PolitiHack, Or How I Learned to Stop Worrying About Russians Influencing the US Election and Learned to Love Cybersecurity

December 23, 2016 at 4:12 pm | Posted in cybersecurity, Knowledge | 2 Comments
Tags: , , , , , , , , , , , , , ,

Hackitivism and cyberespionage are certainly nothing new, especially emanating from Russia. But the 2016 US presidential election was a swift education for Americans and the watching world regarding the widespread consequences of a successful  APT (advanced persistent threat). A joint statement issued by the Department of Homeland Security and the Office of the Director of National Intelligence on Election Security stated that the “U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations” (emphasis ours).

Thanks to the detailed reporting from the New York Times, the fog of war is beginning to clear and the full extent of the cyberattack has become clear. And what is increasingly apparent is that at every stage, cybersecurity training could have significantly mitigated or (perhaps) even prevented portions of the attack altogether.

kaperskythreatmap

Real-time cyberthreat map from Kapersky Lab

Enter the low-rung MIS contractor hired by the DNC — Yared Tamene.  He claims no cybersecurity expertise, much less any cybersecurity-related certification like GSEC, CASPCISSP, CEH or CFR. So it’s hardly appropriate to assign him the brunt of the blame. Instead, we should use his example to learn how cybersecurity knowledge and skills could have better informed the fateful decisions that he, and many others, made along the way.

In the fall of 2015, the FBI noticed some unusual outgoing network traffic from the DNC network, suggesting that at least one computer was compromised. The early forensics linked the compromise to a known Russian cyberespionage group going by the moniker “the Dukes” (AKA “Cozy Bear” and “APT29”) , who had in just the last few years, penetrated the White House, State Department and Joint Chiefs of Staff email systems. A special agent picked up the phone, called Tamene, and told him what they knew.

Before we even get to Tamene’s response, any trained cybersecurity first responder knows why the FBI called via phone rather than emailing their dire message. Communication protocol during a security incident should be out-of-band, meaning outside of the primary communication channels (primarily network where the attacker could be listening). Ironically, Tamene was convinced that the FBI call was a hoax, and after repeated calls over the new few months, he ignored the urgency. In November, the FBI even confirmed with Tamene that known malware was routing data to servers located in Moscow.

Continue Reading PolitiHack, Or How I Learned to Stop Worrying About Russians Influencing the US Election and Learned to Love Cybersecurity…

Transcender is Now an Authorized Practice Test Provider for (ISC)²® Certifications

December 7, 2016 at 4:51 pm | Posted in (ISC)2, CISSP, Uncategorized | Leave a comment

There are a lot of great security certifications out there, but since its release in 1994, the CISSP (Certified Information Systems Security Professional) has become one of the best known and most highly regarded credentials. At Transcender, we’ve been dedicated to providing CISSP practice tests for over 13 years. Earlier in 2016 we also released our first test preparation for its sister certification, SSCP (Systems Security Certified Practitioner).  Our hard work has paid off, because we’re now an authorized practice test provider for (ISC)²® certifications!

What does this mean to you? Nothing has changed about our award-winning products, but it does mean that (ISC)² has officially endorsed our practice tests for CISSP and SSCP.

  • The SSCP practice exam is a 300-question exam that will develop your test-taking skills, identify any weak areas, and prepare you for the actual test.
  • The premium SSCP study solution combines our trusted practice exam with self-paced eLearning, for a comprehensive learning experience.
  • The CISSP practice exam has an exhaustive 924-item question bank that will test every aspect of your technical skills, plus a 892-item flash card array.
  • The premium CISSP study solution includes the practice exam with  20 hours of online instruction through self-paced eLearning, which includes access to a live subject matter expert.

We’re also working together to develop a practice test for the up-and-coming CCSP (Certified Cloud Security Professional) certification for 2017. Be sure to follow our blog or subscribe to special updates and promotions on the Transcender web site to be notified of its release.

Transcender has been committed to closing the skills gap in the IT industry for the last 25 years and helping qualified candidates get the recognition they deserve.  And now even (ISC)² recognizes our efforts.  After your certification training, come over to us to help you prepare for exam day. Study with confidence, knowing that you have the most relevant and up-to-date study tool in the marketplace!

Now Offering CFR-210 Test Prep

December 1, 2016 at 3:16 pm | Posted in Logical Operations, Vendor news | Leave a comment
Tags: , , , , , , , , , , ,

Who says there’s no news in December? In cybersecurity, it’s never a question of if, but a question of when a breach will occur. So rather than wait for the new year, we thought we’d get the jump on 2017 and together with Logical Operations, release the Cybersec First Responder (CFR-210) practice test today.

What exactly is the CFR certification all about? Well, CFR-210 showcases your ability to to quickly detect and respond to active cyber threats. It’s not just about detailed knowledge of the analysis techniques and tools, but how to identify and respond, in real time, to the broad array of security threats affecting organizations worldwide.

So, white hats, rejoice and black hats, you’re on notice. They’re some new sheriffs rolling into town with some serious skills — and they’re not afraid to use them!

Here’s the press release for your reading pleasure.


Entries and comments feeds.