Week 02

I was browsing top cybersecurity news for this week and I came across this article that I believe could be meaningful for a lot of you. Especially for those who are about to graduate this coming August. Alison DeNisco, a Tech Republic writer, conducted a research to reveal the top-rated organizations currently hiring cybersecurity professionals.

Among the group are Apple, Lockheed Martin, Intel and surprisingly several more interesting ones. Alison shared an important statistic revealing that “The US faces a 33% skills shortage for crucial security roles…” Conversely, this gab is shrinking as job seekers in cybersecurity roles rose from 60% in 2014 to 67% today. Let’s hope the trend keep gearing up as these are important positions the U.S. and several other countries need more than ever.

You may access the full article via the link below.

http://www.techrepublic.com/article/top-10-companies-hiring-cybersecurity-professionals/

A new ransomware, called ‘Charger’ embedded in an Android app threatens to sell the victim’s private info on the black market if they don’t pay. After the user the app, EnergyRescue, the app asks for admin permissions. After receiving the permission, the device is locked and information such as social network details, bank accounts, credit cards, and info about friends and families are claimed to have been compromised. The ransom is set to about .2 BTC, equivalent to $180.

In order for the malware to stay hidden, strings are encoded into binary arrays (making it harder for inspection), code is loaded from “encrypted resources dynamically”, and “checks whether it runs in an emulator” before the routine is run. This makes it difficult for detection due to the inability for most detection engines to “penetrate and inspect dynamically-loaded code.”

http://www.securityweek.com/charger-android-ransomware-infects-apps-google-play

For this week’s in-the-news article, I chose one that is very relevant in today’s cyber security community and political community.  This article focuses on the security of Twitter accounts, or lack thereof security.  President Donald J. Trump has been known to tweet every now and again, and since he is so active on Twitter, hackers are trying to find ways to compromise his account, along with other members of his cabinet.

 

“The problem revolves around the service’s password reset function. If the account holder doesn’t take certain steps to secure it, Twitter exposes information that anyone with the right skills can use to uncover what email address — in redacted form — was used to secure a Twitter account.”

“The hacker found the same issue with the Twitter accounts for the vice president, the first lady and Trump’s press secretary, all of which were also secured with Gmail addresses.”  Clearly, our highest officials should not be using personal Gmail accounts.  Without a Government domain, there is no guarantee that this data remains in the United States, and could be putting national security at risk if the account is compromised.  The main focus of the 2016 presidential election was that Hillary Clinton was using private e-mail servers for confidential information.  I believe that is less risky than using a third-party personal G-Mail address.

“On Thursday, White House Press Secretary Sean Spicer was found tweeting and then deleting what appeared to be a password, although it’s still unclear what really happened.”

Article

Advanced Penetration Testing -Week-2

Please note:  Due to technical difficulties week two was not recorded