IT Security Certification Roadmap charting security implementation, architecture, management, analysis, offensive, and defensive operation certifications.
Farid Mheirs insight:
WHY IT MATTERS: cyber security is more important than never yet the field is huge and requires a lot of knowledge, as evidenced by this list of 366 security certifications.
The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts.
Farid Mheirs insight:
WHY IT MATTERS: all projects I work on is very concerned about privacy, especially when it comes to email communications. But if the computer systems that store the info are not secured, what's the point? Why do we even bother to accept cookies left and right when the info gets collected and stored in systems that can be breached. This subject needs to be raised to the top of the priority list in organization and this means $$$ and delays....
Parler lacked the most basic security measures that would have prevented the automated scraping of the site's data. It even ordered its posts by number in the site's URLs, so that anyone could have easily, programmatically downloaded the site's millions of posts. Parler's cardinal security sin is known as an insecure direct object reference,
Farid Mheirs insight:
WHY IT MATTERS: security has become central in our age of digital transformation. Yet, it seems, most people are either unaware of basic security principles, or not willing to invest time or money to do it. And I am not even talking of doing it *well*. Just implementing proper security measure. In this case it affect Parler, which in itself I don't much care about (they deserve it for such a stupid mistake). But their lack of security impacts their users privacy as well. And that includes potentially millions of people (in the photo, 68000 video have been geolocated - too bad for keeping your anonymity ;-)
The Falcon OverWatch managed threat hunting team and the CrowdStrike Services team present selected analysis that highlights the most significant events and trends in the past year of cyber threat activity. This analysis demonstrates how threat intelligence and proactive hunting can provide a deeper understanding of the motives, objectives and activities of these actors — information that can empower swift proactive countermeasures to better defend your valuable data now and in the future.
Farid Mheirs insight:
WHY IT MATTERS: until the 2021 report is released, the 2020 report will do to understand the cybercriminality at the world level. I'd love to read a report but from Russia's or China's viewpoint though...
MITRE started ATT&CK in 2013 to document common tactics, techniques, and procedures (TTPs) that advanced persistent threats use against Windows enterprise networks. ATT&CK was created out of a need to document adversary behaviors for use within a MITRE research project called FMX.
Farid Mheirs insight:
WHY IT MATTERS: this very complete frameworks provides a great reference to understand the tactics of cyber threats and possible solutions.
Global boardroom awareness of the increased scale and sophistication of cyberattacks, and their financial and reputational impact, has skyrocketed. To improve response and recovery, security and risk management leaders must align business continuity management with cybersecurity incident response.
Farid Mheirs insight:
WHY IT MATTERS: a good overview of what to do when you suffer a cyber attack.
A billion people in the world have no legal identity. Without an ID they can’t open a bank account, get a loan, or even vote. Now a tech entrepreneur has come up with an answer.
Farid Mheirs insight:
WHY IT MATTERS: an amazing article from WEF about how important digital identity is. The diagram is also a great summary of the potential use cases for digital IDs. In short: its way more than a digital version of your passport.
As remote work increases access management tool adoption, and security controls shift to identity, the ability to secure access with AM strategies aligned with continuous adaptive risk and trust assessment is paramount. Cost optimization for IT spending (e.g., AM) will also increase during 2021.
Farid Mheirs insight:
WHY IT MATTERS: as with most quadrants, the most interesting elements lie in the market definition and overview sections, not in the quadrant or ratings themselves. Notable in this quadrant is the fact that Amazon AWS, Salesforce and Google solutions have been excluded, as I assume they would be in top quadrant.
Interestingly, companies continue their move to SaaS solutions (no surprise) and focus on cost-reduction instead of customer satisfaction (weird, no?).
PayPal is an international payment system. PayPal is a global service that moves the payment amount from your credit card to the merchant without sharing your financial information. We sell the best and fully verified PayPal accounts that will help you in finding solutions to your current problems. This account is verified by credit card and Bank. Remember: card and bank verification takes time.
The purpose of the PCTF Authentication Component is to assure the on-going integrity of login and authentication processes by certifying, through a process of assessment, that they comply with standardized Conformance Criteria.Click here to edit the content
Farid Mheirs insight:
WHY IT MATTERS: geek must-read just off the press is the framework to enable the Canadian digital ID.
Girish Balakrishnan, Netflix's director of virtual production, says the workflow using Unreal offers "the ability to connect a DP in New York with VFX artists in London, a director in Los Angeles with an art department in Japan, and performance-capture talent with in-house animation supervisors." The goal is to streamline production across continents "while talent safely works from home."
Farid Mheirs insight:
WHY IT MATTERS: movie production is going digital real fast enabling distributed teams to work collaboratively. Will this mean that the production of hyper realistic fake videos will become easier to produce. One may think so :-(
Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags.
Farid Mheirs insight:
WHY IT MATTERS: very interesting article that reviews the different websites and systems where everyone should claim its spot. Financial, government and others are reviewed. I would add the "social media" category in the list: facebook, linkedIn instagram, etc.
We've reached the halfway mark of 2020, so it's a good time to take a look at the biggest data breaches of the year so far. And to clarify, when we say "big," we're talking about the importance of the story as much as the number of records exposed. Each of the data breaches on this list has something to teach businesses and consumers about how sensitive data is most likely to be exposed in 2020. (Credential stuffing is a major player, but don't count out the good old-fashioned human error!). Let's talk about 11 major breaches: what data was compromised, how it was exposed, and what we can learn from the story.
Farid Mheirs insight:
WHY IT MATTERS: every is working remotely and thus the potential for data breaches increases. This article highlights "how" the breach happened, which should provide good insights into the most common vulnerabilities...
The last few weeks, I've been spending my days helping victims recover from ransomware attacks. When doing this, restoration is the number one priority, and the motto becomes "as fast as you can". There have been some challenges along the way, and some "shocking" reveals when working with criminal software when expecting it to unlock your files. Here are some of the following use cases that Unit 221B encountered and the workarounds we applied to get a successful restoration.
Farid Mheirs insight:
WHY IT MATTERS: a geeky article about the sad fact that hackers often spend more time working on their ransomware tools than on the tools to decrypt your files once you've paid the ransom. These guys at @unit221b seem legit, as per Brian Krebs who IS legit.
Stay ahead of threats with the insights in the 2020 Data Breach Investigations Report (DBIR) from Verizon Enterprise Solutions. Read the official report now.
Farid Mheirs insight:
WHY IT MATTERS: the report is extensive and provides amazing insights into the most common security breaches. For example, the figure 22 shows that port 23 (telnet) and port 22 (SSH) remain most popular by far attack points. Many more insight in there...
Make no mistake, the knowledge of hacking is different from a hacker. A hacker is a person, not the skill. And the use of any knowledge is a personal choice and that choice isn’t universal. The same way some politicians are corrupt, some hackers are corrupt. The same way some politicians are good, some hackers are good also. You may be a Satoshi Nakamoto or an Albert Gonzalez, it is your choice. There is nothing wrong with the hacker knowledge. It is all about you. What You’ll Learn
Farid Mheirs insight:
WHY IT MATTERS: a nice reference on hackers and hacking along with a how-to guide if you want to get started! Digital transformation often requires a hacker's mindset to get around problems and think outside the box so this should be mandatory reading for anyone in the field! ;-)
In June of 2018, in the midst of all the other letters demanding that the company stop police use of Rekognition, Raji and Buolamwini expanded the Gender Shades audit to encompass its performance. The results, published half a year later in a peer-reviewed paper, once again found huge technical inaccuracies. Rekognition was classifying the gender of dark-skinned women 31.4 percentage points less accurately than that of light-skinned men.
Farid Mheirs insight:
WHY IT MATTERS: this article presents detailed numbers and references that show facial recognition is not accurate for dark skinned persons and that Amazon technology called rekognition is in use by law enforcement via ring doorbells...
Proof-of-concept shows how easy it may be to hide malicious chips inside IT equipment.
Farid Mheirs insight:
WHY IT MATTERS: not very surprising that this exists. Snowden has shown that USA has been doing this to spy and thus expects China is doing the same in the 5G networking equipment. I say they probably all are doing it. One more argument in favor of strong encryption everywhere.
Most cyber attacks and data breaches remain the result of weak passwords. So, why are we still using them?
Farid Mheirs insight:
WHY IT MATTERS: I've been writing about this since the beginning of this blog and 7 years later I feel the need to remind everyone to use a password generator at home and at work. This is even more important as remote work means we will connect remotely to many more systems in the future.
The cybersecurity skills gap has been plaguing enterprises for years—but despite garnering much discussion and media coverage, little progress is being made.
State of Cybersecurity 2020 looks at questions such as:
How long does it take to fill a cybersecurity role with a qualified candidate?
What percentage of cybersecurity candidates are qualified for the role?
Is retention improving or worsening?
Which cybersecurity skills are in the highest demand?
Are HR teams informed partners in the search for qualified cybersecurity candidates?
Are cybersecurity teams becoming more gender-balanced, and are diversity programs doing enough to help?
What can companies do to staff up more quickly and find better-qualified candidates?
Farid Mheirs insight:
WHY IT MATTERS: this in depth study shows that cybersecurity issues in organizations stem from lack of skilled resources. With covid and remote work on the rise, the importance of cybersecurity is higher than it has ever been.
Attackers look for the path of least resistance. Recently, that path has shifted from enterprise networks to you and your devices for two reasons. First, as we have built more secure software and systems, it has made it harder to …
Farid Mheirs insight:
WHY IT MATTERS: those 16 recommendations are straightforward (patch your shit), easy to understand (do not reuse passwords) but in some case they can have major impact on your experience (turning off javascript in browser). Nonetheless, good to know what you need to do - and maybe realize what you are not doing...
Every year, millions of fraudulent web domains are registered by threat actors looking to impersonate trusted brands. Using these domains, they launch phishing attacks or other scams.
What are the latest trends around fraudulent domains, and how can you protect your organization?
Download the report now to learn:
How threat actors create fraudulent domains
What characterizes fraudulent and legitimate domains
Which keywords and top-level domains (TLD) are trending
How fraudulent domains use email to launch attacks
Farid Mheirs insight:
WHY IT MATTERS: there are 350 million top level domain names - TLDNs - from google.com to fmcs.digital. This report provides a set of data about TLDNs and how they are used for fraud. A bit geeky but very interesting read.
In 2018 I somewhat innocently bought very expensive coffee (Nespresso capsules) online from Ebay. What followed was a series of unexpected additional packages from the manufacturer Nespresso and a lurking suspicion that something had gone terribly--if not criminally--wrong as a result of my purchase. This talk chronicles the obnoxious amounts of obsessive research and tracking that became my new hobby--stalking Nespresso fraudsters and my decidedly non-technical attempts at developing a generic search profile and reporting the fraudsters to anyone who would listen, to include : the persons whose identities had been stolen, Nespresso, Ebay, and the FBI. Ultimately I just ended up with a LOT of coffee; a lingering sense that I had committed several crimes; and no faith left in humanity.
Farid Mheirs insight:
WHY IT MATTERS: a short and entertaining video on triangulation fraud in eCommerce websites. If you buy online listen to this. If you sell online, this is the kind of crap you have to deal with.
In 2019, we saw phishing attacks reach new levels of creativity and sophistication.
Farid Mheirs insight:
WHY IT MATTERS : the chart says it all: to protect your systems you must ensure your employees are properly trained on phishing schemes. Software solutions can help but HUMANS are the weak link in cybersecurity.
Based on an analysis of more than 5 billion daily emails, 200 million social media accounts, and 250,000 daily malware samples, we found that a small subset of individuals with high levels of access or privilege continue to receive the majority of targeted attacks.
Highlights include:
Among the most targeted malware and credential phishing attacks, nearly 30% targeted generic email aliases
Individual contributors and lower level management accounted for 72% of highly targeted malware and phishing attacks
Web-based attacks that use social engineering grew 150% vs. the previous quarter
Farid Mheirs insight:
WHY IT MATTERS: Protection from email phishing often warrants solutions that are not technology based but rather focus on the weak link in the equation: humans - this report provides some data and possible actions that should be taken.
Sharing your scoops to your social media accounts is a must to distribute your curated content. Not only will it drive traffic and leads through your content, but it will help show your expertise with your followers.
Integrating your curated content to your website or blog will allow you to increase your website visitors’ engagement, boost SEO and acquire new visitors. By redirecting your social media traffic to your website, Scoop.it will also help you generate more qualified traffic and leads from your curation work.
Distributing your curated content through a newsletter is a great way to nurture and engage your email subscribers will developing your traffic and visibility.
Creating engaging newsletters with your curated content is really easy.
To get content containing either thought or leadership enter:
To get content containing both thought and leadership enter:
To get content containing the expression thought leadership enter:
You can enter several keywords and you can refine them whenever you want. Our suggestion engine uses more signals but entering a few keywords here will rapidly give you great content to curate.
WHY IT MATTERS: cyber security is more important than never yet the field is huge and requires a lot of knowledge, as evidenced by this list of 366 security certifications.