Affected by the Yahoo hack? Here’s what you need to do:

If you have a Yahoo account, you should act fast. Just yesterday it was confirmed that hackers stole the personal data of half a billion Yahoo accounts in the most recent cyber-catastrophe. 

Details, including names, email addresses, phone numbers and security questions were stolen from the company’s network in late 2014. It's also now been revealed that passwords were also taken, but in a “hashed” form, with the company reporting they believe the financial information held with it remains safe, unless the hashed passwords are decrypted.

Yahoo believe this was a state-sponsored act – an increasingly common scapegoat following cyber hacks today. Although Yahoo are currently notifying those potentially affected by the hack, as a precaution you can take steps now to protect your data.

Below, we will identify these steps in order to secure your information now and in the future.

This is what you need to do:

Take back your account: If your Yahoo account has been compromised, the first thing you need to do is take it back. Hackers, may have also gone after your linked accounts so check them also. Below are a series of links to the most common social and mail platforms where you can take back your account.

·         Yahoo

·         Apple

·         Facebook

·         Google

·         Microsoft

·         Twitter

Report it to the police: If you believe you have been hacked and are now the victim of identity theft or fraud, file a report with Action Fraud. 

Change your passwords and security questions: Even if you haven't been hacked, change your password and security questions immediately. This is especially important if your email is connected in any way to your bank or a PayPal account. 

Additionally, you should look to change the passwords in any other account that uses the same or similar security information. This ensures hackers cannot access other accounts through your Yahoo information. It is also sensible to check your password recovery settings and ensure they have not been changed to a third party. 

Tell everyone you know: In this situation it is a common tactic for hackers to target friends and family of compromised accounts to extract financial gains. So spread the news to your friends and family. Not only will this help them inform you if they see unusual activity, but it may also spare them falling victim to a similar hack.

Be wary of emails from Yahoo: Now is the perfect time for cyber criminals to strike through a phishing attack. Avoid downloading or clicking links in any emails coming from Yahoo. Almost all malware is installed unknowingly by the victims themselves. 

Update your security settings and run a security scan: Make sure you run a virus scan and have the most recent security updates on your operating system. If you don't have an anti-virus application, invest in a high quality one like McAfee or Norton Antivirus. This is something you should be doing as best practice regardless of the issue.

Continue to review your activity: Just because you’ve gotten your account back, doesn’t mean you’re safe. Hackers often leave ‘backdoors’ so they or other hackers can regain access at a later date. Make sure you continually review any activity to make sure no emails are being forwarded or security questions have been changed.

De-authorise applications: Although it may be frustrating, de-authorising accounts that are in any way linked to your Yahoo account will be essential. Although many may deem this unnecessary, it certainly is a better idea than leaving an unknown individual in your system – even if it is just precautionary.   

How serious is this? And what does it mean for Yahoo?

The most serious concern for you as a Yahoo users is if the cryptographically hashed passwords were deciphered and used maliciously. Although the hashing scheme used to encrypt the passwords is known to be relatively tough, Yahoo have yet to release any details on it.

For Yahoo, this breach comes at the worst possible time. Earlier this summer, Yahoo had announced it was investigating a breach reported to involve 200m customers. The sudden increase to 500m means “Yahoo may be facing an existential crisis” with their “already besieged business execution issues and an enduring fire sale to Verizon, this may be the straw that breaks the camel’s back” according to Corey Williams from identity management software company Centrify.

Security researcher Kurt Baumgartner from Kaspersky Labs believes that Yahoo’s failings hardly come as a surprise: “It’s unfortunate that when we are talking about this organisation, a massive breach doesn’t come as a big surprise”. Baumgartner has also criticised Yahoo’s delayed response, citing it as characteristic if we look at their “delay in encrypting IM communications, implementing https for its web properties and more”.

Defend your network with the new Certified Network Defender certification

Today, EC-Council launches their highly anticipated Certified Network Defender qualification. This exciting new certification focusses on developing the critical skills needed to protect, detect and respond to attacks on your network. A much needed skillset in a world plagued by cyber attacks.  

In this post we'll take a closer look at the certification and why it's so crucial for the industry.

Businesses have woken up to the ever present threat of cyber attack 

In today’s growing technological world, organisations are painfully aware threat of cyber breaches and the inadequacies of their preventative measures. In fact, a Government study has found that 51% of UK businesses experienced a security breach in the past 12 months. UK Digital Economy Minister Ed Vaizey emphasised just how “crucial” security is, with “too many firms losing money, data and consumer confidence” as a result of the vast number of cyber attacks.  

While the number of cyber attacks spawn rapidly like infectious bacteria, the demand for individuals certified in cyber security has far out paced supply. Findings suggest that 7 of the 10 cyber breaches on UK companies could have been prevented, pointing at a lack of industry knowledge. Furthermore, 28% of organisations experienced a shortage of network security specialists and by 2019 its expected that the demand for cyber security skills will triple the supply of personnel available.  

What can the CND do?  

Why is it that some businesses lock their doors and put on an alarm, yet they leave their most valuable data completely unprotected? A businesses network is a businesses first line of defence against cyber attacks. Unfortunately, set up incorrectly, it can be an open to door to cyber criminals. Once they're in they can infect your database, install ransomware and compromise your applications.  

The CND, built from a common body of knowledge, focusses on defence.  It is made up of 14 of the most current network security domains, aimed at upskilling network administrators with the knowledge and skills to protect, detect and respond to network security threats. 

As network administrators are familiar with network components, traffic, performance and utilisation, network topology, location of each system and the security policies, they can play an increasingly significant role in becoming the first line of defence for any organisation.   

The course outline was devised by a series of surveys and industry related interviews with lead security managers to address the shortcomings within their existing workforce and organisation. The result is the following 14 modules: 

1. Computer network and defence fundamentals 
2. Network security threats, vulnerabilities and attacks 
3. Network security controls, protocols and devices 
4. Network security policy design and implementation  
5. Physical security  
6.  Host security  
7. Secure firewall configuration and management 
8. Secure IDS configuration and management 
9. Secure VPN configuration and management  
10. Wireless network defence 
11. Network traffic monitoring and analysis  
12. Network risk and vulnerability management 
13. Data recovery and back-up
14. Network incident response and management  

So what makes the CND so special? 

More than just a certification catered to the current needs of the market, the CND course boasts other impressive features: 

The course is made up of 50% hands-on labs and practical work. The benefit of this skills-based, lab intensive program is that you gain invaluable real-world experience in the event of a real breach.  

Unlike many other certifications, the CND course has shifted its focus from the technology used in security, to the operations and processes involved in securing a network. EC-Council liken this focus on operations over the transitory technology to learning mathematics without a calculator. Rather than mindlessly using technology, you’ll learn the why and the how. The benefit of this is that you’ll develop a more holistic, in-depth understanding of security that can help you better protect your organisation.  

Additionally, the CND being a vendor-neutral certification speaks again to the wide audience this certification will benefit as it means the skills can be taken away and transferred to the various technologies organisations use.  

Certification and Training Details 

Available now, Firebrand is delighted to launch the accelerated CND certification course alongside EC-Council.  

The course will be 4 days in duration including the exam, 20% faster than traditional training. As an official provider of EC-Council certifications, you will benefit from certified instructors, and official material giving you the best chance to pass.  

Having just been awarded EC-Council Accredited Training Centre of the Yearfor the eighth successive year, you know you're in safe hands. 

The Certified Network Defender credential has replaced EC-Council’s ENSA v4.0, which is set to be retired on March 13^th 2017.  

  

iPhone 7 cost by country breakdown

European countries citizens have to shell out the highest cost among all the countries when it comes to buying the iPhone 7 . Citizens of Hungary, Italy and Norway have to pay the highest amount in Europe to buy the latest iPhone 7 . Apple's latest iPhone will cost  256,058.64 Ft (£700) in Hungary, followed by Italy and Norway. European nations will have to pay almost 100 pounds more than the equivalent costs of the price of iPhone in the United States .

In the US, the same 32GB model starts at $649 (£487.75) and in Canada at $899 (£521.75).However taxation plays another big part in deciding the MRP to consumers

Apple's iPhone 7 prices for the UK and other nations in Europe includes  sales tax, but prices in the US and Canada don't include it due to state-by-state variations. In New York, for example the iphone 7 attracts a 8% sales tax  which makes the cost of iPhone  7 over $700 in NY. However in other states there is no sales tax.The iPhone 7 in  Germany costs Euro 583 , while costing Euro 699 in France. In Russia  Apple's latest piece of gizmo costs above 60,000 roubles in Russia . In Hong Kong consumers have to shell out  5,500 Hong Kong dollar to get the  iPhone 7. For Ireland and  Spanish consumers  their  iPhone 7 will come at a price of  Euro 650.

However New Zealand and Australia will pay a similar price  of around  900 Aus and NewZ dollars . Japanese users have to shell out over 60,000 yen  to get their hand on their iPhone 7 The iPhone 7  would cost Rs 54,000 in India .

Chinese first ever online wine festival set to rake in record eCommerce revenues

China is celebrating its biggest online food festival today "Its first ever online wine festival." With more that 100,000 wine and spirits offered across chinese online food ordering websites including ecomerce websites. Chinese ecommerce sites are hoping  a repeat of  world singles day which saw world record ecommerce revenues. The founder behind the event,Alibaba is expecting 100 million of its over 400 million-plus active buyers to take part in what has been dubbed as China’s first online wine festival.According to reports by Decanter China . The official Chinese term for the event is “Jiu Shui” which translates into “alcohol festival,” but wine traders are calling it “Wine Day” in China since the majority of the offerings is wine. Alibaba expects around

In June 2016, Alibaba announced the launch of Wine Direct, a division within Tmall where chateaux and producers will be able to sell directly to consumers in China. And just a week ago, Wine Australia launched a wine store on Tmall selling Australian wine direct to consumers.

social network messengers market growth : 2010 to 2016

 Social  media messengers are now bigger than their parent  social media companies. Whatsapp leads the social media messenger  market with just over a billion users, followed by Facebook messenger which also has now one billion users. Chinese social messenger service Wechat with with a little over 800 billion users rank no 3.Popular Asian messaging apps like WeChat, KakaoTalk, and LINE have  moved beyond  communication and has been able to  monetize the service using innovative services to attract and retain users.

Messenger has become an increasingly popular app for keeping up with friends. More than 10% of voice over IP (VoIP) calls occur on Messenger, and 17 billion photos are sent on the app each month. And interactions with businesses have risen sharply..

Discover the big name finalists named for EC-Council Foundation's InfoSecTech & Exec Awards 2016

Earlier this week EC-Council Foundation announced the finalists for their upcoming InfoSec Tech & Exec Awards Gala running at Hacker Halted on September 14th in Atlanta, GA

On 6th September, EC-Council Foundation announced the finalists for the prestigious upcoming InfoSec Tech & Exec awards. The event honours cyber security professionals, recognising those who represent the very best in their field. 

There are seven award categories across which the nominations are spread. These include Certified CISO (CCISO) of the Year, CISO of the Year, Innovative Security Project of the Year, Most Improved Security Program of the Year, Ethical Hacker of the Year, Penetration Tester of the Year, and Forensics Analyst of the year. Let’s take a closer look at the categories and the big names announced:

Certified CISO (CCISO) of the Year

This award recognises high level professionals, all of which carry the EC-Council Certified CISO credential. They were selected for their contributions to the CCISO community, as well as to the information security industry as a whole. Finalists include:

Richard Ryan II Hernandez, Information Security Officer at LafargeHolcim; Paul Horn, CISO at HD Vest Financial Services; Hung-Pin Hsieh, Senior Manager at Acer Inc.; Luis O. Noguerol, President & CEO at Advanced Division of Informatics & Technology, Inc.; and Niran Seriki, Senior Cyber Security Consultant for EU Institutions.

CISO of the Year

This award highlights professionals who have been nominated for their leadership and innovation in working to secure their organisation. This is achieved amongst a constantly changing landscape of threats. Finalists include:

Syed Azher, CISO at Impact Group; Medha Bhalodkar, CISO at Columbia University; Pavankumar Bolisetty, Global Head - Information Security at Wave Crest Holdings Ltd.; Jared Carstensen, Chief Information Security Officer at CRH plc.; Kok Kee Chaiw, Vice President, IT Security & Assurance IT Security & Assurance at MEASAT Broadcast Network Systems Sdn Bhd (ASTRO TV Malaysia); Bobby Dominguez, Chief Strategy & Security Officer at Lynx Technology Partners, Inc.; Youssef Elmalty, Head of Cyber Security at IBM; Aizuddin Mohd Ghazali, Group IT, Head, Risk & Security Management at Sime Darby Holdings Bhd; Amit Ghodekar, Vice President, CISO at Motilal Oswal Financial Services Ltd; Marvin Marin, Cyber Security Program Manager & Technical Advisor at NetCentrics; Michael Molinaro, CISO & VP at BioReference Laboratories, Inc., JR Reagon, former Global CISO at Deloitte; and Eric Svetcov, AVP, Information Security & CSO at MedeAnalytics.

Innovative Security Project of the Year

This award will recognises a cyber security project that showed an advanced difficulty level while innovating with methods or solutions to support the business goals of its organisation. The finalists include:

Chen Heffer, Cyber Security Officer and his team at the Douglas County Government; Dan Nagle, Senior Software Engineer at Harman Professional Solutions; and Niran Seriki, Senior Cyber Security Consultant at EU Institutions.

Most Improved Security Program of the Year

This exciting award recognises the impact strong leadership can create in securing an organisation when the correct frameworks, policies, and governance are put in place. The finalists for this award include:

Chad Cottle, Chief Information Security Officer and his team at City of Lexington, KY; Juan Gomez-Sanchez, Chief Security Officer at Lennar Corporation; Brenda McAnderson, Chief System Sustainment at System Sustainment, National Cybersecurity Protection System (NCPS), Network Security Deployment (NSD), Office of Cybersecurity and Communications (CS&C), U.S. Department of Homeland Security (DHS); Paul Medici, Director at Fidelity; and Preston Werntz, Chief, Technology Services Division at U.S. Department of Homeland Security, Office of Cybersecurity and Communications.

Technical awards

The following awards focus on the technical expertise of cyber security professionals. This is the first time EC-Council Foundation is awarding these categories.

Ethical Hacker of the Year

This award resonates strongly with EC-Council Foundation’s mission of global cyber security, reinforced by the Certified Ethical Hacker certification. The award highlights the critical role that ethical hackers play in identifying, reporting and patching weaknesses in the world’s cyber infrastructure. The finalists include: 

Marc Rogers Information Security & IT Expert at CloudFlare, Ankur Chandrakant, Cyber Security & Forensics Expert at Cyber Radix Academy for Future Technology; Zechariah Akinpelu, Team Lead, Application and Database Security Control at Fidelity Bank PLC; Christopher Chavez, Cyber Security Consultant at Avyara Information Systems; and Ali Tabish, Sr. Information Security Analyst at Moon International Pak Pvt Ltd.

Penetration Tester of the Year

This award recognises the professional pen tester who embodies the very best principles of penetration testing. They do this by contributing to the industry and the positive view of information security professionals. The finalists are:

Bassem Helmy, Senior Security Consultant at Deloitte Middle East; Bastien Treptel, Director at Ctrl IT Pty Ltd; Srinivasan Subramaniam Muthukondapuram of Consulting Private Limited, Jonathan Paz Gamer & Black Box Pen Tester at RootByte; and Shitesh Sachan, Sr. Lead Application Security at hCentive.

Forensics Analyst of the Year

This award recognises the professional showing exemplary work in forensics analysis through innovation and meticulous performance of duties. The finalists include:

Andrew Case, Director of Research at Volexity; Ahmed Fawzy, Information Security Manager at Raya Contact Center; Muhammad Nuh Al-Azhar, Superintendent Police - Chief of Computer Forensic Lab. at Indonesian Police Forensic Laboratory Centre; Manish Aggarwal, Netowrk Security Analyst at Total IT Solutions Education Organization; and Yamikani Gogo Wilfred Hauya, Systems Support Officer at Malawi Revenue Authority.


The InfoSec Tech & Exec Gala will precede Hacker Halted, EC-Council Foundation’s largest annual cybersecurity conference, as well as the Global CISO Forum, the Foundation’s premier executive-level event. Tickets are still available for both events.

Indian wearable market shipped 567,000 devices in q2, registering 42% growth

Wearable market in India grows by 41.9 percent in Q2, 2016: IDC

The wearable devices in Indian market is turning out to the latest tech device that has started to show traction, with wearable's shipments touched 557,000, with a 42% growth rate in the quarter 2016 q2. according to IDC. Out of the total device sold, 16% were sold by  GOQi, edging out Xiaomi which ranked second with 10% device share, followed by with Fitbit's 6.7%.

According to IDC’s “Worldwide Quarterly Wearable Device Tracker” report, the total shipment in the second quarter stood at over 567,000 units of which the basic wearables, defined as those which cannot run third-party applications, contributed nearly 94 percent. There is even a new entrant to the top 5 list in Indian wearable market. Garmin made an entry to the top five with a 1.4 percent share and Huawei stood fifth with 1.0 percent market share. Domestic consumer electronics company Intex held a significant chunk in the “others” category and was one of the major drivers of the market,

10 biotech start ups making waves in silicon valley

 

Within the  two-square-mile patch of South San Francisco bustles with over 70 biotech firms, including Genentech, Amgen and Exelixis, an equally influential geography has grown along the Lemanic Arc of Switzerland and into the heart of Basel, where pharma giants like Novartis, Actelion and Roche (which acquired Genentech in 2009) have their headquarters. 
The biggest biotech start up with over $9 billion valuation is undoubtedly Theranos.  Its breakthrough advancements have made it possible to quickly process the full range of  240 tests lab tests from a few drops of blood. However some of the newer wave of biotech start ups are pushing the limts of science, take for example Twist Bioscience which is developing data storage for synthetic DNA . Another new kid on the block which has caught investors eye is Koniku . The start up is specializing in neuro-computing by building co-processors made of biological neurons that work alongside traditional silicon processors.

Last year was the biggest ever for venture capital funding into the biotech sector with over $7.4bn invested, according to a report from MoneyTree, The most popular food tech startup,  is Hampton Creek, which is trying to reinvent mayonnaise, has reportedly stretched the truth of their science by  creating food by eliminating animal products.One of the things they are trying to do is to replace eggs with by growing plants in a lab has already raised $120million

Cisco updated their CCNA Routing & Switching Certification - Here’s everything you need to know:

On the 17^thof May Cisco announced some major changes to their flagship CCNA Routing & Switching certification moving from version 2 to 3 – here’s a breakdown of everything you need to know about the new and improved version 3.

What is the CCNA Routing & Switching?

The Routing & Switching certification aims to teach you the knowledge and skills needed to install, operate and troubleshoot a small-to-medium enterprise branch network as well as the basic network security and complex connections. The course is made up of ICND1 (CCENT) and ICND2 (CCNA), which collectively equate to the CCNA.   

Why has the CCNA Routing & Switching Certification been updated?

Although characteristic of Cisco to update their leading courses every four to five years, Pim Leemans, Cisco instructor, suggests there are additional reasons behind the revamp. “The way we learn has been changing a lot in previous years. Unlike before there will be less theory and more learning by just doing”. Cisco reflect these changes in learning through the introduction of Discovery and Challenge Labs, which teach and test students through practical tasks. Cisco state that the developments of the Routing & Switching certification also aims to meet the advancements in technology and better empower IT professionals with “the understanding of software defined networking (SDN) and the integration of virtualised resources utilised in Enterprise network architectures”.

What do the changes look like?  

Routing & Switching v2.0		Routing & Switching v3.0
Course	Exam	Course	Exam
Interconnecting Cisco Network Devices Part 1 (ICND1)	100-101 ICND1	Interconnecting Cisco Network Devices Part 1 (ICND1)	100-105 ICND1
Interconnecting Cisco Network Devices Part 2 (ICND2)	200-101 ICND2	Interconnecting Cisco Network Devices Part 2 (ICND2)	200-105 ICND2
Composite CCNA	200-120 CCNA	Composite CCNA	200-125 CCNA

Aside from the changes in the exam numbers, the content of the Routing & Switching certification has changed.

Changes from ICND1 v2.0 to ICND1 v3.0:

Pim Leemans describes the largest changes within ICND1 as the treatment of RIP as the only routing protocol and subjects on device management being moved from ICND2 to ICND1.  

Key topics removed or moved to ICND2:

• OSPF (single area) and other OSPF topics were moved to ICND2 since RIP is used to introduce CCENT candidates to IP routing protocols.
• Dual Stack was removed as there are multiple IPv4 and IPv6 transition technologies being used.
• Cisco Express Forwarding (CEF) has been removed.  

Key topics added:

• High level knowledge of the impact and interactions of infrastructure components, such as:
• Firewalls
• Access Points
• Wireless Controllers
• An awareness of the Collapsed Core architecture instead of the traditional three-tier architectures. This effectively joins Distribution and Core into a single tier with Access as a second tier.  
• Required to configure and verify IPv6 Stateless Address Auto Configuration (SLAAC).
• Added Anycast to the list of IPv6 addressing types.
• Required to have knowledge of Link Layer Discovery Protocol (LLDP). An L2 discovery protocol used in addition to Cisco Discovery Protocol.
• RIPv2 for IPv4 serves as a primary focus for routing protocols.
• Added requirements to understand DNS and DHCP related connectivity issues.
• Understanding of Syslog message logging for device monitoring.
• Skills and knowledge for backing up and restoring device configurations.

Changes from ICND2 v2.0 to ICND2 v3.0

Pim Leemans believes the ICND2 “has changed the most” with the emphasis on outdated technologies such as Frame Relay being replaced by Multi-Link PPP and PPPoE. The more challenging subjects of EBGP, RADIUS and Tacacs+ authentication are now also addressed.

Key topics removed:

• Frame Relay and Serial WAN technology has been omitted
• Only HSRP remains from First Hop Redundancy Protocols (VRRP and GLBP removed).

Key topics added:

• Required to have knowledge of dual-homed vs single-homed Intelligent WAN topology options.
• Need basic knowledge of external BGP (eBGP) used to connect Enterprise branches.
• VPN topics now include; DMVPN, Site-to-Site VPN and Client VPN in common Enterprise use.
• Must have an understanding of how Cloud resources are being used in Enterprise network architectures e.g.
• How Cloud services will affect traffic paths and flows
• Common virtualised services and how these coexist with legacy infrastructure
• Basics of virtual network infrastructure (Network Function Virtualisation)
• Awareness of Programmable Network (SDN) architectures including:
• Separation of the control data plane
• How a controller functions and communicates northbound to network applications and southbound to the R&S infrastructure using API’s.
• Using Path Trace applications for ACLs, which is an essential new network application enabled by the Application Policy Infrastructure Controller – Enterprise Module (APIC-EM).
• The tool is designed to automate the troubleshooting and resolution of complex ACL deployments.
• Understanding QoS concepts related to marking, shaping and policing mechanisms for congestion management.
• Need an understanding of how QoS is used for prioritising voice, video and data traffic. Plus an understanding of the automation provided by programmable networks to implement business critical QoS policies.  

For even more detail on the curriculum changes:

What does this mean for the old exams?

The exams 100-101 ICND1 and 200-120 CCNA can no longer be taken (August 20^thdeadline). The ICND2 exam, however, can still be taken until the 24^thof September this year.

Can I combined exams?

Yes, if you already have the ICND1 (CCENT) certification v2.0 then you can get the ICND2 (CCNA) certification v3.0 and still end up with your CCNA qualification.