Learn CyberSecurity through playing Games
You got it right, learn cybersecurity offensive and defensive techniques by playing games.
“Cyber competitions are a fundamental element of developing the next generation of cybersecurity talent. Games help motivate the future workforce, and keep the current workforce sharp, maintaining a thriving community of cybersecurity professionals,” CISA Director Jen Easterly said in a press release. “While certifications and apprenticeships are important training instruments, games provide a safe and legal venue to practice offensive and defensive techniques in a real-world environment.”
continue reading: https://www.meritalk.com/articles/cisa-to-sponsor-inaugural-u-s-cyber-team-at-the-international-cybersecurity-challenge/
Schools Will Have to Step It Up, Pay More to Get Cyberinsurance
“Last year saw alarming growth in the number of cyberattacks targeting U.S. school districts, and the costs of ransomware attacks continued climbing as well. As a result, cyberinsurance premiums are expected to skyrocket this year as insurers crack down on the amount of risk they’ll accept — and they’re starting to require organizations requesting a quote to prove that their network security is in tip-top shape, industry experts said.”
continue reading: https://thejournal.com/articles/2022/02/04/schools-are-facing-skyrocketing-cyberinsurance-premiums-this-year.aspx
Lessons learned from Ireland’s health service cyberattack
“The Health Sector Cybersecurity Coordination Center (HC3) encouraged US healthcare organizations to learn from the large-scale May 2021 cyberattack against the Ireland Health Service Executive (HSE) that immobilized the country’s health IT systems and cost hundreds of millions of dollars in recovery efforts.
In a recent brief, HC3 took stock of the numerous lessons learned from the HSE cyberattack that began on May 14, 2021. It continued to cause nationwide IT outages, EHR downtime, health data exposure, and appointment cancellations across Ireland’s publicly funded healthcare system for more than four months.”
continue reading: https://healthitsecurity.com/news/ireland-hse-cyberattack-is-a-cautionary-tale-for-us-healthcare-orgs
Critical RCE Flaws in PHP Everywhere WordPress Plugin Affect Thousands of Sites
If you are using this plugin, there is no reason to delay applying your security patch.
“On January 4, 2022, the Wordfence Threat Intelligence team began the responsible disclosure process for several Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin installed on over 30,000 websites. One of these vulnerabilities allowed any authenticated user of any level, even subscribers and customers, to execute code on a site with the plugin installed.” reads the advisory published by Wordfence. “As the vulnerabilities were of critical severity, we contacted the WordPress plugin repository with our disclosure in addition to initiating outreach to the plugin author.”
continue reading: https://securityaffairs.co/wordpress/127848/hacking/rce-php-everywhere-wordpress-plugin.html
Russia Cracks Down on 4 Dark Web Marketplaces for Stolen Credit Cards
Not a typo, Russia crack down dark web marketplaces for stolen credit cards.
“A special law enforcement operation undertaken by Russia has led to the seizure and shutdown of four online bazaars that specialized in the theft and sales of stolen credit cards, as the government continues to take active measures against harboring cybercriminals on its territory.
To that end, the domains operated by the card fraud forms and marketplaces, Ferum Shop, Sky-Fraud, Trump’s Dumps, and UAS, were confiscated and plastered with a banner that warned “theft of funds from bank cards is illegal.” Also embedded into the HTML source code was a message asking, “Which one of you is next?””
continue reading: https://thehackernews.com/2022/02/russia-cracks-down-on-4-dark-web.html
Microsoft Will Block Macros by Default from Internet Downloads
Microsoft should done it a long time ago to minimize risk from malicious users. Never too late.
“Microsoft will make it even more difficult to download and run malicious Office documents from the internet, the company announced this week. It’s a change welcomed by security pros.
Office macros, which provide programming functions for use in common workplace documents, have been a launching pad for malicious actors since the Clinton administration. The Concept Virus first appeared in 1995. Nearly thirty years later, it is still a problem, despite Microsoft’s previous efforts to curb adversarial use.”
continue reading: https://www.scmagazine.com/analysis/application-security/microsoft-will-block-macros-by-default-from-internet-downloads
Linux Malware on the Rise
Not surprise, it is just a matter of time some malicious users will create something special dedicated for Linux, and it start now.
“With Linux frequently used as the basis for cloud services, virtual-machine hosts, and container-based infrastructure, attackers have increasingly targeted Linux environments with sophisticated exploits and malware.
New analysis, based on telemetry collected from attacks on VMware customers, shows an increasing number of ransomware programs targeting Linux hosts to infect virtual-machine images or containers; more use of cryptojacking to monetize illicit access; and more than 14,000 instances of Cobalt Strike — 56% of which are pirated copies used by criminals or thrifty companies that have not bought licenses. The red-team tool has become so popular as a way to manage compromised machines that underground developers created their own protocol-compatible version of the Windows program for Linux, VMware states in a newly released report”
continue reading: https://www.darkreading.com/cloud/linux-malware-on-the-rise-including-illicit-use-of-cobalt-strike
Read more Cyber Security news: https://que.com/tag/cybersecurity