run live as security checks within 5-10 minutes of submission. It's a win-win situation: security and engineering teams can keep up with the latest exploitable vulnerabilities discovered in the wild, while ethical hackers can get paid more quickly. To define the vulnerabilities, Ugly Duckling uses a custom JSON-based template format. It detects "stateless" vulnerabilities, i.e., vulnerabilities that can be discovered by analyzing the response to a single HTTP request. Detectify crowdsources the most latest security research from ethical hackers and distributes it as payload-based tests to security engineers and application owners, allowing them to regularly check their applications for vulnerabilities. On Github, you can find the Ugly Duckling vulnerability scanning tool, which is open-source and MIT-licensed. The Ugly Duckling web scanner is not limited to ethical hackers in Detectify's Crowdsourced network, but is open for all to use for bug bounty hunting, security research, or penetration testing, in keeping with the company's belief in a collective approach to security. About Detectify Detectify believes that everybody should have access to world-class cybersecurity knowledge. Detectify automates the most latest security findings from the world's top ethical hackers and delivers them to security defenders and web application teams. Detectify's security tools, which are driven by a network of hand-picked ethical hackers, check your application outside the OWASP Top 10 and help you keep on top of cloud threats.

Read More

65% of Phishing Threats Facing Remote Workers Impersonate Google-branded Websites

Google | June 11, 2020

The phishing attacks applied a method known as spear phishing to tricks users into disclosing login credentials by impersonating legitimate websites. Google-branded sites accounted for 65% of the attacks experienced during the study, while Microsoft-branded impersonation attacks accounted for just 13%. The form-based phishing attacks applied various methods such as using legitimate sites as intermediaries, using online forms for phishing, and getting access to accounts. Remote workers faced a barrage of over 100,000 phishing attacks within four months, mostly involving Google-branded websites, according to a report by Barracuda Networks. The phishing attacks applied a method known as spear phishing to tricks users into disclosing login credentials by impersonating legitimate websites. Google-branded sites accounted for about 65,000 of the attacks making up for 65% of the attacks experienced during the study, while Microsoft-branded impersonation attacks accounted for just 13% of the attacks registered between January 1, 2020, and April 30, 2020. The form-based phishing attacks applied various methods such as using legitimate sites as intermediaries, using online forms for phishing, and getting access to accounts without the use of passwords. Google file-sharing and storage websites accounted for 65% of phishing attacks targeting remote workers within the first four months of the year. These phishing attacks involved the use of Google’s domains, such as storage.googleapis.com (25%), docs.google.com (23%), storage. cloud.google.com (13%), and drive.google.com (4%). Microsoft brands were used in 13% of the attacks, including onedrive.live.com (6%), sway.office.com (4%), and forms.office.com (3%). Read more: GOOGLE'S ADVANCED PROTECTION CYBERSECURITY NOW AVAILABLE TO NEST USERS Organizations should also educate their employees on online security to help them navigate the complex attack landscape that keeps changing. This training would come in handy, especially for remote workers who are more prone to phishing attacks . ~ Google Other brands used to target remote workers included sendgrid.net, which contributed to 10% of the phishing attacks. Mailchimp.com and formcrafts.com accounted for 4% and 2%, respectively. Barracuda Networks senior product marketing manager for email, Olseia Klevchuk, said cybercriminals prefer to use Google’s services because they are more accessible and are free to use, thus allowing them to create multiple accounts. She added that the methods that criminals use, such as sending a phishing email with a link to a legitimate site, make it harder to detect these forms of phishing attacks. Steve Peake, the UK systems engineer for Barracuda Networks, says brand-impersonation spear phishing attacks formed a popular and successful method of harvesting a user’s login credentials. With more people than ever working from home, cybercriminals found an opportunity to flood people’s inboxes with phishing emails. With the advancement of the attacks in recent times, now hackers can even create an online phishing form or page using the guise of legitimate services to trick unsuspecting users. Criminals impersonate legitimate sites by creating emails that appear to have been generated automatically by file-sharing sites such as Google Drive or OneDrive. Many attackers know that if they want to attack someone specific, it’s more likely to succeed if their initial attacks lands in a target’s email box late at night or early in the morning when they’re not as focused, and when the attacker can most convincingly pretend to be someone else. The criminals then redirect the remote workers to a phishing site through a file stored on the file-sharing site. These phishing sites then request the users to provide login details to access the content. To create data forms resembling login pages, criminals are using online forms services provided by companies such as forms.office.com, and send these forms to unsuspecting users. These services trick many users because they reside on the official companies’ domain and hence appear trustworthy. Most users do not realize that companies do not use these domains for login or password recovery. For example, Google does not ask users to log in through docs.google.com but instead uses account.google.com for authentication. For an ordinary user, the difference is too subtle to raise any suspicions. Hackers have also applied non-password methods to access user accounts. Users are requested to accept app permission for rogue apps after logging in through legitimate sites. By granting these permissions, the users give the hackers their accounts’ access token, thus allowing them to log in at will. These attacks cannot be prevented by enabling two-factor authentication because the apps are given long-term access to the account. They also remain unnoticed for a long time because users forget which apps they have granted permissions to access their accounts. Users should be vigilant in detecting suspicious activities on their accounts. Most accounts provide an account history that allows users to view the time and location their accounts were accessed from. Read more: SECURITYSCORECARD REVAMPS ITS CYBERSECURITY RISK MANAGEMENT PRODUCT AMIDST GLOBAL SHIFT TO REMOTE WORK

Read More

Spotlight

Banking Cybersecurity is Just a Technology Issue Banks are in cyber attackers’ crosshairs. And now, there are even more risks to manage as the Internet of Things spans new organizations, services and data sources. Fewer than of banking execs indicate their organization will increase investment in crisis readiness in 2016. The Threat Gap that exists between investments in technology, people, and processes to mitigate emerging threats continues to widen. Meeting these challenges means creating a new mindset — and skill set.