CyberSecurity Pulse 2016-07-07

CyberSecurity Pulse 2016-07-07

“To hell with circumstances; I create opportunities.”
Bruce Lee

Analyst Insight

Are Certifications the Solution to Get a Job in Cybersecurity?

The cybersecurity training market is expanding while there are more trained professionals to be hired. Job vacancies to cover these roles usually require some type of certification that the applicant uses to certify a minimum knowledge in specific subjects related to this field and there are a lot of organizations recognized in the security world this task such as ISC2, ISACA, SANS, CompTIA, or Cisco. At the same time, there are many companies looking for this type of profiles especially in the banking and insurance sector and other companies in the FTSE 100. But, is this the ideal evaluation method?

CyberSecurity Pulse 2016-07-07For example, to get the CISSP certificationissued by ISC2, the candidate must pass an electronic exam with 250 multiple choice questions, and demonstrate five years of full-time experience working in information security. Anyway, those who pass the exam but lack the professional experience yet, have the chance of identifying themselves as Associates of ISC2 until they build their background.

Nevertheless, according to the US Department of Homeland Security (DHS), the majority of the jobs that are hard to fill are the "mission-critical" jobs. These types of jobs are hands-on roles like penetration testing, incident response, and threat analysis. DHS concluded that filling these mission-critical roles involves growing an "on-ramp" of penetration testers. In this sense, even NIST, the US National Institute of Standards and Technology, recognises the need for better skills-based hiring practices. Without leaving aside the theory, the candidates must know how to face an attack. The uptake of these profiles requires an economic investment in training as well as a personality that avoids remaining hidden on the ground. Not an easy task for recruiters.


Top Stories

Europe Strengthens Transparency Rules to Tackle Terrorism Financing

CyberSecurity Pulse 2016-07-07

The European Commission has adopted last 5 July a proposal to further reinforce the European Union rules on anti-money laundering to counter terrorist financing and increase transparency about who really owns companies and trusts. This Commission proposal is the first initiative to implement the Action Plan for strengthening the fight against terrorist financing of February 2016 and is also part of a broader drive to boost tax transparency and tackle tax abuse. In this sense, one of the most interesting changes is to explicitly include virtual currency exchange platforms and online wallet providers under the scope of the Anti-Money Laundering Directive.

More information at European Commission

DoJ Wants to Boost Cooperation between Companies and the LEA to Fight Ransomware

CyberSecurity Pulse 2016-07-07

The Department of Justice of the United States is encouraging companies and Law Enforcement Agencies to share information and methodologies in the fight against ransomware. Although the FBI discourages ransomware victims from paying, a recent report published by the agency pinpoints that the list of attacks is dramatically increasing and cybercriminals have already collected more than $209 million in the first three months of 2016 as an official reported to CNN in April. The risk of having the information exposed in the cloud is a factor that leads to the payment of the ransom requested by the attackers, a payment which makes use of different cryptocurrencies to protect the anonymity of the blackmailers.

More information at FCW and CNN

Rest of the Week´s News

Satana Ransomware Encrypts User Files and Master Boot Record

Satana is a new ransomware discovered by Malwarebytes which encrypts all data from their victims using a standard algorithm and, once this encryption is complete, install a "bootlocker" on the hard disk so that when the user tries to boot the computer to access Windows automatically screen kidnapping and instructions for retrieving data displayed.

More information at Malwarebytes

EasyDoc, a Malware Sample for Mac that Uses Tor Network

Bitdefender researchers have alerted about the existence of a malicious application for Mac that uses the Tor Network to issue commands anonymously. The malware is supposed to behave as a file converter that creates a hidden service in the background which is accesible using a .onion domain. There, a web server is exposed that can be used by the attacker to control the system and issue different commands after connecting to it using Tor.

More information at The Register

The New Dashboard that Google Offers to Track Your Own Digital Footprint

A company focused on providing internet services such as Google, Gmail, Youtube or Google Maps has a lot of information regarding how their users behave in the internet. Lately, the company has offered its users a new dashboard to keep control of our own activity in the internet so as to check how much information they have collected. Once you are logged in with your Google account, you can check your own activity panel by visiting the following link:

More information at The Hacker News

Further Reading

BEBLOH Expands to Japan in Latest Spam Attack

More information at SOFTPEDIA

Chinese Ad Firm Infected 85 Million Android Users

More information at The Hacker News

Hacking a Facebook Profile With a Fake Passport

More information at Security Affairs