Cybrary Released their Mobile App for Hacking and Security Courses

Cybrary, the free, forever cyber security training website, has released their Android mobile app on the Google Play Store (Download it here: Cybrary App). This app is designed to allow someone to watch Cybrary’s training classes on the go. In other words, you do not need to be connected to the internet to watch the videos.

Cybrary has been talked about here on this blog several times in the past, because its the first place ever to receive legit, concise training classes for hacking, forensics and cybersecurity online, for free. Where some other companies like Pluralsight, Lynda and Skillsoft offer some standard security classes, like Security+ and CISSP, Cybrary has those classes and then goes well beyond that with advanced classes such as Python for Security Professionals, Malware Analysis, Post Exploitation Hacking and Advanced Penetration Testing. In addition to training on Cybrary, individuals can apply for jobs in the security field.

The Cybrary Android App is free, just like the training they offer. The reviews for Cybrary’s classes have been quite strong, and we have had the chance to take some of them, they definitely are as good as anything else you could pay for, and it always beats paying $5000 per week to SANS and the like. So far, the app store has about 600 reviews for Cybrary’s app, and it seems to be very well received. Again, get the Cybrary App here.


Online Safety Checklist

Is your personal information secured online and are you taking all the possible measures to ensure that it is safe? There are some simple steps that you can follow to strength your online security!

  1. Password Protection- When it comes to password security, it is better to be safe than sorry. Refrain from sharing your password online. Create passwords that are unique and difficult for a hacker to figure out… don’t make it easy for them! Don’t use your pet’s name, or your birth date- this is information that can be easily discovered. Another problem with passwords is the vast accumulation of them over time. Do not keep your passwords in your phone, or saved on a document on your computer. These files can end up in the hands of hackers, leaving your personal information at risk. Consider using a protected password manager to store your passwords.
  2. Do not open attachments from untrustworthy sources! –Simple as that.
  3. Safe Online Shopping-  shopping online is quick and convenient, but can also put your personal information at risk of being stolen. When you use your credit card online it is susceptible of being hacked. A piece of advice: Only use your credit card on websites with the prefix “https”. The “s” confirms that the site is using a secure protocol to encrypt any communication between you and the website you are shopping on. So when in doubt, play it safe and don’t shop on that site, but if you must…look for the “s”.
  4. Mobile Device Safety- Now-a-days almost all of our personal accounts can be accessed in the palm of our hands. This includes banking accounts, shopping accounts, email, etc. The scary thing is, it is so easy for your mobile device to be misplaced and stolen. So, it is just as important to ensure that your are following the above safety tips with your mobile devices.
    • Set lock codes on your phone
    • Enable Find My iPhone, iPad, and Mac.
    • Set up Do Not Track in your web browser
    • Look for the “https” URL
    • Avoid connecting to public Wi-Fi
    • Manage your privacy settings for your apps

These are just a few simple tips to get you headed on the right path to securing your personal information. It is easy to overlook practices that make us vulnerable to cyber attacks. But, it is important to make ourselves aware. Consider taking TrainACE’s Security+ Training Course to strengthen your knowledge on general security concepts.

Secure Your End Users to Drive Significant Improvement in Data Security

End user security is beginning to become mainstream, and for good reason. According to a study conducted in 2014, 80% of IT and security admins believe that end user carelessness is a bigger threat than actual cyber attacks and malware.

As cyber security professionals, we put the majority of our time into securing and hardening our applications and networks. Obviously, this isn’t a complete waste of time, because we have logs that tell us that these things are constantly under attack. However, almost as frequently under attack are the end users, and whats worse, targeting end users is more effective for hackers.

So why have we been so slow to invest in end user security training? It seems to be a widely ignored topic, one that is only now becoming mainstream. In fact, we have actually had conversations with security leadership from large organizations who have admitted that they have yet to invest in training their end users.

The truth is, its time to invest in end user security training. So many attacks occur because people do things either negligently or even somewhat maliciously. Creating a culture that values secure practice regarding the IT applications they use to do their jobs, is the only way we can ensure we are truly, defending the data within our organizations.

A Free IT and Cyber Security Training MOOC is on its Way

In recent years we have seen a trend emerging in education. Free learning has been making huge waves, and the term MOOC is what is bringing about that change. MOOC’s (Massive Open Online Courses) that have launched in recent years include companies like; Khan Academy, which has brought math and science classes to the world for free; Codecademy, which offers free coding learning; and Coursera, which provides online classes from some of the world’s top universities. We have caught word of a MOOC that will launch in January called Cybrary, which provides free IT and Cyber Security training classes to the world.

So far, from what we can tell on the website, Cybrary’s training offering includes classes that prepare people for some of the more popular IT and security industry recognized certifications, such as the CompTIA A+, Security+, ECC’s Certified Ethical Hacker and the CISSP from ISC2. The site also includes advanced skill sets, which are not intended for certification, such as their Post Exploitation Hacking and Advanced Penetration Testing class.

MOOC’s Emerge as Online Education Sentiment Grows
The explosive growth of MOOC’s is showing us that the sentiment towards online education is growing more favorable. As younger generations, such as the Millennials, come of age and become a major subset of the world’s workforce, online education grows faster. These younger generations seem to be well prepared and extremely accustomed to learning online and at their own pace. Online education has been in a tremendous growth phase since 2002. Now with the success of companies like Codecademy, people are starting to realize that learning can, and maybe should be, free for everyone. This shift in the approach to learning is giving more people the opportunity to build skill sets and achieve an education that may have previously not been affordable to them. Emerging economies and even tenured professionals from the world’s largest economies all are benefiting from these winds of change in education.

As our readers know, the IT and Cyber Security industries are in many ways built around a proof of skill sets which is led by certifications. Many companies hiring practices are built around finding employees who possess these certifications because the certs validate their skill set, at least to a certain extent.

Addressing the Cyber Security Skills Gap
The skills gap in Cyber Security is perhaps the most glaring need that is addressed by this new trend of free online education. SC Magazine wrote an article discussing this challenge as not only being a current one, but one that is actually going to become far worse in coming years. Another study showed that the skills gap would grow to about 47% in 2017.

This skills gap is likely due to the lack of affordable training. Cyber Security changes so quickly, and yet training for both basic skills as well as advanced skills has traditionally been extremely expensive. Codecademy and now Cybrary seem to be directly tackling the issue of putting hard Cyber Security job skills into the hands of anyone that may want them.

The Effect of MOOC’s on Emerging Economies
It was only a matter of time until the IT and Cyber Security training industry, as well as education as a whole, took a major shift towards more social equality. Companies like Coursera, Codecademy and now Cybrary are leading the charge. Free education options are expanding, and as they grow and have success, it seems that education and technical job skill sets will no longer be reserved for those who can afford it, but rather it will be for those who are willing to work hard to achieve it.

Even with the presence of MOOC’s, there may very well still be numerous limitations to the growth of technology and innovation in the world’s emerging economies, but free online education is definitely a step in the right direction. As opposed to having to build out an internet infrastructure as well as invest heavily in an educational infrastructure, perhaps now the more important aspect to educational advancement, is simply stable access to the internet.

Time will tell how much impact these free MOOC’s will have on global problems such as the Cyber Security skills gap and the technological growth in emerging economies. It is safe to say though, free online education and training is well worth giving a try.

Cyber Threats Affect Industries Differently

According to a source recently published by Verizon, cyber threats are very different depending on the industry that they attack. Differences in attacks on the financial industry, health care, retail and intellectual property theft were examined. The data in the article came from Verizon’s annual Data Breach Investigations Report. Differences between different size organizations were also noted. Different tactics are used in different industries.

Attacks on large financial institutions tend to be aimed at stealing money from bank accounts. Security breaches in health care are more likely aimed at smaller doctor’s offices. These attacks are primarily motivated by insurance fraud. Cyber-attacks in the retail industry tend to target smaller stores.

Attacks on smaller stores and doctor’s offices tend to be precipitated by inadequately secured systems. Most of these industries tend to outsource their security so don’t have an understanding of their security systems in-house. Attacks can come from mistakes made by their security vendor. Often employees can inadvertently help attackers by poor online habits. Steps to educate employees about security threats can help avoid these types of attacks. Health care providers also need to be concerned about protecting medical devices and electronic medical records.

Half of all the cases analyzed by Verizon came from hotels and restaurants. Retail accounted for twenty percent and finance and insurance industries made up ten percent.

Intellectual property theft is a very unique type of attack. These attacks often take advantage of opportunity. These attacks often unfold over time and involve attackers gathering information about their targets over time. Often inside sources are used to help intellectual property theft. Recruiting insiders greatly minimizes the risk and effort for the attacker.

To protect themselves from cyber-attacks, it is suggested that firms are vigilant about using better passwords. It is suggested that firms continually study and reevaluate their risks of attack. Proper dedication to IT security training (Advanced Security) and understanding what your attackers are after can help you better protect yourself.

How and Why Mobile Device Security has Become a Top Concern for IT Security Professionals

Cell phones have gone from a luxury item the size of a brick, and with only a bit more functionality, to a staple of modern life. Nowadays, the ability to place calls on the go is somewhat secondary to texting, web browsing and having access to a hundred different features like mobile banking. Their larger cousins, tablets, serve a similar purpose with greater power. Smart phones and tablets are the means by which people stay connected in an increasingly digital society, and are becoming more and more tied into the very identities of their owners. They are following the same trend as personal computers years before them, but that isn’t always a good thing. Wherever there’s personal information to be had, there are disreputable individuals willing to steal it. As smart phones and tablets become more complex, so must the security measures in place to protect their contents.

Security Flaws in Mobile Devices
While mobile devices are rapidly approaching full-sized computers in their capabilities, security features have lagged badly behind other developments. Both smart phones and tablets are used to make purchases and share private data, but it is relatively easy to snatch that information, decrypt it and then use it for illegal purposes. In the right hands, a stream of gibberish from a cell phone can give a criminal the vital details of a bank account or credit card. In one demonstration, researchers successfully used remote hacking to turn on the recording devices on iPhones and iPads and monitor conversations around the gadget. The implications of these weaknesses should be both obvious and worrisome. Making things even more difficult are the number of applications designed by unverified parties, which can infiltrate a device after a voluntary download. The sheer amount of incoming and outgoing information makes a mobile device its own worst enemy.

Working Toward a More Secure Mobile Device
These flaws are becoming well-known among the hacking community, and attacks are on the rise. Apps that have been seeded with malware or websites laden with mobile-targeting viruses are the primary threats. Some apps are not even intentionally dangerous, but use sloppy methodology that fails to protect critical information. Even the most popular apps in the world, like Facebook and Dropbox, have been guilty of the latter. To combat attacks and viruses, mobile companies have to be proactive in releasing updates as soon as a new threat is discovered.

The two main mobile platforms, Android and iOS, also have some basic features in place to protect users from harmful applications. Apps are typically required to declare which permissions they need, and are then only allowed access to that information. Android users are able to review the permissions needed beforehand, and can then decide whether or not the app is worth installing. iOS apps must go through a manual review process to be approved for sale to the public. By continuing to update frequently and improving app security measures, both platforms are working diligently to stay ahead of malevolent software.

How to Protect a Mobile Device
Users should not rely on their mobile provider for everything, of course. By following a few common-sense rules and not taking security for granted, users can avoid most attacks and keep their information safe. Some websites use fake offers to sink their hooks into a mobile device, but a basic knowledge of how to avoid scams should be enough to outsmart most. Individuals should also scrutinize every app they install, and not simply trust that a popular game or other program is safe to use. It may be hard to adjust to viewing phones as a risk, but members of the general public must make the transition or suffer for it. The good news is that mobile security is now at the forefront of many companies’ minds, and they’re making rapid improvements to the devices most people now rely upon. The arms race between hackers and defenders is a never-ending one, but a little education can drastically reduce the number of casualties. You can get information on mobile security training here.

This has been a guest post by Steve Halligan from n2grate Government Data and Cloud Solutions. n2grate is a SDVOSB.

Computer Forensics Training Event: CHFI v8 Launch

The EC-Council has made strides to improve upon their flagship forensics certification, the CHFI, by upgrading their content and courseware. The new CHFI is now the Version 8 (v8). The CHFI v8 certification training class is being launched globally in an exclusive setting to a handful of training centers around the world. There are only three in the United States that are featuring the launch, the EC-Council hand-selected these centers for the event. This computer forensics training event will be held the week of 2/27/12.

The CHFI v8 launch is in time for people to meet the pre-requisites for the Advanced Mobile Hacking and Forensics class and the other classes that EC-Council will be holding at their SUMMIT event in Washington DC. We will feature a post about that event soon.

Here is what people get with registration into the CHFI v8 Launch:

  1. A complimentary 4 day iLab Access Pass worth 100 USD
  2. Twenty percent (20%) discount on the Mobile Forensics CAST class (valid until December 31, 2012)
  3. A complimentary “Secondpass Voucher” for those who fail their exam (valid until the end of June 2012) worth 500 USD
  4. A limited edition commemorative metal plated certificate of attendance
  5. Your name and testimonial posted on EC-Council’s CHFIv8 Website

Register Here: CHFI v8