InfoSec

When you’re filming in the “secret, first of its kind command center” try to not give away the WiFi password

October 19, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
February 2, 2014

Via Anthony DeRosa @AntDeRosa

University of Minnesota announces three-year collaboration with Target on cyber security education

October 10, 2019 By William Knowles

InfoSec News

By William Knowles @c4i
Senior Editor
InfoSec News
October 10, 2019

The University of Minnesota College of Science and Engineering announced on Wednesday, October 8, 2019, a three-year collaboration with Target that includes a $250,000 donation from Target to fund programs that will educate the next generation of cybersecurity experts. The collaboration will kick off tonight at Target’s Cyber Security Day at the University of Minnesota, an event for students interested in cybersecurity careers.

The donation, provided by Target’s Cyber Security department, is Target’s first major gift to the University’s College of Science and Engineering. The gift helps build course curriculum and offers hands-on information security experiences, student scholarships, fellowships, and grants, as well as opportunities for students to network with cybersecurity experts.

“We’re grateful to Target for supporting the University in our efforts to build the pipeline of high-tech workers in this state and around the world,” said Mostafa Kaveh, dean of the University of Minnesota College of Science and Engineering. “When industry and academia work together to solve problems, great things can happen. We look forward to collaborating with Target for many years.”

One of the highlights of the new collaboration is a year-long, in-depth capstone project in the Department of Computer Science & Engineering where the University and Target will provide students with hands-on technical experience prior to graduation. In this course, the instructor and students will work with leadership at Target to solve a real-world industry problem and develop innovative solution considerations.

“Over the next 10 years, it’s predicted that half of all cybersecurity positions in the U.S. will be vacant,” said Rich Agostino, Chief Information Security Officer at Target. “As one of the largest employers in the Twin Cities, we know we have a responsibility to help build the cybersecurity talent pipeline. Our team has been working closely with the University of Minnesota on a unique collaboration that not only helps educate the next generation of cybersecurity leaders but also provides training and leadership opportunities to Target’s team.”

Target’s donation also includes funding to directly support students. Target will award seven undergraduate student scholarships at $5,000 each that started with the Fall 2019 semester.

“I’m honored to be one of the first Target scholarship recipients,” said Melanie Humphrey, a University of Minnesota junior majoring in computer science who will be interning at Target next summer. “The Target scholarship process confirmed my decision to pursue a career in cybersecurity. I was excited to learn that I could have an impact on everything from protecting our private data to national security.”

In addition to the capstone course and scholarships, Target will provide funding to computer science-related student groups for events such as conferences, workshops, and hackathons.

Moscow based Sberbank reports possible data leak

October 4, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
October 4, 2019

Russia’s largest bank and third-largest bank in Europe, Sberbank announced on Wednesday of a possible personal data leak.

Late on October 2, 2019, Sberbank became aware of a possible leak of credit card data affecting at least 200 Sberbank clients.

An internal investigation is underway. Its results will be unveiled in a separate statement. A criminal wrongdoing of an employee is the primary lead, as no breach could have occurred from the outside – the database is isolated and has no outer network access.

Refreshingly, there was no mention of the classic data-breach disclosure boiler-plate terminology that Sberbank takes the security of your personal data very seriously.

Photo by Roman Balabin

DoD Cyber Awareness training in less than three minutes

October 4, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
October 4, 2019

Bozhe moy! Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online, yadda yadda yadda…

Let’s be honest, one month out of the year to concentrate on cybersecurity awareness is a real waste of time and resources, Every day should be National Cybersecurity Awareness Day. An informal poll of InfoSec News subscribers who have taken their annual DoD/DISA Cyber Awareness Challenge only really remember Jeff, Tina and that guy who steals your phone every year.

This slightly NSFW video covers a lot of ground in less than three minutes and might be onto something, another InfoSec News informal poll of non-cybersecurity aware people showed users were able to grasp the security concepts presented. (No idea if the low cut Russian military costume helped or hurt) Nevertheless, its free cybersecurity awareness training, Enjoy!

Bozhe moy!

So Who Hacked EC-Council Three Times This Week?

September 23, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
February 28, 2013

On February 22nd, 2014 the EC-Council website was broken into and defaced by Eugene Belford (a.k.a. The Plague). For those of you living in a cave, or a compound outside of Abbottabad for the last 13 years, The EC-Council is an Albuquerque New Mexico based organization that offers security professionals a reasonably inexpensive certificate among other security certificates. to be compliant with DoD 8570. The website was defaced, and its content was replaced with a picture of Edward Snowden, and an HTML comment that gives away the identity of the “hacker” that compromised the EC-Council website.

After EC-Council wrestled back control of their site, a known password was reused, and two days later re-defaced the website showing the mail from Edward Snowden’s Yokota Air Base e-mail asking for an exam code, a copy of his U.S. Passport and a letter from John A. Niescier, an Information Security Officer with the Department of Defense Special Representative, Japan stating that he has verified Edward J. Snowden has at least five years professional information security experience in the required domains.

After the hacker mentioned “P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials” conspiracy rumors were swirling about who may have attacked the EC-Council website. Foreign training companies, secret squirrels, the Chinese, Russians, non-state actors.

On February 25th, EC-Council website was defaced a third time.

(Screenshot credit: @JamieCaitlin)

The folks at r000t’s Blag have found done some digging and on the surface, it’s pretty damning evidence.

As we’re unable to confirm this independently, read this first article: Who Hacked EC-Council?

Then read this second article: Inside Eugene’s Gibson (EC-Council, Part II)

Its NSFW – Not Safe For Work reading, but when has that stopped you in the past in the name of security research?

Since the EC-Council has been mum on whether or not there has been a massive disclosure of passports, drivers licenses, and CAC cards, I can promise you after reading the above articles, you will be angry at the U.S. Federal Law Enforcement community as it seems they have had this hacker in custody before, but were unable to charge him/her at the time.

Maybe this will be the event that changes this mindset in the future.