• Ransomware attacks are truly nothing new at this point, but 2019 is looking like a banner year for them

• A destructive strain called LockerGoga has specifically been victimizing industrial and manufac­turing firms

• Forcing production plants to switch to manual control or exacting long-term damage in systems that control physical equipment

• A legitimate software vendor pushes out what looks like a trustworthy software update to users, but it’s really a destructive instrument of cyberwar. 

• Russian hackers spread destructive malware in part by compromising the update mechanism for a Ukrainian accounting application.

• Logged into your account is going to this help center page.

• Hit the Privacy tab. From here, you can control who gets to see your future posts and friends list.

•  Click on Limit Past Posts, then select Limit Old Posts and finally hit Confirm on the pop-up.

• In Settings, go to the Timeline and Tagging and edit the sections you want to lockdown.

•  Restricted list here, which means they’ll still be friends with you but will only be able to see your public posts and things you share on a mutual friend’s Timeline.

• The FBI is investigating allegations that employees from one of Walmart’s technology suppliers were illegally monitoring the retailer’s e-mail communication.

• Compucom technician took a photo of an email about an internal Walmart disciplinary matter and sent it to a Walmart employee he had been chatting with on an instant messaging system

• The photo was then forwarded accidentally to the daughter of a second Walmart employee who reported it to the company’s security department

• The case exposes a potential vulnerability for companies that rely on contractors for technical work, giving outsiders broad access to sensitive internal documents with little oversight in the process.

Company terminated its contract with Compucom

• A vulnerability in Amazon’s Ring video doorbells left the internet-of-things devices open to a variety of attacks

• Bitdefender found that the Ring Video Doorbell Pro’s companion smartphone app sent wireless network credentials to the device in plain HTTP language during the set-up and configuration stage

• Attackers can send these de-authentication frames at any time to a wireless device. Once the device loses its ‘heartbeat’, it automatically enters configuration mode.

• ESET warned that many Amazon Echo and Kindle devices remained open to a different Wi-Fi vulnerability, a Key Reinstallation Attack (Krack attack)

• A Krack attack enables the attacker to trick a device into reinstalling a key that is already in use by another device, enabling them to gain visibility of data packets crossing the network.

Forensic Computer Analyst

The forensic computer analyst is the detective of the cyber security world. Forensic computer analysts review computer-based information for evidence following a security breach or other incident. Tasks include handling hard drives and other storage devices and employing specialized software programs in order to identify vulnerabilities and recover data from damaged or destroyed devices. Forensic computer analysts must be sensitive to the security concerns of their employers or clients and follow closely all privacy procedures when dealing with financial and personal information. They must also keep detailed and accurate logs and records of their findings, which are often used in litigation.

Education requirements

Employment as a forensic computer analyst normally requires holding a bachelor’s degree in computer security, forensic computing or a related subject. Previous experience may also be necessary.

Information Security Analyst

An information security analyst (ISA) is responsible for the protection of an organization’s computer systems and networks. They plan and execute programs and other measures, including installing and using software for data encryption and firewalls. Additionally, ISAs help design and execute plans and methods for the recovery of data and systems following a cyberattack. ISAs must continuously stay on top of the latest industry trends and cyber threats, which involves researching new security technologies and networking with other professionals.

Education requirements

ISAs need to earn a bachelor’s degree in computer science or related area. There is a growing trend toward undergraduate degree programs specializing in the information security field, which may become the preferred choice of employers in the future. Some employers, particularly large corporations or organizations, may prefer job candidates with an MBA in information systems.

The Internet of Things (IoT) creates new business opportunities. For instance, companies can use smart sensors to track and monitor inventory.

• Set passwords
• Disable Universal Plug and Play (UPnP)
• Create a separate network
• Update your firmware
• Unplug it

A new global survey by Crowd Strike shows the average cost of a software supply chain attack is $1.1 million.

• According to a new survey, and most organizations worldwide have been victims of a software supply chain attack.
• Some 90% of organizations say software supply chain attacks cost an average of more than $1.1 million.
• A Professional stated “They now inject malicious code into legitimate software,” he says. “It’s mostly invisible, which is why these attacks are becoming more common.”
• 71% say they don’t consistently require the same security requirements of their third-party suppliers as they use internally. 
• The survey, conducted by Vanson Bourne on behalf of Crowd Strike, includes responses from 1,300 senior IT decision-makers and security pros in the US, Canada, UK, Mexico, Australia, Germany, Japan, and Singapore. 

The most effective penetration testing methods combine threat intelligence, vulnerability scanning, and human expertise to validate the criticality of vulnerabilities through simulated attacks on an IT environment. 

• Use AI to filter that data and eliminate the noise.
• AI will also help produce test results more quickly, and in matters of cybersecurity, time is of the essence
• Automating vulnerability analysis and exploitation, you can reduce the operational cost and speed vulnerability reporting
• Organizations will always need qualified penetration testers to interpret and validate scan insights, generate action plans to mitigate risks, and “train” AI and ML algorithms for continuous improvement.

China has overtaken the US not just in the sheer volume of AI research papers submitted and published,

The production of high-impact papers as measured by the top 50%, top 10%, and top 1% most-cited papers

73% of senior executives see AI/machine learning and automation as areas they want to maintain or increase investment in

82% of IT and business decision-makers agree that company-wide strategies to invest in AI-driven technologies would offer significant competitive advantages,

Cisco attributes the decline to their increased confidence that “migrating to the cloud will improve protection efforts, while apparently decreasing reliance on less proven technologies such as artificial intelligence”

A.I. And machine learning will be the Future. Many businesses see the benefits that A. I, will provide in the future. In terms of cybersecurity, the user of this technology can help create new solutions.

• The attack happened on February 21, 2019
• Toyota revealed the issue on its official website on March 29, 2019,
• the breach potentially affected 3.1 million people
• Good thing was that the compromised server did not contain credit card details.

Lesson Learned: Since there are so few specifics about what happened surrounding Toyota’s cybersecurity breaches, it’s best for customers to be exceptionally vigilant regarding any communications from people claiming to be from Toyota or its subsidiaries. There’s no way to know for sure, but the hackers could use the customer data obtained in the Japanese breach to orchestrate phishing attempts.