CyberSecurity Pulse 2016-07-07
|“To hell with circumstances; I create opportunities.”|
Are Certifications the Solution to Get a Job in Cybersecurity?
For example, to get the CISSP certificationissued by ISC2, the candidate must pass an electronic exam with 250 multiple choice questions, and demonstrate five years of full-time experience working in information security. Anyway, those who pass the exam but lack the professional experience yet, have the chance of identifying themselves as Associates of ISC2 until they build their background.
Nevertheless, according to the US Department of Homeland Security (DHS), the majority of the jobs that are hard to fill are the "mission-critical" jobs. These types of jobs are hands-on roles like penetration testing, incident response, and threat analysis. DHS concluded that filling these mission-critical roles involves growing an "on-ramp" of penetration testers. In this sense, even NIST, the US National Institute of Standards and Technology, recognises the need for better skills-based hiring practices. Without leaving aside the theory, the candidates must know how to face an attack. The uptake of these profiles requires an economic investment in training as well as a personality that avoids remaining hidden on the ground. Not an easy task for recruiters.
Europe Strengthens Transparency Rules to Tackle Terrorism Financing
The European Commission has adopted last 5 July a proposal to further reinforce the European Union rules on anti-money laundering to counter terrorist financing and increase transparency about who really owns companies and trusts. This Commission proposal is the first initiative to implement the Action Plan for strengthening the fight against terrorist financing of February 2016 and is also part of a broader drive to boost tax transparency and tackle tax abuse. In this sense, one of the most interesting changes is to explicitly include virtual currency exchange platforms and online wallet providers under the scope of the Anti-Money Laundering Directive.
DoJ Wants to Boost Cooperation between Companies and the LEA to Fight Ransomware
The Department of Justice of the United States is encouraging companies and Law Enforcement Agencies to share information and methodologies in the fight against ransomware. Although the FBI discourages ransomware victims from paying, a recent report published by the agency pinpoints that the list of attacks is dramatically increasing and cybercriminals have already collected more than $209 million in the first three months of 2016 as an official reported to CNN in April. The risk of having the information exposed in the cloud is a factor that leads to the payment of the ransom requested by the attackers, a payment which makes use of different cryptocurrencies to protect the anonymity of the blackmailers.
Rest of the Week´s News
Satana Ransomware Encrypts User Files and Master Boot Record
Satana is a new ransomware discovered by Malwarebytes which encrypts all data from their victims using a standard algorithm and, once this encryption is complete, install a "bootlocker" on the hard disk so that when the user tries to boot the computer to access Windows automatically screen kidnapping and instructions for retrieving data displayed.
EasyDoc Converter.app, a Malware Sample for Mac that Uses Tor Network
Bitdefender researchers have alerted about the existence of a malicious application for Mac that uses the Tor Network to issue commands anonymously. The malware is supposed to behave as a file converter that creates a hidden service in the background which is accesible using a .onion domain. There, a web server is exposed that can be used by the attacker to control the system and issue different commands after connecting to it using Tor.
The New Dashboard that Google Offers to Track Your Own Digital Footprint
A company focused on providing internet services such as Google, Gmail, Youtube or Google Maps has a lot of information regarding how their users behave in the internet. Lately, the company has offered its users a new dashboard to keep control of our own activity in the internet so as to check how much information they have collected. Once you are logged in with your Google account, you can check your own activity panel by visiting the following link: