Monday, May 16, 2016

LinkedIn Job Search Coaching Results


My LinkedIn Coaching clients are taught how to build their LinkedIn profile so it is attractive to recruiters and hiring authorities.  

These results belong to a Resume Writing client who also took advantage of my LinkedIn Coaching services.  Out of 1,599 people in his company, his LinkedIn Profile sits in the top 1% of profiles viewed.  

This top 1% ranking has everything to do with the LinkedIn Coaching this particular client received from Jeff Snyder Coaching.

Sunday, May 15, 2016

Cybersecurity Vulnerability and Patch Report for May 15, 2016


 CYBERSECURITY VULNERABILITY

AND PATCH REPORT

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP

Important Security Updates

7-Zip: 7-Zip.org has released version 16.00 (32-bit and 64-bit). Updates are available from 7-Zip’s website.
Adobe Flash Player:  Adobe has released version 21.0.0.242 to fix at least 25 vulnerabilities. Updates are available from Adobe’s website. Updates are also available for Adobe AIR and Acrobat.
Adobe Reader: Adobe has released version 2015.016.20039. Updates are available through the program’s Help menu/Check for Updates or from Adobe’s website.
Dropbox: Dropbox has released version 3.20.1 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel’s warning below]
Google Chrome: Google has released Google Chrome version 50.0.2661.102. Updates are available from within the browser or from Google Chrome’s website.
LastPass for Windows: LastPass has released version 4.1.9 of LastPass for Windows. Updates are available from the LastPass website.
Microsoft Patch Tuesday:  Microsoft’s Patch Tuesday released 16 updates to address at least 33 vulnerabilities, some of which are highly critical within Windows operating systems, Internet Explorer, Office, and other Microsoft products.  Additional details are available at Microsoft’s website.
Opera: Opera has released version 37.0.2178.43. Updates are available from within the browser or from Opera’s website.

Current Software Versions

Adobe Flash 21.0.0.242 [Windows 7: IE, Firefox, Mozilla]
Adobe Flash 21.0.0.242 [Windows 8: IE]
Adobe Flash 21.0.0.242 [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader DC 2015.016.20039
Dropbox 3.20.1 [Citadel warns against relying on security of Dropbox or other cloud-based file exchange systems. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the master Dropbox [or other] password be at least 15 characters long and different from other passwords.]
Firefox 46.0.1 [Windows]
Google Chrome 50.0.2661.102
Internet Explorer 11.0.9600.18161
Java SE 8 Update 91 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
QuickTime 7.7.9 [Citadel recommends removing QuickTime. On April 14, US-CERT advised Microsoft Windows users to remove QuickTime. This followed a report in ars technica that Apple has no plans to update the Windows app despite at least two reliable QuickTime vulnerabilities that threaten Windows users who still have the program installed.]
Safari 9.1 [Mac OS X Mavericks, Yosemite, El Capitan]
Skype 7.23.0.105

For Your IT Department

Cisco Multiple Products: Cisco reports patched vulnerabilities in its Cisco Industrial Ethernet 4000 Series Switches when running Cisco IOS Software Releases 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, or 15.2(4)EA and Industrial Ethernet 5000 Series Switches when running Cisco IOS Software Releases 15.2(2)EB or 15.2(2)EB1.  Apply updates.  Cisco also reports unpatched vulnerabilities in its Cisco Cloud Network Automation Provisioner Releases 1.0 and 1.1. No workarounds are available.  Additional details are available at Cisco’s website.
McAfee ePolicy Orchestrator: McAfee update fixes multiple Oracle Java vulnerabilities. Make update.  Additional details are available at McAfee’s website.
Novell Open Enterprise Server: Novell has released an update to fix multiple vulnerabilities in its Open Enterprise Server versions 11.2 and 2015 (OES 11 SP2 and OES 2015).  For version 11.2 apply patches oes11sp2-May-2016-Hot-Patch-10897 and oes11sp2-ImageMagick-10915.  For version 2015 apply patches oes2015-May-2016-Hot-Patch-10896 and oes2015-ImageMagick-10914.  Additional details are available at Novell’s website.
WordPress: WordPress has released version 4.5.2. Updates are available from within the application or from the WordPress website.
If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.
If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2016 Citadel Information Group. All rights reserved.

Jeff Snyder’s, SecurityRecruiter.comJeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810


Cybersecurity News for the Week of May 15, 2016

 CYBERSECURITY NEWS

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP

 

Individuals at Risk

Identity Theft

Crooks Grab W-2s from Credit Bureau Equifax: Identity thieves stole tax and salary data from big-three credit bureau Equifax Inc., according to a letter that grocery giant Kroger sent to all current and some former employees on Thursday. The nation’s largest grocery chain by revenue appears to be one of several Equifax customers that were similarly victimized this year. KrebsOnSecurity, May 6, 2016

Cyber Privacy

Ukraine hackers name thousands of journalists: Press freedom advocates have blasted a Ukrainian initiative tied to the Ministry of Interior that published the names of journalists who reported from war-torn territory controlled by Russian-backed separatists. USA Today, May 13, 2016
As ‘Sextortion’ Proliferates, Victims Find Precarious Place in Legal System: WASHINGTON — Ever since law enforcement started seeing cases in the early 2000s, the crime known as sextortion has proliferated on the Internet, altering the lives of thousands and ensnaring victims from college campuses to military bases. The New York Times, May 10, 2016

Cyber Update

Adobe, Microsoft Push Critical Updates: Adobe has issued security updates to fix weaknesses in its PDF Reader and Cold Fusion products, while pointing to an update to be released later this week for its ubiquitous Flash Player browser plugin. Microsoft meanwhile today released 16 update bundles to address dozens of security flaws in Windows, Internet Explorer and related software. KrebsOnSecurity, May 10, 2016

Cyber Danger

Tumblr Requires Password Reset after Stolen Passwords Found Online: Yahoo has forced a password reset on Tumblr account holders after it discovered that someone had accessed email addresses, and salted and hashed passwords from early 2013. ThreatPost, May 13, 2016,

Information Security Management in the Organization

Cyber Security Management – C Suite

Bringing behavioral science & economics to the fight against cyber crime: As cyber attacks grow ever more sophisticated, those who defend against them are embracing behavioral science and economics to understand both the perpetrators and their victims. Scientific American, May 12, 2016
Bank of England CISO Tells Management: Cybersecurity Can’t Be Solved Technology Alone: Will Brandon said, though, that it is up to individual firms to work out how serious cyber risks are relative to other risks they face and the steps they need to take manage those risks. Out-Law.com, May 12, 2016
Educating C-suites and corporate boards on security risks: C-suites and boards of directors are increasing their knowledge of IT security risks and needs – before a breach happens. SCMagazine, May 6, 2016

Cyber Awareness

6 Common Phishing Attacks and How To Avoid Them: Phishing attacks have cost US companies somewhere between £508m and £1.43bn over the past two years, as clear a signal as any that email scams are to be taken seriously. While perhaps the most familiar phishing scam, ‘deceptive phishing’, is a simple case of hackers sending fake emails which appear to be from trustworthy companies asking for log-in or bank details, other types of fraud have evolved from this technique and require greater levels of vigilance. Information Security Buzz, May 10, 2016

Cyber Crime

6 Shocking Intellectual Property Breaches: Typically, the measuring stick for the size and severity of a breach lies in exactly how many personally identifiable information (PII) records were exposed. With well-established legislation mandating transparency to customers and citizens when their information is lost by an organization, these stats are always made public, and such numbers are easily comparable between incidents. DarkReading, May 12, 2016
Wendy’s: Breach Affected 5% of Restaurants: Wendy’s said today that an investigation into a credit card breach at the nationwide fast-food chain uncovered malicious software on point-of-sale systems at fewer than 300 of the company’s 5,500 franchised stores. The company says the investigation into the breach is continuing, but that the malware has been removed from all affected locations. KrebsOnSecurity, May 11, 2016
Experts Comments on Data Breach at British Retailer Kiddicare: British retailer Kiddicare has suffered a data breach in which the personal details of nearly 800,000 customers have been stolen. The company said that the data had been taken from a version of its website that had been set up for testing purposes at the end of 2015. Customers have reported suspicious text messages that have not been sent by Kiddicare, suggesting that the hackers are using the personal details for targeted scams. Here to comment on this news are security experts from QA, Blancco Technology Group and WhiteHat Security. Information Secuirty Buzz, May 10, 2016
FDIC reports five ‘major incidents’ of cybersecurity breaches since fall: The Federal Deposit Insurance Corp. (FDIC) on Monday retroactively reported to Congress that five additional “major incidents” of data breaches have occurred since Oct. 30. FDIC also is launching “a new initiative to enhance security.” The Washington Post, May 9, 2016

Cyber Warning

CERBER RANSOMWARE ON THE RISE, FUELED BY DRIDEX BOTNETS: Starting in April security experts at FireEye spotted a massive uptick in Cerber ransomware attacks delivered via a rolling wave of spam. Researchers there link the Cerber outbreaks to the fact that attackers are now leveraging the same spam infrastructure credited for making the potent Dridex financial Trojan extremely dangerous. ThreatPost, May 13, 2016
US-CERT urges IT departments to patch actively exploited critical SAP Java vulnerability: A vulnerability in SAP Java platforms is being actively exploited, despite having been patched in 2010, DHS reported. The alert noted three dozen global enterprises have been breached by attackers using the unmitigated vulnerability, which was reported by the Boston-based application security firm Onapsis Inc. SearchSecurity, May 13, 2016
No more get-out-of-jail-free card for CryptXXX ransomware victims: For the past month, people infected with the CryptXXX ransomware had a way to recover their files without paying the hefty $500 fee to obtain the decryption key. On Tuesday, that reprieve came to an end. ars technica, May 11, 2016

Cyber Defense

Out-of-band backups, rigorous patching and staff awareness key tools to fending off ransomware: Aggressive ransomware strains such as TeslaCrypt 2.0 have spread across the globe, causing havoc. How can organisations best protect their networks against these troubling new breeds of ransomware? InformationAge, May 9, 2016
US-CERT update on ransomware includes updated guidance on offline backups: In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. US-CERT, March 31, 2016

Cyber Security in Society

Cyber Privacy

Changing Consumer-Technology Interactions: The Rise Of CyberSecurity And Data Privacy: As high-profile data breaches become more frequent — think Target TGT -2.28%, Ashley Madison and even Anthem ANTM -0.42% (the second-largest health insurer in the U.S.) — consumers are starting to care about how their data is being protected. Forbes, May 13, 2016
Americans cutting back on online activity over security and privacy fears: Nearly half of all Americans have not carried out a normal online task because of security and privacy fears, according to a new survey by the US government. … Forty-five per cent of the 41,000 households contacted said they had decided not to do online banking, or buy goods online, or post on social networks because they were worried about what might happen. Just under a third of them said they had stop several of those activities over the same fears. The Register, May 13, 2016

Cyber Underworld

Botnet herders have own disaster recovery plans : Over the past few years, police in Europe and the United States have scored some notable botnet-busting successes, disrupting malicious infrastructure and in some cases also identifying and arresting the “botnet herders” and other cybercriminals involved (see Dorkbot Botnets Get Busted). BankInfoSecurity, May 13, 2016
Carding Sites Turn to the ‘Dark Cloud’: Crooks who peddle stolen credit cards on the Internet face a constant challenge: Keeping their shops online and reachable in the face of meddling from law enforcement officials, security firms, researchers and vigilantes. In this post, we’ll examine a large collection of hacked computers around the world that currently serves as a criminal cloud hosting environment for a variety of cybercrime operations, from sending spam to hosting malicious software and stolen credit card shops. KrebsOnSeurity, May 12, 2016

Cyber Readiness

Facebook’s plan to train a new generation of cybersecurity pros: The social media giant is making its ‘Capture the Flag’ security challenge publicly available to encourage high schools and colleges to use gaming as a way of training hackers. The Christian Science Monitor, May 13, 2016

National Cyber Security

How ISIS recruits online — using encryption, chat rooms and even dating sites: When Sheera Frenkel started observing ISIS online, she was surprised by how ordinary the conversations were. “They use a lot of emojis,” Frenkel says. “A lot of these channels are just a bunch of dudes mansplaining the Internet to each other.” PRI, May 13, 2016
How U.S. “Cyber Bombs” against Terrorists Really Work: Recently, United States Deputy Defense Secretary Robert Work publicly confirmed that the Pentagon’s Cyber Command was “dropping cyberbombs,” taking its ongoing battle against the Islamic State group into the online world. Other American officials, including President Barack Obama, have discussed offensive cyber activities, too. Scientific American, May 13, 2016

Cyber Lawsuit

Mozilla Presses Government to Reveal Firefox Vulnerability: Mozilla wants the U.S. government to provide it with information about a possible unpatched vulnerability in its Firefox browser, which was used by the FBI as part of a large child pornography investigation. BankInfoSecurity, May 13, 2016

Financial Cyber Security

Details Emerge on Global Bank Heists by Hackers: Just how securely are banks moving money around the world? … New details emerged on Friday about a pair of related attacks on banks that use the Swift message service, which allows financial firms and companies to transfer payments around the world. New York Times, May 13, 2016
SWIFT WARNS OF SECOND BANK ATTACK VIA PDF MALWARE: News of yet another attack involving a bank and SWIFT, the financial network used by thousands of banks to transfer funds, came to light Thursday as investigators continue to probe a separate $81 million heist in February involving the network and the central bank of Bangladesh. ThreatPost, May 13, 2016
Commercial Bank of Ceylon Apparently Hacked: Commercial Bank of Ceylon, based in Colombo, Sri Lanka, has apparently been hacked, with its data posted online May 12 by the Bozkurtlar hacking group, which has also posted seven other data dumps from banks in the Middle East and Asia since April 26. BankInfoSecurity, May 13, 2016
SWIFT to Banks: Get Your Security Act Together: The guidance was issued as finger-pointing has intensified over who’s responsible for the failures that led to the theft of $81 million from the Bangladesh central bank’s New York Federal Reserve account in February (see SWIFT Warns Banks: Coordinated Malware Attacks Underway). BankInfoSecurity, May 12, 2016
New Breach Reported in Global Bank Network: Thieves have again found their way into what was thought to be the most secure financial messaging system in the world and stolen money from a bank. The crime appears to be part of a broad online attack on global banking. The New York Times, May 12, 2016
The Anatomy of a Banker Malware – Unraveling Marcher: Recently, the Check Point research team had the opportunity to analyze a mobile banker malware attack from end-to-end. Our team managed to lay hands on the infiltration vector, the malware itself, and the attacker’s Command and Control (C&C) servers. This attack gave us a rare chance to understand the full flow of an attack from infiltration to theft. Information Security Buzz, May 6, 2016

Internet of Things

Researchers spot bugs in toys that could expose personal data: Researchers at Rapid7 discovered vulnerabilities in Fisher-Price’s Smart Toy and hereO’s GPS platforms that could allow an attacker to collect the personal information of a user. SCMagazine, February 2, 2016

Cyber Research

IBM’s Watson Has a New Project: Fighting Cybercrime: IBM’S WATSON SUPERCOMPUTER hardly needs any more resumé-padding. It’s already won Jeopardy, written a cookbook, and dabbled in revolutionizing healthcare. The next stop in its storied career? Tackling cybercrime. Wired, May 10, 2016

Jeff Snyder’s, SecurityRecruiter.comJeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810



Friday, May 13, 2016

Security Consultant: Application Security Penetration Testing, Arlington, VA


Security Consultant, Ethical Hacking / Penetration Testing

Location: Arlington, VA (convenient to the Metro)
Compensation: Hourly, W2 or Corp to Corp
Education: BA/BS Preferred but not required
Duration: 2+ Years

SecurityRecruiter.com has been engaged to identify Application Security talent to fill multiple contract positions for an extended period of time.  Candidates must be in or near the Arlington, VA region.  Our client’s location is a couple of blocks away from a Metro station.

Responsibilities:
  • Manual Code Review
  • Perform manual penetration testing of client systems, web sites and networks to discover vulnerabilities
  • Configure, run and monitor automated testing tools
  • Work with software developers, systems engineering and architect professionals to make improvements to system design and operation
  • Create a testing framework to test vulnerability sources, vendor capabilities and security tools
  • Thoroughly document exploit chain/proof of concept scenarios

Qualifications:
  • 5-7 years of experience performing application security penetration testing.  A BA/BS is preferred but not required.
  • Development experience or working knowledge of JAVA
  • Familiarity with vulnerability assessment and penetration best practices
  • Experience with vulnerability and penetration testing techniques and tools
  • Desire to obtain one or more security-related certifications such as Certified Information Systems Security Professional (CISSP), GIAC Penetration Tester (GPEN), GIAC Certified Incident Handler (GCEH), Offensive Security Certified Expert (OSCE), and Offensive Security Certified Professional (OSCP)
  • Preferred experience includes programming background in Python, PHP, Perl, Ruby, .NET or other interpreted or compiled languages
  • Hands-on experience including Metasploit, Nmap, Nessus, Burp Suite
  • Experience with LINUX and Microsoft Technologies
  • Understanding of Mobile applications appreciated

 Apply On-Line: https://www.securityrecruiter.com/submit_resume_and_profile.php

Sunday, May 08, 2016

Cybersecurity Vulnerability and Patch Report for May 8, 2016

           


 CYBERSECURITY VULNERABILITY

AND PATCH REPORT

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


Important Security Updates

Apple OS X: Apple has released an update for OS X El Capitan v10.11 and later for XCode 7.3.1 to fix a heap-based buffer overflow issue that existed in the handling of filenames.  Additional details are available at Apple’s website.
Comodo Free Firewall: Comodo has released version 8.2.0.5027 of its free firewall. Updates are available from Comodo’s website.
Comodo Internet Security: Comodo has released version 8.2.0.5027 of its free security suite. Updates are available from Comodo’s website.
Opera: Opera has released version 37.0.2178.32. Updates are available from within the browser or from Opera’s website.
VLC Media Player: VLC has released version 2.2.3 (32-bit and 64-bit) of its Media Player. Download from the VLC website.
WinZip: Winzip has released version 20.5.12118. Updates are available from within the program, look for “Check for Updates” on the Help menu, or download from the WinZip website.

Current Software Versions

Adobe Flash 21.0.0.213 [Windows 7: IE, Firefox, Mozilla]
Adobe Flash 21.0.0.213 [Windows 8: IE]
Adobe Flash 21.0.0.213 [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader DC 2015.010.20060
Dropbox 3.18.1 [Citadel warns against relying on security of Dropbox or other cloud-based file exchange systems. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the master Dropbox [or other] password be at least 15 characters long and different from other passwords.]
Firefox 46.0.1 [Windows]
Google Chrome 50.0.2661.94
Internet Explorer 11.0.9600.18161
Java SE 8 Update 91 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
QuickTime 7.7.9 [Citadel recommends removing QuickTime. On April 14, US-CERT advised Microsoft Windows users to remove QuickTime. This followed a report in ars technica that Apple has no plans to update the Windows app despite at least two reliable QuickTime vulnerabilities that threaten Windows users who still have the program installed.]
Safari 9.1 [Mac OS X Mavericks, Yosemite, El Capitan]
Skype 7.23.0.105

For Your IT Department

Cisco Multiple Products: Cisco reports patched vulnerabilities in its Cisco Finesse, TelePresence Software, FirePOWER System Software, Firepower System Software for the ASA 5585-X FirePOWER SSP modules, Prime Collaboration Assurance Software releases 10.5 to 11.0, Information Server Release 6,WebEx Meetings Server release 2.6 and APIC-EM release 1.0(1).  Apply updates.  Cisco also reports unpatched vulnerabilities in many products incorporating Network Time Protocol daemon (ntpd) package or OpenSSL. Workarounds may be available depending on the product.  Additional details are available at Cisco’s website.
McAfee VirusScan Enterprise: McAfee update fixes protections bypass vulnerability. Make update.  Additional details are available at McAfee’s website.
Novell Open Enterprise Server: Novell has released an update to fix multiple vulnerabilities in its Open Enterprise Server versions 11.2 and 2015 (OES 11 SP2 and OES 2015).  For version 11.2 apply patch oes11sp2-kernel-10907.  For version 2015 apply patch oes2015-kernel-10906.  Additional details are available at Novell’s website.
OpenSSL: OpenSSL has released versions 1.0.1t and 1.0.2h to fix at least 6 vulnerabilities, some of which are highly critical, reported in previous versions. Updates are available at OpenSSL’s website.
If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.
If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2016 Citadel Information Group. All rights reserved.

Jeff Snyder’s, SecurityRecruiter.comJeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810

SecurityRecruiter.com's Security Recruiter Blog