• News

California Cyber News

Innovations in Cybersecurity Education:
We talked about it for months, but WOW what a mega success. The second annual Innovations in Cybersecurity Education awards program resulted in a glorious 73-page booklet chock full of innovations ready for you to integrate into your cybersecurity classrooms! They include tried and true techniques in areas of curriculum, faculty development, lab activity, local partnerships, and student-aided learning. This handy publication is available for free to National CyberWatch Center academic members.

Read more: In case you missed 3CS this year, here's the lowdown!

Originally Posted On: paymentsjournal.comaymentsjournal.com

127 million smart home units are expected to be sold in the US in 2018, with the global smart home market expected to be worth $53.45 billion by 2022. With 55% of smart device owners in the dark about how they actually work, could those who bought second-hand smart home devices be welcoming a threat to their families into their homes?

Internet security experts vpnMentor have utilised a team of ethical hackers to uncover the most hackable smart home devices including the first-generation Amazon Echo, a Samsung Smart Camera and the first-generation Ring Smart Doorbell.

Read more: The Unwanted Visitors You’re Letting Into Your Home: How Second-hand Smart Home Technology is...

Originally Posted On: zdnet.comdnet.com

California IoT security bill criticized by security researcher. Expert says bill "is based upon an obviously superficial understanding of the problem."

The first Internet of Things (IoT) security bill in the US has been approved in California at the end of August and has now reached the Governor's desk to be signed into law.

The bill, SB-327, was introduced in February 2017 and was the first legislation of its kind in the US.

It even predated by almost six months the Internet of Things Cybersecurity Improvement Act of 2017, a bill introduced in the US Senate by Sen. Mark Warner [D-VA].

But while dust gathered on Sen. Warner's proposal to secure IoT devices across the US, the California bill saw active discussions and was approved on the California Assembly and Senate floors on August 28, and 29, respectively.

Read more: First IoT security bill reaches governor's desk in California

Originally Posted On: certmag.com

We’ve all heard of the Catch-22 phrase, “In order to get experience I need a job, and in order to get a job, I need experience.” Liz Ryan, noted author of Reinvention Roadmap, and a contributor to Forbes Magazine described this as a “membrane that seems to be thick and impenetrable, but once you get a foot inside you will see that it’s not(.)” Ryan identifies the importance of getting involved in “networking events whenever you get a chance … Start to form relationships with business people in your area.”[1]

For cybersecurity students with professional ambitions, the term “business people” can be substituted with IT and cybersecurity professionals. As both an educator and cybersecurity professional, I’ve been in a position of teaching and mentoring a large number of students over the years, with the express goal of creating great taxpayers. In order to achieve this goal, educators need to focus on key competencies that students need to succeed in these job roles. Those competencies are:

Read more: A pathway for cybersecurity students to become cybersecurity professionals

Dan MansonDan Manson saw for the vision of what cybersecurity education could become long before many people even knew what cybersecurity was. 

Over the past 20 years, he’s helped expand cyber competitions across California while serving as a professor and chair of the Computer Information Systems department at Cal Poly Pomona. After seeing so much success in California, he’s ready to do the same thing in Nevada, where he now lives.

“California has gone so far down the road that they don’t need me,” Manson said. “There are other places that aren’t very far down that road where I can still have an impact.”

Manson joined the cybersecurity world in 2001 after hearing about a Department of Education grant aimed at improving campus cybersecurity. He thought that there might be an opportunity for faculty to become involved and — as he’s done many times throughout his career — invited himself to the meetings to learn more about it.

That grant lead to two $900,000 NSF Advanced Technical Education grants, one in 2003 and one in 2007. Those funds were aimed at workforce development and allowed Manson to begin building partnerships with other colleges that have only grown stronger over time.

In addition, Manson led the effort for Cal Poly Pomona to be designated a National Center of Academic Excellence in Information Assurance Education in 2005, 2008 and 2014. 

Read more: Cyber Hero Dan Manson accepts a new challenge after decades as a leader in California

Original article posted on informationweek.com

2018's bullish economy is reflected in venture capital and private equity investments. Software drives the majority of deals since software powers just about everything now. Here's where the money is flowing and why.

2018 is a strong economic year, as reflected in venture capital and private equity investments. According to the 2Q Pitchbook-National Venture Capital Association (NVCA) Venture Monitor, $57.5 billion was invested in U.S. VC-backed companies in the second quarter. Ninety-four of the financings involved at least $100 million and 42 unicorns closed deals with valuations of at least $1 billion.

"To say capital availability is high would be putting the true state of the US VC industry lightly," the report says.

In the first half of 2018, software represented 43% of venture capital deals and 11.9% of private equity (PE) buyouts, according to Pitchbook. It expects more PE to flow to VC-backed companies in the forms of buyouts and growth rounds.

Read more: VC Investments Confirm: It's a Software Kind of World

Originally posted on courses.certification.comptia.org/a-on-ramp

You're ready to get certified, we're ready to help. Sign-up today for free certification advice!

Register today for CompTIA A+ On-Ramp, our online course designed to simplify the certification process.  CompTIA A+ On-Ramp includes three classes (only 10 to 14 minutes each). Each class is recorded and available online, anytime, on your computer or mobile device. Watch them at your convenience.

Read more: How to get A+ certified

Original article posted on indivigital.com

According to security firm Sucuri, the alleged "main contributors" to the spread of the infection are the tagDiv Newspaper theme and the Ultimate Member Plugin. Conservative estimates suggest the malware has infected at least 2,200 websites.

At least 2,200 WordPress websites have been infected by new malware that maliciously redirects visitors to third party websites to mislead them into accepting requests for browser notifications, according to a post published by cyber security firm Sucuri.

The malicious redirects send users to various URLs on the domain utroro.com, at which point they are seemingly served browser notification opt-ins masquerading as reCAPTCHA images.

Read more: Thousands of WordPress websites infected by new malware that maliciously redirects unsuspecting...

Original article posted on datadriveninvestor.com

Avoid Being Tricked By The Automated Army Of Hackers

Part I: Identifying the Problem

“Phishing” is the practice of fooling unsuspecting people into voluntarily giving away their most sensitive data—user names, passwords, social security number, birth dates, and more—by disguising their communication requests to look authentic. Given how easy it is to digitally copy a corporation’s official communication template, this problem is actually far worse than you could ever imagine. Hackers leverage the power of computers to automate sending phishing scams. Hundreds of millions of phishing emails are sent every day for pennies and only a small percent need to work for the system to be rewarded. And rewarded it has been.

  • In 2016, 85 percent of all organizations had suffered phishing attacks and 30% of all phishing emails were opened.
  • In 2017, fake invoicing emails sky-rocketed, CEO fraud emails total $5 billion in losses, and phishing emails that targeted people filing their W-2 forms increased 870%.
  • In 2018, fake invoices becomes the #1 disguise for distributing malware, Dropbox phishing scams surge and DocuSign lures are the most effective.

Read more: Anatomy of a Phishing Scam

Original article posted on informationweek.com

Cybersecurity is more painful to manage as technology architectures become more complex. Simplify your approach by avoiding these major security mistakes.

Effective cybersecurity is becoming a tougher problem as organizations embrace more types of devices and hardware. Protecting organizations requires more than tools, which companies tend to learn the hard way. Granted, as the technology stack changes, new cybersecurity tools become necessary. However, the problem has become so complex that no organization can afford all the tools, all the people, and all of the other resources it would need to protect itself against everything.

"You need to take a risk-based approach to security," said Garrett Bekker, principal analyst, Information Security at 451 Research. "You have to figure out what is an acceptable level of risk, which is easier said than done."

Read more: Top Security Mistakes Putting Your Company at Risk

Over the past three months, Irvin Lemus logged more than 7,000 miles and 70 hours on the road. He wasn’t taking a summer vacation road trip — he was checking in on more than 1,000 students who participated in 29 cyber camps throughout the Bay Area.

The 28 Bay Region community colleges voted overwhelmingly to support the summer CyberCamp program over the past two summers. Strong Workforce Program Regional Funding was dedicated to this effort. 

Lemus is the cybersecurity instructor at Cabrillo College and the Bay Area Cyber Competitions Regional Coordinator for the Western Academy Support and Training Center. In that role, he’s built the Bay Area Cyber Competitions program from the ground up and said he does not plan to stop any time soon.

Read more: Bay Area Cyber Camps Wrap Up Another Successful Summer

The state wants to add every city and county government to its automated threat feed program in the next three to four years.

The California Cybersecurity Integration Center alerted its partners to the Thomas Fire along Interstate 5, before the largest wildfire in the state’s modern history was phoned in last December.

Someone had taken to Twitter to first report the blaze, and Cal-CSIC’s media scrapers—which plug into its automated threat feed—noticed.

Cal-CSIC, pronounced “cal-sick,” was created by Gov. Jerry Brown’s executive order in August 2015 to prioritize cyber threats to public sector agencies and expand into the private sector.

Read more: How California Is Improving Cyber Threat Information Sharing

Study documents growing need for qualified cybersecurity workers in the marketplace.

Sacramento, Calif. – Today, the Governor’s Office of Business and Economic Development (GO-Biz), in conjunction with the Governor’s Office of Planning and Research (OPR), released the results of a California Cybersecurity Labor Market Analysis and Statewide Survey. This document details the findings of a study done by the California Community Colleges Centers of Excellence for Labor Market Research and demonstrates that there is much work to be done in order to adequately prepare Californians for the demands of the digital and cyber economy.

Conducted as part of the California Advanced Supply Chain Analysis & Diversification Effort (CASCADE) initiative funded by the U.S. Department of Defense, the study gathered information about workforce needs in California and the scope of training being provided by educational providers across the state. It found an alarming gap in the supply of qualified cybersecurity workers prepared to fill the 35,000 cybersecurity-related annual job openings that exist in California.

Read more: GO-Biz Releases Cybersecurity Labor Market Study

GenCyber Camp Brings Technology to Underserved Groups

Carrie Raleigh didn’t know the first thing about cybersecurity when she started working for the Girl Scouts of San Gorgonio Council. And, who could blame her? It’s a far cry from the things traditionally associated with the scouting program.

Over the past three years, Raleigh and colleague Knea Hawley brought the GenCyber program under the Girl Scouts umbrella and opened the doors for even more young women to learn about cybersecurity.

“I’ve learned so much and it’s been an amazing journey. Now it’s one of those things I talk about all the time,” Raleigh said. “It’s been so eye opening to me realizing the potential in the field for these girls. We can connect them with the training they need for this large opportunity in front of them.”

GenCyber is a nationwide program with camps in nearly all 50 states. The San Bernardino camps were held June 18-22 at CSU San Bernardino. The program was funded by a National Science Foundation grant received by CSUSB that made it free to all attendees. CSUSB has invited the Girl Scouts of San Gorgonio Council to participate in their GenCyber camp since 2015.

Beyond learning the basics of cybersecurity, girls had the opportunity to meet with industry professionals from Google, Facebook and Bank of America just to name a few. While it took a lot of coordination from the GenCyber planning team, Raleigh said it was worth it for the students and the employers.

Read more: Cyber Heroes Carrie Raleigh and Knea Hawley Empower Middle and High School Girls Through...

Original article posted on CompTIA

Stackable certifications demonstrate that you’ve earned multiple CompTIA certifications and have the knowledge and experience needed to grow your IT career. They validate the skills of various IT roles and show a deeper mastery, opening up more job opportunities for you. Stackable certifications require active CE certifications. Good-for-life certification holders may earn these stackable certifications by re-certifying and validating that their skills are up to date.

Read more: Stackable Certifications

CompTIA Career Pathway

CompTIA certifications align with IT infrastructure and cybersecurity career paths, with each added certification representing a deepening of your expertise. Core certifications, like CompTIA A+, lay the groundwork for the specialized pathway certifications, and additional professional certifications cover necessary IT skills like project management.

For more information visit CompTIA IT Certifications

For the first time, DOJ describes how it will respond to influence plots like Russia’s interference in the 2016 presidential race.

Original article posted on Politico.com by ERIC GELLER 07/19/2018 08:57 PM EDT

“That policy reflects an effort to articulate neutral principles so that when the issue that the government confronted in 2016 arises again — as it surely will — there will be a framework to address it," said Deputy Attorney General Rod Rosenstein.

The Justice Department on Thursday issued a wide-ranging report (Cyber Digital Task Force) describing the cyber threats facing the United States and the department’s tactics for investigating, disrupting and deterring those risks.

Most significantly, the report contains the first public description of how the DOJ will assess and respond to foreign influence operations like Russia’s 2016 election meddling.

Read more: Justice Department unveils strategy to fight election meddling, cybercrime

Original article posted on ThreatPost.com

Two vulnerabilities were discovered on Dongguan Diqee-branded vacuum cleaners, Thursday.

Researchers have uncovered vulnerabilities in an connected vacuum cleaner lineup that could allow attackers to eavesdrop, perform video surveillance and steal private data from victims.

Two vulnerabilities were discovered in Dongguan Diqee 360 vacuum cleaners, which tout Wi-Fi capabilities, a webcam with night vision, and smartphone-controlled navigation controls. These would allow control over the device as well as the ability to intercept data on a home Wi-Fi network.

“Like any other IoT device, these robot vacuum cleaners could be marshaled into a botnet for DDoS attacks, but that’s not even the worst-case scenario, at least for owners,” Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies, said on Thursday.

Read more: IoT Robot Vacuum Vulnerabilities Let Hackers Spy on Victims

The first member of the Proton malware family?

Original article on SecureList By Mikhail Kuzin, Sergey Zelensky on July 20, 2018. 10:00 am

An interesting aspect of studying a particular piece of malware is tracing its evolution and observing how the creators gradually add new monetization or entrenchment techniques. Also of interest are developmental prototypes that have had limited distribution or not even occurred in the wild. We recently came across one such sample: a macOS backdoor that we named Calisto.

The malware was uploaded to VirusTotal way back in 2016, most likely the same year it was created. But for two whole years, until May 2018, Calisto remained off the radar of antivirus solutions, with the first detections on VT appearing only recently.

Read more: Calisto Trojan for macOS

Girl Scouts unveils 30 new STEM-related badges, including space exploration and cybersecurity

Original article posted on theverge.com

Girl Scouts of the USA announced today that it will introduce a slew of new badges that address what it called “some of society’s most pressing needs” by homing in on STEM and technology-related issues and advocacy for girls.

The 30 badges will be available exclusively for girls between the ages of five and 18 for efforts and advocacy in cybersecurity, robotics, computer science, space exploration, and the environment. The badges will be earned when girls learn how to code or design robots, take action to protect the environment, or learn how to spot crimes being committed online. The new offerings are among a number of badges the organization has introduced over the past years to boost interest and participation in fields where women are traditionally underrepresented.

In November of last year, the Girl Scouts announced that it would integrate STEM-related programs into its organization to help reduce the gender gap in those fields in the future.

Read more: Girl Scouts unveils 30 new STEM-related badges, including space exploration and cybersecurity

Copyright 2016 SynED