Tag Archive for: cost

Modi govt’s warning for Zoom users shouldn’t be ignored at any cost

/in


The Narendra Modi government has issued a high-risk warning to video conferencing platform Zoom users of attackers getting entry to their system and carrying out mischievous operations.

The Indian Computer Emergency Response Team (CERT-IN) has issued the advisory with a high severity rating on Thursday against multiple vulnerabilities reported in the Zoom products.

CERT-IN alerted in the vulnerability note, “Multiple vulnerabilities have been identified in Zoom products.” It added the flaws “could be exploited by an authenticated attacker to bypass security restriction, execute arbitrary code or cause denial of service conditions on the targeted system.”

CERT-IN is a statutory body with powers from the Information Technology (Amendment) Act of 2008. This nodal agency under the Ministry of Electronics and Information Technology monitors computer security incidents, records susceptibilities, and advocates powerful IT security practices throughout the country. It reveals bugs and cybersecurity threats, including hacking and phishing attacks.

Which versions are affected and why?

CERT-IN has stated that the vulnerabilities are found on Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 and Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0.

As per the report, these vulnerabilities exist because of improper access control, debugging port misconfiguration flaw.

How would it influence the system ?

Using these vulnerabilities, the agency warns, an authenticated user could exploit these vulnerabilities to use the debugging port to connect to and control the Zoom Apps running in the Zoom client. The attacker could also prevent participants from receiving audio and video and causing meeting disruptions.

What is the solution?

Users should upgrade to the latest version, as mentioned in Zooms Security advisory.

Zoom’s response

The virtual meeting platform issued an official statement on the report. ““As detailed on our Zoom Security Bulletin page, we have already resolved these security issues. As always, we recommend users keep up to date with the latest version of Zoom to take advantage of Zoom’s latest features and…

Source…

CISSP Certification Exam Cost And Requirements – Forbes Advisor

/in


Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors’ opinions or evaluations.

The Certified Information Systems Security Professional (CISSP) credential demonstrates mastery of developing and overseeing large-scale cybersecurity programs. When it comes to the best cybersecurity certifications, many consider CISSP the industry’s gold standard. Individuals who meet CISSP requirements can earn the certification and qualify to take on more professional responsibility in their field.

This guide offers information on CISSP certification requirements, including experience, suggested preparation times and CISSP certification exam costs.

What Is CISSP Certification?

CISSP certification, offered by (ISC)2, is an advanced credential for information systems and cybersecurity professionals. This certification highlights an individual’s ability to create, deploy and manage cybersecurity efforts for large organizations.

CISSP certification requirements include a significant amount of professional experience and passing a lengthy exam. This credential suits experienced workers over entry-level and mid-level professionals.

Though this certification is not required by employers, it can boost candidates’ earning power and help them qualify for advanced roles in information security. CISSPs often work in positions like chief information security officer (CISO), network architect, security auditor and security manager, among others.

CISSP Certification Requirements

Aspiring CISSPs should familiarize themselves with the certification’s requirements before pursuing this credential.

Gain Experience

CISSP certification requirements stipulate that each candidate must have a minimum of five years of relevant professional experience. (ISC)² specifies eight security domains:

  • Domain 1: Security and Risk Management
  • Domain 2: Asset Security
  • Domain 3: Security Architecture and Engineering
  • Domain 4: Communication and Network Security
  • Domain 5: Identity and Access Management (IAM)
  • Domain 6: Security Assessment and Testing
  • Domain 7: Security Operations
  • Domain 8: Software Development Security

Prospective…

Source…

How much does it cost to hack a Starlink dish?

/in


It appears there is a pretty easy way to hack into SpaceX’s Starlink system. Lennert Wouters of KU Leuven university in Belgium discovered the vulnerability and recently demonstrated it at the Black Hat Security Conference.

Starlink provides Internet services using satellites in orbit and a dish that customers install outside their home in order to receive Internet signals. Using just $25 worth of materials, Wouters was able to build a device that can hack into any Starlink dish. It works by temporarily shorting the system with a fault injection attack, which disables the dish’s security measures, granting the hacker access.

Wouters reportedly informed Starlink of the vulnerability last year and was even rewarded through their bug bounty program. However, Wouters was able to get around the patches that the company issued at the time, finding that the core vulnerability still exists and will require a much more involved fix. Starlink has confirmed that it is still working on a new update to better repair the vulnerability.

Source…

Okta’s Fearful Cyber Response Worse Than Hackers’ Peek—How 3 Tempting Tech Crisis Shortcuts Cost More

/in


Regardless of precautions and incident plans, cyberattacks terrify C-suites. The recent identity-security firm Okta breach spotlights a common leadership response mistake — sacrificing customer trust for overestimated legal risk.

In January 2022, hacker group LAPSUS$ infiltrated an Okta contractor’s computer. Relying on its vendor’s initial forensics, Okta opted not to disclose the brief attack. The breach was eventually made public in March via a series of hacker posts.

Okta’s attempts to minimize that bad news soon escalated into a public relations nightmare, stock downgrades, senior leader apologies and a class-action lawsuit.

This cyber crisis spiral exemplifies why companies must proactively prioritize ‘what must go right’ customer trust imperatives over ‘what could go wrong’ legal fears.

Far reach

The Okta case is neither complex nor surprising. Increasing reliance on service providers to address staffing needs and talent gaps also brings cybersecurity risk.

In Okta’s case, however, three key leadership shortcuts widened and worsened the breach toll:

  • First, Okta did not oversee contractor devices used to access company systems and customer accounts. That limits cyber incident and exposure visibility.
  • Next, when the hack occurred, Okta’s executives and IT security team hastily relied on the vendor-commissioned forensic investigation.
  • Third, to downplay the alleged hackers’ postings, Okta CEO Todd McKinnon tersely tweeted that the “matter was investigated and contained by the [vendor]. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.” That vague Twitter response only invited questions and second-guessing.

Pressed to clarify the attack’s scope, David Bradbury, Okta chief security officer (CSO), added later that day that “after a thorough analysis, we have concluded that a small percentage of customers — approximately 2.5% have potentially been impacted and whose data may have been viewed or acted upon.”

That “small percentage” equated to over 260 customers. Upon that estimate, investment firm Raymond James downgraded Okta stock,…

Source…