Author

IT Blogr

Browsing

The CVE or Common Vulnerabilities and Exposures, a platform aimed at sharing details about  Zero-day and disclosed vulnerabilities.

Webopedia also defines CVE as a dictionary-type list of standardized names for vulnerabilities and other information related to security exposures. CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.

Useful tips about CVE:

  • It is run by the MITRE Corporation, a non-profit organization. (attack.mitre.org)
  • The CVE aims to share vulnerability information easily and provide a standard for naming them.
  • The CVE IDs are in the format ‘CVE-YYYY-NNNNN’, where YYYY stands for the year the vulnerability was made public or the CVE ID was assigned.
  • It also provides the Common Vulnerability Scoring System (CVSS) that defines the severity of a disclosed security flaw. The CVSS score ranges from 0.0 to 10.0; a higher score indicates a higher severity level.
  • The common vulnerabilities and exposures (CVE) program has been around for quite some time now, helping organizations improve their cybersecurity posture by providing a wealth of knowledge about vulnerabilities and exposures.
  • It creates a standardized identifier for every vulnerability or exposure disclosed, so they can be accessed easily across multiple sources.

In this article, we’ll explore the basics of CVE. But before that let’s quickly recap what vulnerabilities and exposures are.

Vulnerability

Vulnerability is a security flaw that may be exploited to perform cyber attacks. Criminals use a number of ways including SQL injection, cross-site scripting, and buffer overflows to look for vulnerabilities to exploit.

Many organizations invest in specialized teams that test for vulnerabilities and provide security patches. The causes of vulnerability include weak passwords, operating system flaws, unintentional development bugs, and unchecked user input, among others.

Exposure

Exposures are unintentional issues or errors that allow unauthorized access to a network or system.

Some of the massive data breaches are the result of exposures. A recent example of this is a record showing data breaches and cyber attacks in October 2019  alone, where 421 million records were breached.

These attacks usually come in form of Cyber attacks, Ransomeware, Data breaches, Financial information or PII data leaks,  malicious insiders and miscellaneous incidents

CVE: Weighing the benefits and risks

CVEs are publicly available and may be exploited by malicious actors to launch cyberattacks. However, the benefits overshadow this risk.

  • CVE only lists publicly disclosed vulnerabilities and exposures. This allows individuals and organizations to be aware of the security flaws and available patches.
  • While organizations need to take care of several vulnerabilities to ensure security, a hacker needs to find just one flaw to exploit. This reinforces the importance of sharing details about vulnerabilities and exposures.

This article provides an elemental outline of CVE. For more details, you can refer to the official CVE website.

Bitcoin, The world’s most popular cryptocurrency sank to $6,558.14 on Monday, its lowest level since May, according to industry site CoinDesk. It lost $3,000 in value in just a month as China accelerated a crackdown on businesses involved in cryptocurrency operations, a reversal from President Xi Jinping’s previous signal to be more open to the blockchain technology. The coin last traded at $7,150.79.

Bitcoin jumped to above $10,000 briefly last month after Xi sang the praises of blockchain in a speech and called on his country to advance development in the field. However, on Friday, China’s central bank, the People’s Bank of China, pledged to continue to target exchanges and asked investors to be wary of digital currencies.

Beijing has taken a tough stance on cryptocurrencies, banning a fundraising exercise known as an initial coin offering and forcing local trading platforms to shut down in 2017.

“This was one of the worst weeks in the history of digital assets,” Jeff Dorman, chief investment officer of Arca, told CNBC. “The market is clearly in contraction, with no new money coming in to soak up the supply.”

Still, bitcoin has doubled in price since the beginning of the year, marking a significant turnaround from last year, when the digital coin tanked to as low as $3,122. It got a boost this summer after Facebook announced its own planned libra cryptocurrency, which analysts say has contributed to positive sentiment around bitcoin and boosted its price.

Bitcoin has a history of strong comebacks from big sell-offs, Dorman noted. The cryptocurrency gained 70% in the four months following a 16% loss in 2016 and similarly an 89% gain in the four months after a 22% sell-off in 2015, Dorman said.

Bitcoin is nowhere near its all-time high, near $20,000 in December 2017 or following any specific pattern as predicted by elf acclaimed cryptocurrency experts in recent years.

Source: CNBC

The median annual pay for information technology professionals was about $84,000 as of 2017, according to the U.S. Bureau of Labor Statistics. This is more than double the median annual pay for all professions combined. Computers play a part in multiple functions for nearly all professions, and somebody has to take care of them all, making the IT profession a growing one. BLS projects the industry to add more than half a million jobs during the decade ending in 2026.

Most of the highest paying IT jobs require some form of certification, though, so it’s important to know what type of training will be necessary depending on the specific IT career you are pursuing.

1 CRISC: Certified in Risk and Information Systems Control

According to the Information Systems Audit and Control Association (ISACA), this certification ensures that the holder is well-versed in risks to information systems, then designing/implementing solutions. This certification, according to the IT Skills and Salary Report, has an average salary of $119,227 per year and is a good certification for those interested in Information Systems Security positions.

2. CISM: Certified Information Security Manager

Another ISACA certification, the CISM certification recognizes proficiency in information security management, as someone who manages, designs, and assesses information security for a given organization. This certification has some prerequisites, such as existing certifications like GIAC. According to the Skills and Salary Report, holders of this certification earn an average of $118,348 per year.

3. Certified Information Systems Security Professional (CISSP)

Like CRISC and CISM above, this certification recognizes proficiency in security and risk management, as well as software development security. The average annual reported salary for holders of this certification is $110,603.

4. PMP: Project Management Professional

With an average annual salary of $109,405, the PMP certification from the Project Management Institute (PMI) ensures that, according to the PMI, “you speak and understand the global language of project management.”

5. CISA: Certified Information Systems Auditor

Another IASCA certification, the CISA ensures that Information Systems auditors have the skills necessary to evaluate systems and follow best practices to “support trust in and value from information systems.” The average salary of CISA holders is $106,181.

6. CCDA: Cisco Certified Design Associate

The CCDA is Cisco’s certification for network design. Make sure you’re certified with another Cisco certification (such as CCNP Routing and Switching or any CCIE certification), as it’s a requirement for the CCDA. The average income of a CCDA holder is $99,701. This certification, along with the CCNP, is good to have if you’re interested in becoming a network engineer

7. CCNP Routing and Switching

At $97,038 per year average annual salary, the CCNP Routing and Switching certification is good for someone with at least one year of networking experience and ensures that the holder can implement and maintain wide-area networks and work with specialists on solutions.

8. MCSE: Microsoft Certified Systems Engineer

Microsoft has changed the nature of the Microsoft Certified Solutions Expert to be more of a wide-ranging certification focusing on implementing technology over a wide variety of versions instead of one focused on specific disciplines. However, an MCSE is still a highly respected certification to obtain, and the average salary for MCSE holders is $96,215 per year.

9. ITIL v4 Foundation

The updated ITIL v4 certification—the ITIL Master—recognizes those who can apply ITIL concepts of quality IT solutions in real-world situations. The average annual salary for ITIL Master certification holders is $95,434.

10. Certified Ethical Hacker (CEH)

CEH is a vendor-neutral (not tied to any brand) certification for information technology workers who wish to specialize in “legally” hacking malicious hackers, using the same knowledge and tools that malicious hackers use. Two years of security-related experience is preferred before receiving a CEH. The average annual salary for CEH holder is $95,155.

11. CompTIA Security+

The CompTIA Security+ which has come to stay for  very long time stands at an average salary that  varies according to the designation, experience and background. According to PayScale, the average salary range of a network engineer with this cert varies from$42,128 – $95,829.

The universal adoption of mobile devices in business environments has created new attack vectors that organizations struggle to address. A new report from CrowdStrike, the “Mobile Threat Landscape Report: A Comprehensive Review of 2019 Mobile Malware Trends,” offers a deep-dive into some of the threats that plague mobile devices, and provides recommendations for how organizations can best secure their data and networks against mobile threats.

CrowdStrike’s Mobile Threat Report details how mitigating the risks has become even more urgent because of the rapid adoption of mobile devices worldwide. In some regions, such as Latin America, mobile devices have surpassed desktop computing as a source for both business and personal use, including email access, banking and authentication, making mobile security an even more pressing issue.

CrowdStrike’s report offers an overview of the key types of malware observed so far in 2019 and the deployment mechanisms adversaries typically use. It also identifies the adversary groups and unaffiliated criminal actors that target mobile devices and how their tactics — and the mobile threat landscape in general — are evolving. The report includes valuable recommendations that can help you better secure your organization against mobile threats.

Loader Loading...
EAD Logo Taking too long?
Reload Reload document
| Open Open in new tab

The nation’s intelligence community warned in its annual assessment of worldwide threats that climate change and other kinds of environmental degradation pose risks to global stability because they are “likely to fuel competition for resources, economic distress, and social discontent through 2019 and beyond.”

Released Tuesday, the Worldwide Threat Assessment prepared by the Director of National Intelligence added to a swelling chorus of scientific and national security voices in pointing out the ways climate change fuels widespread insecurity and erodes America’s ability to respond to it.

“Climate hazards such as extreme weather, higher temperatures, droughts, floods, wildfires, storms, sea level rise, soil degradation, and acidifying oceans are intensifying, threatening infrastructure, health, and water and food security,” said the report, which represents the consensus view among top intelligence officials. “Irreversible damage to ecosystems and habitats will undermine the economic benefits they provide, worsened by air, soil, water, and marine pollution.”

Loader Loading...
EAD Logo Taking too long?
Reload Reload document
| Open Open in new tab

Reshaping Intel Operations in the Cyberspace – DoD