CompTIA Expands its Certification Program

Posted in Commentary with tags on March 1, 2022 by itnerd

CompTIA, the leading provider of vendor-neutral skills certifications and education for technology workers, this week expanded its credentialing program into the data skills arena with the introduction of CompTIA Data+.

CompTIA Data+ is a data analytics certification for professionals tasked with developing and promoting data-driven business decision-making. It validates the ability to mine, analyze and interpret data in a clear, consistent way that produces insightful observations about the business.

For employers, CompTIA Data+ can help them solve a problem common in many organizations – the inability to translate data into good decision making. Just one in four companies report being exactly where they want to be with their utilization of data, with the majority recognizing a need for improvement, according to a January 2022 CompTIA survey of 500 businesses on their data management and analysis practices and challenges.

Anyone working in a role that analyzes business-specific data, provides management with data analytics on business functions, or analyzes and monitors dashboards, results and trends can benefit from becoming CompTIA Data+ certified. Its value extends well beyond the IT team to employees in finance, marketing, manufacturing, operations, sales and other departments tasked with data responsibilities.

The drive toward making greater use of data in decision making impacts both external initiatives and internal operations. In the CompTIA survey 60% of companies said they have increased their focus on data to understand customers better, and 53% are doing so to improve day-to-day operations.

For individuals currently in a job role with data duties, or those ready to join the workforce, CompTIA Data+ training and certification will help them better understand how to organize, mine and analyze data. Mastery of these concepts through learning and validation through certification demonstrates to current and future employers that they have the knowledge and ability to interpret insights from data and communicate those insights in a way that helps the organization.

Accompanying the release of the new exam is the availability of a comprehensive selection of related CompTIA CertMaster learning and exam preparation resources, including:

  • CertMaster Learn™ for Data+, a comprehensive, interactive and self-paced eLearning solution.
  • CompTIA Labs™ for Data+, hands-on lab simulations to build knowledge and skills.
  • CertMaster Practice™ for Data+, an adaptive online companion tool that assesses knowledge and exam readiness.
  • Study guides for Data+ for those who prefer traditional textbook style learning.

CompTIA Data+ is the first of four planned data-related certifications that CompTIA intends to develop. Future certifications will focus on data science (CompTIA DataSci+), systems (CompTIA DataSys+) and foundational knowledge (CompTIA Data Foundations). Complete details on CompTIA Data+ are available at https://www.comptia.org/certifications/data.

Leave a comment »

NVIDIA Strikes Back At The Hackers Who Hacked Them

Posted in Commentary with tags , on March 1, 2022 by itnerd

According to Vx-underground on Twitter, NVIDIA, which was the victim of an epic cyberattack last week, has reportedly retaliated against the hacker group that attacked them by hacking them:

The interesting part of the incident is that the group has reportedly made a copy of the stolen data on a virtual-machine environment, which implies that this counter-attack was not be successful. But it’s interesting that NVIDIA decided to go this route as opposed to engaging law enforcement.

LAPSU$ made the news recently for pwning a TV network in Portugal. They’re apparently based in South America and is well known in the ransomware community. And clearly this ransomware group takes steps to protect themselves that companies should be taking to avoid getting pwned. Such as making backups.

Mark my words. This is not over. There’s going to be more coming from this story.

UPDATE: Here’s some more info. NVIDIA has spoken. While they haven’t commented on attacking LAPSU$, they did say that the attack leaked employee credentials and some company proprietary information online after their systems were breached.

“We have no evidence of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict,” the company’s spokesperson said in a statement. The Santa Clara, California-based company said it became aware of the breach on Feb. 23. Nvidia added it was working to analyze the information that has been leaked and does not anticipate any disruption to the company’s business. A ransomware outfit under the name “Lapsus$” has reportedly claimed to be responsible for the leak and seemingly has information about the schematics, drivers and firmware, among other data, about the graphics chips.

UPDATE #2: Dr. Saumitra Das, CTO and Co-Founder, Blue Hexagon had this to say:

“This is typical of ransomware gangs nowadays where they can still cause brand damage and steal IP without actually deploying the final ransomware payloads. Double and triple extortion are all part of the current playbook for these attackers. In this case, it appears that the group claims to have been able to steal IP without encrypting data. There is always a tradeoff for the attackers between encrypting data and stealing data because encryption and deletion can trigger alarms at organizations with mature security programs and take away the leverage from the attackers.”

Leave a comment »

Guest Post: Top Children’s Game Leaves Kids Vulnerable To Phishing Attacks

Posted in Commentary with tags on February 28, 2022 by itnerd

By: Hank Schless, Senior Manager of Security Solutions at Lookout

During the holiday’s smartphones and tablets are a top present for children. While the devices are a welcome addition to a child’s life, a lack of supervision can make them vulnerable to risks. 

One new game growing increasingly popular is Roblox whose main audience is children between the ages of nine and 12. While the game is designed to enable users to create and play games together, it’s popularity has also attracted scammers looking to trick players out of their money or the content they created, via phishing attacks. 

Over three in five children have access to the internet, and they spend over 45 hours per week online on games like Roblox, making it difficult for parents to monitor them.  Since it is difficult to constantly observe kids while they play online, it is important to educate them on how to stay safe. Lookout, the leader in delivering integrated Security, Privacy, and Identity Theft Protection solutions, has shared tips on how to keep your children safe.

Tips For Online Child Safety: 

Educate your children about online privacy and safety best practices 

  • Talk to your children about the risks of revealing personal information, such as address, phone number, school name, location and photos online and encourage them to never share passwords to any of their accounts.
  • Let your children know to notify you with reports of any concerning content or interactions online. Most platforms have ways to block or report inappropriate content or behavior.

Consider implementing parental controls

  • You can set Parental Controls to help manage what sites and information your children have access to on the Internet. Many operating systems have child-safety tools built into major operating systems such as Apple and Google
  • You can also set up permissions and controls via your internet provider, to help you control the type of content that is delivered via your home WiFi network. 

Protect your children’s online experience & device with security protection 

  • Across social media, text messages, emails, and apps – phishing scams are on the rise. On average, 50% of people will encounter an unsafe link on their device in a three month period. 
  • It’s important to educate your children about online scams & run security protection – like Lookout Security – that will scan every link your child clicks online to ensure it is safe, and block risky websites or scams before they can do harm. 

Leave a comment »

Toyota Gets Pwned By Hackers After Japan Joins Sanctions Against Russia

Posted in Commentary with tags , on February 28, 2022 by itnerd

Well, this is very coincidental.

Reuters has reported that Toyota has suspends domestic factory operations after suspected cyber attack.

Toyota Motor Corp said it will suspend domestic factory operations on Tuesday, losing around 13,000 cars of output, after a supplier of plastic parts and electronic components was hit by a suspected cyber attack.

No information was immediately available about who was behind the possible attack or the motive. The attack comes just after Japan joined Western allies in clamping down on Russia after it invaded Ukraine, although it was not clear if the attack was at all related.

Saryu Nayyar, CEO and Founder, Gurucul had this to say:

“Revenge based cyber attacks are nothing new, but we continue to see nation state attacks, if indeed Russia is the culprit, gain momentum beyond intellectual property theft to be used to actively disrupt infrastructure and economies. Russia especially has been at the forefront of using advanced threat tactics and both internal and external threat actors to further its political objectives. However, the reality that organizations face is that Russian interests extend to foreign businesses and they must take steps to improve their threat detection and response programs. Simply hardening defenses is not enough as these groups are mostly able to circumvent the perimeter and implant themselves successfully. Organizations need to look at advanced analytics, non-rule-based analytics and automation that is targeted and high-fidelity for faster detection, more context for investigations, and immediate response.”

This seems to me to be a case of cause and effect. As in Japan joins western allies in going after Russia. And then shortly afterwards one of the biggest and well known companies in Japan gets pwned by hackers. Which really makes Russia linked hackers the likely instigators of this. Yes, that hasn’t been proven yet. But there’s a lot of eyeballs on this, which means that if proof exists it will be found. And hopefully Russia is made to pay.

Leave a comment »

The Conti Ransomware Group Slides Into Disorder

Posted in Commentary with tags , on February 28, 2022 by itnerd

From the “I did not have this on my apocalypse BINGO card” comes the news that Conti Ransomware Group which has Russian ties has fractured because of the Russian/Ukraine war. Here’s the details:

As Reuters reported on Friday, the gang known as the Conti group, announced its full support for the Russian government and Putin’s actions in a blog post last week. The post also carried a warning, “If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy.”

As The Record reports, clearly not everyone in the gang is happy with the pro-Russian stance and one member decided to retaliate by leaking 339 files containing internal chats the gang had between Jan. 29, 2021 and Feb 27, 2022. In the email containing the files, the leaker commented, “We promise it is very interesting.” The identity of the person leaking the chats is unknown, but is obviously thought to be of Ukranian origin. 

Such a large amount of information is going to take some time to process, but the authenticity of the files has already been confirmed by Dmitry Smilyanets, a cyber threat intelligence analyst at Recorded Future. 

This is intelligence gold if you are part of the fight against them. Conti is one of the most prolific ransomware groups around. And if this creates an environment where these threat actors can be hunted down and brought to justice, or their attacks are made to be far less effective, then it’s a good day for all of us.

UPDATE: Chris Olson, CEO, The Media Trust had this to say:

“The Conti gang threat is credible, and confirms an operational assumption already adopted by U.S intelligence officials: the Russian-Ukrainian conflict will have many cyber casualties in both the public and private sector.”

“Thanks to the number of digital channels in use by modern organizations, compromising critical infrastructure is a task within reach of even low-skill cyber actors. For instance, attackers can exploit the digital advertising ecosystem to target specific organizations and executives with a malicious campaign that installs a backdoor for future attacks.”

“The stakes are high, and there’s no place for complacency. Organizations should act quickly to secure any channels that could compromise their data or business functions, including Web and mobile surfaces.”

2 Comments »

Life360 Says Tile Sales Are Down…. But It’s Apple’s Fault

Posted in Commentary with tags on February 28, 2022 by itnerd

Here’s a new one. Life 360 who now owns the Tile Bluetooth trackers say that sales are down, and their stock value has fallen. But it’s all Apple’s fault because of the fact that AirTags can be used to stalk people. This is what Life 360 CEO Chris Hull said:

“We’re watching the privacy concerns relating to Apple AirTags and stalking risks,” Hull told investors on a call on Thursday.

“The scrutiny Apple is facing in the press is moderating growth of the category overall.”

While Hull was careful to point out the news does not change Life360’s ability to drive subscription growth through the Tile integration, he noted it could slow down the company’s hardware sales strategy and had in fact already hit Tile’s sales numbers.

“This may be a headwind for standalone hardware sales until the situation resolves and the category is able to more fully emerge,” he said.

I call BS on that because this is the same company that sells the precise location data of their customers as part of their business model. And when that came to light they had to alter what data they sold because of the blowback from the public. So perhaps the truth is that it’s not Apple’s fault, it’s the business model that is at fault. Because while Apple doesn’t disclose how many AirTags they sell, anecdotal evidence suggests that they are selling just fine unlike Tile trackers. So maybe Mr. Hull needs to get his house in order as clearly the purchase of Tile isn’t paying dividends.

Leave a comment »

Rogers And Telus Dump Russia TV From Their Channel Lineups [UPDATE: Shaw And Bell Too]

Posted in Commentary with tags , on February 28, 2022 by itnerd

I woke up this morning to a couple of interesting Tweets from Rogers and Telus:

Russia TV is a state owned TV network that has been accused of being a mouthpiece for the Russian government in the past. Thus clearly Rogers and Telus felt that Russia TV had no place as part of their TV offering. And whatever cash that they lose as a result of this is likely negligible. Interestingly, I did a search to see if Bell had done the same thing, and they haven’t. Or at least they haven’t announced it on Twitter. I am not sure if that’s because they were asleep at the switch, or if they don’t have Russia TV as part of their channel lineup. I’ll be keeping an eye on that. But in any case, dumping Russia TV is likely going to be marginally more effective at sending a message to Russia than suggestions of banning Russian Vodka.

UPDATE: Shaw has pulled Russia TV from their TV lineup as well:

And according to this, Bell has done the same thing.

Leave a comment »

Hackers Target Russia In Epic Fashion

Posted in Commentary with tags , on February 27, 2022 by itnerd

Reuters is reporting that the official website of the Kremlin has appears to have been pwned by hackers:

The official website of the Kremlin, the office of Russian President Vladimir Putin, kremlin.ru, was down on Saturday, following reports of denial of service (DDoS) attacks on various other Russian government and state media websites.

But it actually could be worse than that:

Ukraine’s state telecommunications agency announced on Saturday that six Russian government websites, inclduing the Kremlin’s, were down, according to The Kyiv Independent.

The agency also stated that the Russian media regulator’s website had gone down, and that hackers had got Russian TV channels to play the Ukrainian music.

This comes after calls for Ukraine based hackers to attack Russian IT infrastructure. And joining the fight is the hacker collective Anonymous who have called for attacks on Russia:

It seems that the war in cyberspace is on.

Leave a comment »

YouTube And Facebook Ban Russian Broadcaster RT From Making Money

Posted in Commentary with tags , on February 26, 2022 by itnerd

Things are escalating when it comes to companies banning anything related to Russia. The latest example is that state owned media outlet RT has been banned from making money from YouTube and Facebook:

Citing “extraordinary circumstances,” YouTube said that it was “pausing a number of channels’ ability to monetize on YouTube, including several Russian channels affiliated with recent sanctions” such as the European Union’s. Ad placement is largely controlled by YouTube.

The EU on Wednesday announced sanctions on individuals including Margarita Simonyan, whom it described as RT’s editor-in-chief and “a central figure” of Russian propaganda.

Videos from the affected channels also will come up less often in recommendations, YouTube spokesperson Farshad Shadloo said. He added that RT and several other channels would no longer be accessible in Ukraine due to a Ukrainian government request.

And:

Meta Platforms Inc, owner of Facebook, on Friday barred Russian state media from running ads or generating revenue from ads on its services anywhere in the world.

One thing that I will say it that this is about more than money. The fact that videos will be recommended less means that Russian propaganda won’t be seen as often. That’s going to hurt as well. Hopefully there are other ways that tech companies can hurt the Russians.

Leave a comment »

BREAKING: NVIDIA Hit By Major Cyberattack

Posted in Commentary with tags , on February 25, 2022 by itnerd

News is filtering out that NVIDIA who makes graphics chips for major PC companies among other things has been hit by a major cyberattack. The word on the street says that their business may have been partially or completely compromised as a result:

NVIDIA has seemingly been hit by a major cyberattack that may have completely compromised parts of its business, reports The Telegraph. In their exclusive report, The Telegraph reports that the cyberattack was initiated at the same time as the Russian cyber warfare division started their offensive against Ukraine. All Nato allies have announced major sanctions on Russia and this could potentially be why Russia has decided to target major companies such as NVIDIA. 

The report further states that the cyberattack on NVIDIA has completely compromised parts of their business and there are already reports from several users coming in regarding services disruption. The scale of this attack is currently unknown but it clearly seems to be a major one as NVIDIA had to take several systems offline to pacify the intrusion before it could spread further: “‘The ultimate concern is that somebody may have put something in one of the software updates,’ Dr Woodward said, pointing to the devastating SolarWinds hack that exploited American software companies to gain access to US government computer systems. ‘They’ll be going through trying to make sure to see if there’s any indication that anything has been changed in their software that they then shipped to their clients.'” NVIDIA’s mail servers were also partially operational during this time so it’s entirely likely that there might have been a breach in confidential documents. But it is not confirmed yet if any data was stolen.

This is far from trivial. If the threat actors, which at this point appears to be Russia, slipped something into software updates such as graphic card driver updates, then this could become a massive supply chain attack that could affect tens of thousands of users. If the threat actors stole anything, that could really hurt NVIDIA’s business in the long term.

My question is, will this prompt retaliation from the US and other allies? We’ll have to watch and see.

1 Comment »

« Older Entries
Newer Entries »