Tag Archive for: train

Train for your cybersecurity certifications with this course bundle

/in


By

BleepingComputer Deals

  • February 19, 2022
  • 08:12 AM

Cybersecurity

Cybersecurity can feel intimidating as a topic at first. Even experienced IT professionals need tools to get up to speed and apply their knowledge base in a new context. The A to Z Cyber Security & IT Certification Training Bundle provides a suite of classes and materials to help you better understand how cybersecurity works and to get certified in the field.

The instructor in all twelve of these courses is Mohamed Atef. In addition to being a certified instructor, Atef is a senior penetration tester and ICT consultant. Atef uses both his extensive experience and his training to create focused courses that help both new IT employees and experienced veterans hone their skills.

If you’re looking to upskill, the bundle offers several courses on ethical hacking, SQL injection, exploits, and penetration testing, all with labs to practice on and concise lecture that allow you to zero in on details and practice. It also discusses the workplace side of cybersecurity, such as proposing tests and assembling post-mortems that can effectively communicate complex technical topics to high-level people.

Once you’re comfortable with your skills, Atef offers ways to test them with prep courses on seven different certifications, including Security+ and CySA+ from CompTIA; the ISACA’s CISA and CISM certifications; the (iSC)² CSSP and CISSP; and the GSEC certification.

Each is designed to help you take the next step in your career, starting with relatively direct certifications like the GSEC and moving into more advanced ones as you develop skills on the job. You’ll enter the exams prepared and able to focus your studying on the right areas.

Cybersecurity is moving to the center of everything IT departments do, and that makes training a must. The A to Z Cyber Security & IT Certification Training Bundle offers everything you need to become certified for $39.99, 97% off the $1437 MSRP.

Prices subject to change.

Disclosure: This is a StackCommerce deal in partnership with BleepingComputer.com. In order to participate in this deal or giveaway you are required to register an account in our StackCommerce store. To learn more about how…

Source…

Metro Watchdog Safety Report Flags Fatigued Train Operators – NBC4 Washington

/in


Metro’s train and bus operators could be coming to the job tired and physically unfit to perform their duties, according to a report issued Tuesday by the transit agency’s top safety watchdog. 

The Washington Metrorail Safety Commission flagged potential safety risks related to fatigued operators. Some of this could be because workers aren’t getting enough time off between shifts. 

In 2004, a Metro train at the Woodley Park station on the Red Line rolled backward thousands of feet. It crashed into another train, injuring 20 people. Video footage shows twisted, mangled wreckage. 

“It felt like an explosion. Everyone started running and screaming,” one man said. 

The train operator was found to have been tired and not alert, likely because of a lack of sleep. 

Almost 17 years later, the report issued Tuesday says Metro still isn’t doing enough to ensure that employees are rested and physically fit for the job.

“There are opportunities to improve the program to ensure that [operators] are as well rested as they can be. Again, this is a systemic audit – and we look at the systems, trying to give Metro every opportunity to prevent a safety event like a crash before it happens,” safety commission spokesman Max Smith said.

In addition to the 2004 crash, the safety commission pointed to lesser-known examples of train operator fatigue, including when workers have fallen asleep at the switch. 

Metro is reviewing the report and will respond with changes, a representative said. 

The transit agency has 30 days to address the issues.

Source…

US officials, experts fear China ransacked Exchange servers for data to train AI systems • The Register

/in


In brief The massive attack on Microsoft Exchange servers in March may have been China harvesting information to train AI systems, according to US government officials and computer-security experts who talked to NPR.

The plundering of these Exchange systems was attributed to Chinese government cyber-spies known as Hafnium; Beijing denied any involvement.

It’s said the crew exploited four zero-days in Redmond’s mail software in a chain to hijack the servers and siphon off data. And what started small turned into what Chang Kawaguchi, CISO for Microsoft 365, told NPR this month was the fastest scale-up of a cyber-attack he’d ever seen.

US government officials, and those in the infosec industry, are apparently concerned that, given the wide range of organizations targeted – from big biz to shops, dentists, and schools – the Chinese government could be trying to train machine-learning systems on mountains of Americans’ messages, calendars, and files.

And this Exchange harvesting is on top of the huge databases of personal information already swiped from the US government and the private sector.

“The Chinese have more data than we have on ourselves,” William Evanina, a former director of the National Counterintelligence and Security Center, was quoted as saying.

“So you have the OPM data breach,” he continued, “you have an entire security clearance file for someone, you have Anthem records, you have his Marriott point record, credit cards, Equifax, his loans, his mortgages, his credit score. They know everything about you before they even bump you on a cruise or on a vacation.”

Evanina spoke more on the threat from China here [PDF] before the Senate intelligence committee at the start of August, if you’re interested.

We hope you’ve patched ProxyToken, aka CVE-2021-33766, in July’s Patch Tuesday patch from Microsoft for Exchange…

Source…

Wiper Malware Used in Attack Against Iran’s Train System

/in


Critical Infrastructure Security
,
Cybercrime
,
Endpoint Security

Operational Security Mistakes Left Clues About Developer’s Skills, But Not Identity

Jeremy Kirk (jeremy_kirk) •
July 30, 2021    

Wiper Malware Used in Attack Against Iran's Train System
Tehran’s rail station. (Photo: Mostafa Asgari via Wikimedia Commons/CC)

Nearly three weeks ago, Iran’s state railway operator was hit with a cyberattack that was disruptive and – somewhat unusually – also playful.

See Also: Live Webinar | Improve Cloud Threat Detection and Response using the MITRE ATT&CK Framework


The attack caused train services to be disrupted as well as the transport ministry’s website to go down, Reuters reported.


But the attack wasn’t just designed for disruption. Attackers also programmed screens at train stations to show a number for travelers to call for more information about the problems.


The phone number, 64411, is for the office of Iran’s supreme leader, Ali Khamenei. In other words, as noted by Juan Andres Guerrero-Saade, a threat researcher at security firm…

Source…