Categories
Cyber news Cyber Security Training

Cyber Security Awareness Month

What are you doing to protect yourself?

Below you’ll find some recommended practices and habits for practicing better cyber security. Also there is a checklist to help make sure that your home and business networks are protected.

Categories
Cyber news Cyber Security

Where to Start to Strengthen Cyber Defenses

By David Cagical

In the face of escalating and intricate cybersecurity threats, it’s crucial to reevaluate our approach to defense. The question isn’t just where to begin, but rather, why embark on this journey? As technology grows exponentially — think Moore’s Law, which posits microchip capacity will double every two years — it brings both advancements and vulnerabilities, making our outdated cybersecurity defenses inadequate.

The starting point lies with us — the users operating computers connected to networks. While often considered the first line of defense, we are also the primary vulnerability. As employees and consumers, safeguarding our credentials is paramount, as compromised credentials jeopardize both personal and corporate assets. Our reliance on technology spans public and private sectors, evident in incidents like the SolarWinds and MOVEit attacks, revealing vulnerabilities along the supply chain.

Categories
Cyber news Cyber Security

Where Are the Cybersecurity Professionals?

By David Cagical

The demand for cybersecurity professionals is increasing rapidly, both in the public and private sectors worldwide. The rise of cyber threats and attacks necessitates strong defenses, managed by skilled cyber professionals who have significant responsibilities throughout the day.

Society is increasingly embracing technologies like the Internet of Things (IoT) in various aspects of life, leading to convenience but also raising concerns about privacy violations and financial asset theft. To address the shortage of cyber resources, a long-term commitment is required to build a robust pipeline of professionals from K-12 schools to graduate programs.

Categories
Cyber news Cyber Security Training

Better password security

Categories
Cyber news Cyber Security Technology Training

Tools of Kali Linux intro

Tools of Kali Linux
Do you want to learn more about cybersecurity tools?

Have you ever opened Kali Linux and not know where to begin?
Here we have created a small list of tools that are part Kali Linux. Some of our career field experts have given us their short list of tools that they would recommend for individual interested in learning more about cybersecurity. Looking at the menus in Kali Linux can be overwhelming. Hopefully this short list can help you navigate the introduction to Kali Linux Operating System (OS). You don’t need to have Kali Linux to try any of these tools, but it does make it much easier.


John the Ripper

John the Ripper is the name of the password cracker tool that is developed by Openwall. As the name, it is used to crack password hashes by using its most popular inbuilt program, rules and codes that are also an individual password cracker itself in a single package.
It automatically detects types of password hashes; you can also customize this tool according to your wish. It can be used to crack password-protected compressed files like Zip, Rar, Doc, pdf etc.

Nmap

Nmap is short for Network Mapper. It is an open-source Linux command-line tool that is used to scan IP addresses and ports in a network and to detect installed applications. 
Nmap allows network admins to find which devices are running on their network, discover open ports and services, and detect vulnerabilities.
Gordon Lyon (pseudonym Fyodor) wrote Nmap as a tool to help map an entire network easily and to find its open ports and services. 







Nmap Scripting Engine (NSE)

The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts (using the Lua programming language) to automate a wide variety of networking tasks. Those scripts are executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap, or write their own to meet custom needs.

Wireshark

Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.


Metasploit

Metasploit is one of the best penetration testing frameworks that help a business find out and shore up vulnerabilities in their systems before exploitation by hackers. To put it simply, Metasploit allows hacking with permission.
Metasploit was conceived and developed by H D Moore in October 2003 as a Perl-based portable network tool for the creation and development of exploits. By 2007, the framework was entirely rewritten in Ruby. In 2009, Rapid7 acquired the Metasploit project, and the framework gained popularity as an emerging information security tool to test the vulnerability of computer systems. Metasploit 4.0 was released in August 2011 and includes tools that discover software vulnerabilities besides exploits for known bugs.

Armitage

Armitage is a fantastic Java-based GUI front-end for the Metasploit Framework developed by Raphael Mudge. Its goal is to help security professionals better understand hacking and help them realize the power and potential of Metasploit.


OpenVAS – Open Vulnerability Assessment Scanner

OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.
The scanner obtains the tests for detecting vulnerabilities from a feed that has a long history and daily updates. 
OpenVAS has been developed and driven forward by the company Greenbone Networks since 2006. As part of the commercial vulnerability management product family Greenbone Enterprise Appliance, the scanner forms the Greenbone Vulnerability Management together with other Open-Source modules.
 
MASSCAN

MASSCAN is aTCP port scanner which transmits SYN packets asynchronously and produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous transmission. It’s a flexible utility that allows arbitrary address and port ranges.

Harvester

Harvester is a modern Hyperconverged infrastructure (HCI) solution built for bare metal servers using enterprise-grade open-source technologies including Kubernetes, Kubevirt and Longhorn. Designed for users looking for a cloud-native HCI solution, Harvester is a flexible and affordable offering capable of putting VM workloads on the edge, close to your IoT, and integrated into your cloud infrastructure.
Categories
Cyber news Cyber Security Training

The Range is now open

For more information please use the contact form for more information

Fill out my online form.

Categories
Cyber news Cyber Security

Safety tip of the day

How safe are you with your passwords with your internet browser?

Do you practice good password security?

Do you use your web browser to save passwords from websites?

To answers these questions, I’ll share with an experience I had. I won’t share the brand name of this web browser just to stay out of trouble. A friend of mine bought a new computer and asked me to help him with the initial setup. We went through all of the normal configuration of a new laptop and transferred his information from the old laptop to the new one.  After the setup he went through the new laptop to see if anything was missing from the old laptop. Turns out that he didn’t document some login and password information from some websites he uses. I did a little digging and found out that the web browser he was using would ask to save this information from websites. I found this in the settings of the web browser and plain as day, an unsecure folder with an entire list of websites he visited with the user I.D. and password associated with it. I’m no Cyber security expert, If I can locate this, then the criminals won’t have any problem at all. In this folder I found 41 unique websites with all the credentials needed to log in to that website including the ones he was missing.

The fix.

Don’t save any login information in your web browser. I would recommend using a password manager as there are a number of good ones out there and a lot of them will offer a basic account for free. Adding a password manager is adding an extra layer of protection from getting your information stolen, putting your login information behind password protection.

Categories
Cyber news Cyber Security Technology

Is your router ready for an upgrade?

Categories
Cyber news Cyber Security Technology

Google has new tech to track your web browsing – here’s how to stop it

We’ve written on a number of occasions already this month that Google was launching a test of new technology in Google Chrome called FLoC, which stands for Federated Learning of Cohorts. It’s ostensibly meant to let Chrome improve the anonymity of users — which is something Google vowed to do a few weeks ago, via a movie to stop allowing advertisers to track users online with third-party cookies. However, Chrome will do this via FLoC while also still collecting some users’ browsing data for advertising purposes. What struck many people as particularly frustrating is that even though Google said it would test this as part of a limited pilot run before rolling it out fully, the search giant didn’t offer a straightforward way to opt out of the testing.

Categories
Cyber attack Cyber news Cyber Security Phishing Rasomware

As the filing date for tax returns in the United States approaches, IRS/tax scams are popping up

Each year many fall for these scams. The bad guy predate on the old, the young, anyone who may not have strong knowledge of the IRS and how it operates.

Here are just a few of the more popular scams/setups.

Any email from the IRS. The IRS does not email you.
Any phone call from the IRS. The IRS does not call you.
You are getting a refund / what is your tax refund status
False unemployment claims
Your SSN has been cancelled/suspended
You owe back taxes . Pay now or else.
Help by providing relief for this disaster
Please verify your information
Your Tax Transcript
You are a victim of Identity Theft.
Please verify your information.
You have committed a crime. Pay the fine.
Please verify your banking information
Etc. Hundreds more.

The National Cyber Warfare Foundation (https://cwr.dev) sees many alerts and notifications every year.

The IRS provides specific guidance on this issue. Read their web site post: https://lnkd.in/dSRY-Z3 the article also provides links on who to report scams/scammer to. #ncwf