Feranmi Akeredolu - page 2

Feranmi Akeredolu has 58 articles published.

Feranmi is a freelance contributor to the Dark Web Journal. He is an experienced researcher and writer in areas such as decentralization and cryptocurrencies.

Top 7 Anime Torrents Websites, Reviewed for 2020

in Guides
anime torrents

Anime provides a wide range of entertainment – from horror to romance, and even comedy. Some watch it for its artistic value as well, drawn in by the detailed manner in which the animation is made. However, it can be difficult to find anime online because it is often restricted to streaming sites.

To help you get your anime fix, we have compiled a list of seven anime torrenting websites that you can use to find the best anime torrents.

Nyaa

With over 35 million visits per month, Nyaa is one of the most popular torrent sites, and for good reason. It has an extensive library of all things anime, from anime movies to TV shows and ebooks.

The anime torrents are organized and easy to navigate, with new animes constantly being uploaded. Nyaa also gives you the size and date (when it was uploaded) of each torrent.

Additionally, Nyaa also shows you a short overview of anime videos allowing you to pick the exact anime you want, in the size you’re comfortable with. Interestingly, you don’t even have to create a user account to use this site.

Anime Tosho

Anime Tosho is another great site for downloading anime torrents. This site has an easy-to-navigate UI and an impressive library of anime torrents.

It posts up-to-date anime torrents on its homepage and doesn’t require you to create a user account before you can download it from the site. There are constantly new uploads on the site, so you’re sure to find that particular anime you’re looking for.

AniRena

AniRena provides a wide range of anime torrents and uses a clean UI. It also shows you the size of the anime torrent and the number of downloads for each.

It’s a site to try if you’re looking for a place to get great quality anime. You don’t need to have an account to access their extensive library, but you could join their Discord community when you create an account.

Shana Project

Shana Project has an extensive library with high-quality anime available to anyone and everyone. It shows you the quality of the anime torrent (HD or SD) and the file size.

You don’t need to create an account to use this site but you get added benefits if you do. The benefits include the opportunity to follow your favorite torrents and a feature that automatically downloads new episodes of any anime you choose as soon as it is released.

anime torrenting websites

Anime Layer

Anime Layer uses an approach different from other torrent sites, in terms of its UI. It shows an image related to each anime, a detailed synopsis, the resolution, size, the language in which it is subtitled in, and much more.

You get all the information you need to know about a particular anime before you even click on it. Even though the website is Russian, it’s easy to translate it into English.

AnimeTorrents

AnimeTorrents is a beautiful site for downloading all things anime, similar to Nyaa. It has a large collection of anime content, though you register to access it.

You can view comments on a particular anime torrent, to help you determine if you should download it. AnimeTorrents is often the first site to have high-quality files for new episodes and series, making it a favorite for hundreds of anime fans.

KissAnime

KissAnime offers a large collection of anime torrents to choose from, as well as manga. The torrents are well organized and sorted based on criteria like most viewed.

The user-friendly interface makes KissAnime easy to navigate. KissAnime also allows users to post and view comments, enabling you to determine which torrent is worth your time.

On these anime torrenting websites, you will likely find the anime content you want. Before downloading any torrents, however, ensure that you remain within the legal boundaries of your jurisdiction.

How to Unblock YouTube in 2020

in Guides
Unblock YouTube

Sometimes, the YouTube video you really want to watch is blocked and you can’t access it. When you click on it, instead of getting the video content you’re expecting, you see this message on your screen instead: “Video unavailable. The uploader has not made this video available in your country.”

Learn how to unblock YouTube videos in this guide.

Reasons You Can’t Access YouTube

There is a myriad of reasons why YouTube might be restricting you from that particular video you want to watch:

  • School or workplace restrictions
  • Legal restriction from your own country
  • Geo-block (YouTube sometimes puts blocks in place based on your geographical location)

A geo-block could be put in place by YouTube as an attempt to comply with the copyright laws of a particular country. Moreover, the owner of the video might restrict viewing in certain countries because the video doesn’t comply with the licensing laws in those countries.

Whatever the reason may be, not being able to view a video on YouTube when you want to can be frustrating. Fortunately, there are ways to solve this.

Here are the most common ways you can use to unblock YouTube.

Using a VPN

how to Unblock YouTube

A virtual private network (VPN) is the easiest and fastest way to unblock YouTube videos. A VPN is the best option for online security and anonymity. It masks your IP address and encrypts your data, so your ISP can’t see the content you’re viewing.

So, instead of YouTube seeing the actual server you’re attempting to access content from, a VPN reroutes your request. It now appears like it’s coming from another server, i.e. the virtual IP address created by the VPN.

For instance, if you’re blocked from viewing a video due to your geographical location, you just have to switch your connection, using a VPN, to the VPN server of a country that has access to the video you want to watch.

Using a Proxy or Browser Add-on

A proxy server is an intermediary between the webpage and the user. It filters information coming in from the user before taking it to the webpage. It can also be used to hide a user’s IP address, making it appear as if they are in a different location, much like a VPN. This is why it is useful for unblocking YouTube videos.

  • There are many proxy websites available for free online. Some are even tailored to unblocking YouTube videos.
  • Moreover, a browser add-on such as YouTube Unblocker can also be used. It functions by linking the data from your browser to a proxy.

Using a proxy, however, is not a very secure method. Proxies do not encrypt your data, making your data susceptible to attacks by malware.

Downloading the Video For Offline Viewing

how to unblock youtube without proxy

Another way to bypass a block on a YouTube video is to download the video, to watch locally on your device. There are several sites that allow you to do so.

To download a video that you’ve been restricted from viewing, follow these simple steps.

  • Search for a reliable website that can enable you to download YouTube videos to view locally.
  • Search for the video you want to download on a search engine and copy the YouTube URL of the video, given in the search results.
  • Paste the URL on the site you found for downloading videos, and click download.
  • Despite not being able to view the video on YouTube, once it’s downloaded directly into your device, you will be able to watch it offline.

Using Tor Browser

Finally, you can also use the Tor Browser to view a blocked YouTube video. The only downside is Tor browser wasn’t initially made to stream videos. This can cause the video to stream slowly, especially HD videos.

Whichever method you use, always ensure you’re not contravening a legal order in your country.

Town of Salem Breach Affected 7.6 Million Gamers: Here’s What Happened

in Hacking
Town of Salem breach

Town of Salem is a browser-based multiplayer game developed by BlankMediaGames (BMG). Described as “a game of murder, deception, lying and mob hysteria,” the game is an online version of classic social deduction games like Mafia and Werewolf.

Find out what happened during the Town of Salem breach that occurred in 2018.

What is Town of Salem?

Town of Salem is a video game that is played by over 8 million gamers. The game involves 7-15 players randomly divided into groups or alignments – Town, Mafia, Serial Killers, Arsonists, and Neutrals.

The mafia, serial killers, and arsonists are all evil roles, while the town alignment is the only good role. All alignments have their specific roles and win conditions.

For instance, the job of members of the mafia is to kill everyone that does not submit to them. The town group has to lynch members of the mafia as well as other villains. Arsonists must kill everyone in the game except a select few by dousing houses and setting them on fire in the night.

The Town of Salem Data Breach

On December 28, 2018, cybersecurity firm DeHashed received an anonymous email that disclosed the breach. Evidence of a break-in into the server and the player database were included in the email.

According to DeHashed, the database in the email had a total row count of 8,388,894 including about 7,633,234 unique email addresses. The data leaked included usernames, emails, passwords, IP addresses as well as game and forum activity. The firm also claimed that the billing and credit card information of those that paid for certain features were also leaked. However, BlankMediaGames disputed this claim.

Five days later, on January 2, 2019, BlankMediaGames confirmed the breach via an announcement on the official Town of Salem game forum. A spokesperson with the username ‘Achilles’ stated that the breach had indeed occurred but the only important compromised data were usernames, passwords, IP, and email addresses.

The claim that the billing information of some users was also released was denied. Achilles stated that all payments were handled by third-party payment processors and BMG does not even see any credit card information at all.

How the Breach Happened

Players of Town of Salem have access to a WordPress site, which was the point of attack for the hackers. The administrator of the site had reused passwords on multiple sites, making it easy for the hacker to gain access to the account. While the admin quickly detected the hack and changed the password, the damage had already been done.

The hacker already put in a ‘backdoor’ that allowed reentry without any authentication request. From there, the hacker uploaded a file that resulted in an RFI (Remote File Intrusion). This file enabled them to download the entire database of the server and get the information they needed.

The fault of the hack lies with the developers of the game and the administrator of the WordPress site. The developers made use of a scripting software (phpBB) that gave anyone with the correct username and password access to extract the user database. There is common misinformation in the media about how the passwords were encrypted with a mixture of MD5 and PHPass. This is false as the encryption was entirely PHPass. MD5 is easy to hack while PHPass is more complex to decrypt.

The Aftermath

After Town of Salem confirmed the breach, a lot of users complained about how the situation was handled.

Firstly, it took them three weeks to acknowledge that they had been hacked. After the breach occurred, it seemed like there was going to be no foul play. So, the company didn’t say anything about it.

Secondly, DeHashed sent emails over the Christmas and new year holiday to BMG about the hack. But they didn’t get any response from the team. BMG claimed that the emails DeHashed sent to them were all redirected to the spam folder. So they didn’t get them.

At first, the leaked data were only available for sale on dark web forums at the cost of $500 per file. After a while, it became available on Google to anyone that searched for it. Although credit card information and other sensitive data were not leaked, the leaked information is phishing material.

To prevent scams or blackmail, BMG sent mass emails to their users asking them to change their passwords.

The Fallout

Although the breach was quite an unfortunate incident, it assisted the police in making an important arrest.

20-year old Timothy Dalton Vaughn was sending fake bomb threats to thousands of schools while trying to frame gamers as the culprit. The police went through the leaked data and found the same username. He used to chat with a friend about the threats on Twitter on the list.

The leaked data showed that in 2018, someone had registered the username ‘hdgzero’, which was the username Vaughn used on Twitter. The username was registered with an email address and IP address. And the police were able to trace the culprit of the act.

Lessons Learnt

The hackers of the Town of Salem were never caught. This incident shows that companies, no matter the size, must not take cybersecurity lightly.

Making use of safe scripting software is a good step in the right path. Also, admins should not be negligent when handling their passwords.

The data leak issue also raised important ethical questions. For example, in the case of a data breach where there is no immediate leak of the stolen data, should the users be made aware that the servers have been breached? Also, how soon should the public be made aware of such a breach? Should it be immediately or after a complete analysis?

Top 7 Cybersecurity & Hacking Conferences for White Hat Hackers

in Cybersecurity/Hacking
hacking conferences

There are several high-profile, annual cybersecurity conferences that provide an avenue for white hat hackers, security researchers, and others to learn new trends in the field.

Below, you will find is a list of the best cybersecurity and hacker conferences you can attend.

DEFCON

Jeff Moss founded DEFCON in 1993 in what was supposed to be a farewell party for a friend. But now, it’s one of the biggest hacker conferences in the world.

The conference is held in Las Vegas every summer and attended by cybersecurity professionals, security researchers, students, journalists, federal law enforcement agents from the FBI, and many others.

The last DEFCON was named ‘DEFCON 27’ and held on August 8–11, 2019. It took place in the Paris Hotel, Bally’s Hotel, Planet Hollywood, and Flamingo Hotel with an attendance of approximately 30,000 people.

The convention brings several speakers to deliver speeches on cybersecurity challenges and tactics to thwart malicious attacks. Moreover, there are hackathons ranging from lockpicking to art-related contests, scavenger hunts, and Capture the Flag.

In the most popular contest, known as the Capture the Flag (CTF), groups of hackers compete by attacking and defending systems. Badges are awarded to winners of contests at DEFCON and the highest badge is The Black Badge. This badge permits free entrance to DEFCON for life, which makes it worth thousands of dollars.

The RSA Conference

RSA Conferences are a series of security conferences that take place in the United States, Europe, Asia, and the United Arab Emirates every year. The number of attendees for each event stands at approximately 50,000. Jim Bidzos founded this conference in 1991.

The conference consists of educational seminars on IT, networking, and presentation of programs. Speakers compete fiercely for speaking positions as they are very competitive with thousands vying for a few hundred positions.

The conferences are typically themed and centered around one or two topics. Moreover, there is an exhibition where vendors have the opportunity to present solutions to IT problems to attendees.

Black Hat

Jeff Moss also founded Black Hat after four years of DEFCON. Despite its name, it’s a conference that teaches ethical hacking and how to counter cyberthreats.

It is a cybersecurity conference that provides the latest information and also the latest trends in information security. The attendees vary from hackers, representatives of government agencies, executives, hackers, top security professionals, and even non-technical individuals.

The conference takes place in Las Vegas, Barcelona, London, Abu Dhabi, and usually holds some days before DEFCON. Additionally, Amsterdam, Tokyo, and Washington, D.C have also hosted Black Hat in the past.

The conference comprises three major aspects: the Black Hat Briefings, Black Hat Trainings, and Black Hat Arsenal.

The black hat briefings involve speeches on topics like reverse engineering and hacking delivered by top industry players. The arsenal is an exhibition.

cybersecurity conferences

THOTCON

THOTCON is the first hacker conference to hold in Chicago. Nicholas J. Percoco, Matt Jakubowski, Jonathan Tomek, and others organize this event.

The exact location is kind of a secret. Attendees only know the location a week before the event. The letters of the words of the Chicago Area Code (312) form the name. Three, One, Two (THOT). The purpose for creating the event was to bring together hackers in Chicago without spending a lot of money on traveling.

It is a low budget event consisting of several tracks of both short and long talks, contests, and workshops. Topics of discussion include data visualization, computer/human interfaces, wearable computing, intelligence gathering, and surveillance. Also, THOTCON counts towards security certifications such as CAP, SSCP, and CISSP CPE credits.

SchmooCon

ShmooCon is an annual conference in several locations in Washington DC. It lasts for three days with the first day comprised of speed talks called One Track Mind.

The last two days consists of three different tracks – Build It, Belay It, and Bring It On. The talks are on a wide variety of subjects such as inventive software, technology exploitation, computer security, and hardware solutions.

The convention also supports non-profit organizations through t-shirt sales. These charities include Electronic Frontier Foundation (EFF), and Hackers for Charity (HFC), and the No Starch Press Foundation. The event typically sells out fast, with 2,175 people attending in 2019.

OWASP Global Appsec Conference

The Open Web Application Security Project hosts the OWASP Global AppSec annually. The organizers are a security organization that aims to provide effective and practical security guidance to companies.

The event starts with three days of training followed by a two-day conference. Global AppSec brings cybersecurity experts to deliver technical talks on IT issues. There are also debate panels, keynote speeches from top players on cybersecurity, contests, and vendor booths.

Chaos Communication Congress

The Chaos Communication Congress is hosted by Chaos Computer Club (CCC), which is the largest association of hackers in Europe. The congress started in 1984.

The event features lectures related to privacy, hacktivism, data security, online freedom of speech, and others. It’s also the largest cybersecurity conference after DEFCON. The congress takes place at the Trade Fair Grounds in Leipzig, Germany. In the past, it also took place in Hamburg and Berlin.

Top 10 Funniest Dark Web and Deep Web Memes

in Dark Web
dark web meme

Dark web and deep web memes have become increasingly popular since the dark web received more media attention. Here are the top ten funniest dark web memes we could find on the surface web.

Are You Really for Sale Dark Web?

dark web meme
Source

Imagine finding out you’ve been put up for sale with a promise to be delivered on the same day should someone make a purchase. There are often false stories of the sale of people on the dark web. However, this is also a fun way to scare people new to the dark web.

Fake Sales Deep Web Meme

deep web meme
Source

The stonks meme is another meme used to mock the false stories of people put on sale on the dark web. Trying to say, some people even traffick themself on the dark web.

Mind How You Talk

deep web meme
Source

Users of the deep and dark web take privacy and anonymity very seriously. But when you discover someone knows your address, you’re in trouble.

Your Face on a Dark Web Live Stream

best dark web meme
Source

Rumors of webcam spy are common on the deep web. It could be scary to newbies and people just visiting the dark web

Have You Got Dark Web Protection?

best deep web meme
Source


You do need protection before you visit the dark web. But this one – as you’ve guessed already – is very ineffective. Making use of trusted security software, privacy-oriented browsers like Tor count for protection.

Dead Web vs Dark Web Meme

dead web
Source

Microsoft owns Bing, a search engine. Though it is still functional, no one uses it now.

Does the FBI Really Use Reddit?

FBI Meme
Source

The FBI uses social media sites such as Reddit to ask seemingly harmless questions just to get information, according to this dark web meme.

Think Twice Before Clicking that Link

Source

Sometimes, links to the dark web are posted conspicuously on sites like Reddit. Unaware users may click assuming it’s a link to something nice only to find themselves in the dark web.

Don’t Try to Buy a PS4 for $10

Source

You can buy all sorts of cheap things on the dark web but trying to buy a PS4 for $10 is taking it too far.

There Are Many More Dark Web Memes

hackerman meme
Source

Hackerman is a picture of the actor Rami Malek dressed in a hoodie and looking a little smug. Here, it’s depicting smugness from getting access to memes on the dark web.

If you want to learn more about the dark web, check out our top pick of dark web books.

What is Red Teaming?

in Cybersecurity
Red Teaming

Teaming is a practice in cybersecurity aimed at simulating real-life cyberattacks on a company’s system, network, or workforce. The idea is to determine the impenetrability of the company’s defense against cyber threats. There are two types of teaming in cybersecurity: blue teaming and red teaming.

This guide will focus on red teaming and how it differs from penetration testing.

Blue Teaming

A blue team comprises individuals in the internal security team of an organization that defends it against real-life attackers and the red team.

Cybersecurity solutions typically defend against a wide array of cyberattacks. But the job of the blue team is to spot and neutralize more covert attacks that these technologies cannot detect.

The blue team closely monitors an organization’s system to detect suspicious traffic patterns. It also identifies indicators of compromise, which they shut down immediately.

Red Teaming

Red Teams are the attacking group, comprised of security experts who test the effectiveness of a security infrastructure by mimicking the techniques of hackers as realistically as possible.

Their job is to stealthily try to break the defenses of the company’s cybersecurity. They identify and exploit vulnerabilities and weaknesses while striving to remain undetectable. While a red team can consist of individuals that work for the company, the usual practice is to employ the services of external cyber experts that will look at the defenses with fresh eyes.

In doing their jobs, the red team employs any means possible that a real cyber attacker would to penetrate both the systems and physical premises of the company. This could involve creating malware and employing social engineering tactics on the employees.

Difference Between Red Teaming and Penetration Testing

Red teaming is similar to penetration testing but there are some clear differences. They are both used to determine how solid the cybersecurity of a company is and how well cyber defenses will fare in the face of an attack.

Goals of Red Teaming vs Pen-testing

However, pen-testing only revolves around identifying the flaws in the systems of an organization. It notices easy penetration points for hackers and exploits these flaws to see the potential destructiveness of a security breach. The goals in pen-testing are not specific.

Red teaming, on the other hand, is multi-leveled and targeted. It looks to achieve specific goals such as gaining access to a specific server that carries sensitive information. It not only finds and exploits vulnerabilities but also tests the ability to detect and respond to breaches.

Red teaming provides a more holistic answer to the question of how well a company can handle possible future cyber threats. It simulates real-life attacks using any means available to break both cybersecurity and physical barriers.

Length of Execution of Red Teaming vs Pen-testing

Also, red teaming typically lasts longer than pen-testing. It could go on for about 3 – 4 weeks, though it depends on the kind of attack. Conversely, pen-testing typically lasts for a week or two.

Red teaming is indispensable for big companies that store sensitive information since they are susceptible to hackers.

Red teaming does not stop at just staging an attack. Following the test attack, they work with the blue team to evaluate the effectiveness of the barriers they encountered. The red team shows the blue team the flaws they exploited and how they were able to penetrate the security system.

The blue team, armed with this valuable information, devises and implements tactics to remove the flaws to protect the organization against real future attacks.

What is Car Hacking And Can it Be Prevented?

in Hacking
Car Hacking

Modern car makers have been producing “smart cars” that use computers connected to the internet.

Electronic Control Units (ECUs) are on-board computers that use multiple networks and communication protocols – such as the Controller Area Network (CAN), Local Interconnect Network (LIN), and Media Oriented Systems Transport (MOST) – to communicate with each other. The presence of these components makes “smart cars” susceptible to remote car hacking by cybercriminals.

Learn about car hacking and how you can protect your car from it.

What is Car Hacking?

Car hacking is the exploitation and manipulation of vulnerabilities in a car’s electronic control unit to gain access into the car, gain control of some parts, or obtain user information.

This issue garnered a lot of attention in 2015 when security researchers, Charlie Miller and Chris Valasek using just a laptop from a house 10 miles away, remotely hacked a Jeep Cherokee driving on the streets of St. Louis.

The driver, a journalist named Andy Greenberg was in on the experiment but had no idea what to expect. By exploiting susceptibilities in Uconnect, the internet-connected system in Fiat Chrysler vehicles that allows owners to control the vehicle’s navigation and entertainment system, sync media, make phone calls, and remotely lock the car, Miller and Valasek took control of the vehicle’s air conditioning, windshield wipers, steering, and brakes.

They were able to cause a brake failure that sent the Jeep crashing into a ditch. This incident caused Fiat Chrysler to issue a quick recall of 1.4 million vehicles in the first and only cybersecurity-related vehicle recall to date.

Is It Happening Already?

It has been predicted that by 2022, 125 million cars will be connected to the internet. The reality of this slaps harder when you think about how much chaos can be unleashed in the world if car hackers became mainstream.

From stealing cars by hacking keyless wireless fobs to tracking them by compromising GPS tracking software, car hackers are already making their moves.

According to an Israeli firm, Upstream, there were 176 electronic cyberattacks aimed at vehicles in 2019. That’s a 123% increase from the 78 attacks in 2018. Toyota also announced a breach in some of its vehicles that exposed the personal information of 3.1 million users of the brand in 2019.

Can Car Hacking Be Prevented?

what is car hacking

While the idea of someone with a malicious intent remotely gaining access to your vehicle may seem scary, you’re not entirely powerless in preventing this from occurring.

Much of the power lies in the hands of car manufacturers to build models of cars with fewer vulnerabilities. However, as a car owner, you can protect your vehicle by following these highly recommended tips.

Safeguard Your Wireless Car Fobs

Most of the hacks that have occurred involved unauthorized persons gaining access into vehicles via wireless car fobs. Wireless car fobs allow you to unlock your car doors without needing a key.

If the fob is nearby, and you try the door handle of your car, the car sends a signal to the fob which then instructs the car door to open. When it is not nearby, the signal won’t be strong enough and the car handle won’t respond. But if a hacker knows where you keep your fob, he can trick your car into thinking it is nearby. The hacker would simply amplify the signal, then an accomplice close to the car would gain access. All they need to do is get in the range of the fob.

Hackers can surreptitiously stand close to car doors and manipulate the fob. That is because most people keep their fobs in easily predictable and accessible places. This is why it is advised that you keep your fob in your refrigerator. And you could also use a Faraday bag. It blocks the signal so criminals won’t be able to gain access to it.

Always Reset Password for Your GPS

Always change the password of your car’s GPS tracking system from the default password.

A hacker was reportedly able to switch off the engines of vehicles driving under 12mph. They only had to guess the usernames of the vehicle’s iTrack or ProTrack accounts and input the default password. This stresses the importance of using a secure password that cannot be guessed easily.

Update Your Car Software Regularly

Always update your car software as soon as you get an update. Older software usually have bugs and flaws that are often absent in the new one which reduces your car defences against hackers.

Put off the WiFi and Bluetooth of your car when it’s not in use. The car’s internet connection is often one of its biggest vulnerabilities.

7 Remote Cybersecurity Jobs You Can Do in 2020

in Cybersecurity
Remote Cybersecurity Jobs

The unemployment number in cybersecurity is almost zero and that might not change anytime soon. The world is progressively becoming more digital and as a consequence, there is an increase in cybercrime. If you want to work in this field, this guide lists seven high-paying remote cybersecurity jobs you could apply for in 2020.

Cybersecurity Analyst

As a cybersecurity analyst, your job is to monitor the systems and networks of an organization. You detect weaknesses and cyber threats and devise the appropriate methods to protect the organization.

Security analysts also run routine vulnerability scans and assessments. They do these to identify network vulnerabilities which allows them to stay ahead of threats. These analysts plan and recommend changes to increase the security of the network. Also, they apply security patches to protect the network. Security analysts are very essential to a company as much lies in their hands to protect the integrity of their systems.

Cybersecurity analysts often monitor systems located in several locations all over the world. So working remotely is an option. A security analyst earns an average of $98,350 yearly. That makes it a very attractive job for remote workers.

Cybersecurity Engineer

With an average yearly pay of $106,000, cybersecurity engineers are the highest-paid cybersecurity workers and have been the most in-demand security position for three years in a row. The position requires the application of engineering to the creation and implementation of solid security systems to prevent and stop cyber attacks.

They develop security plans, investigation of network breaches, and response to security issues. These engineers are expected to keep up with the ever-evolving security trends as well as new tactics with which cybercriminals attack networks.

This is quite different from security analysts whose jobs revolve around detecting vulnerabilities and monitoring threats. Cybersecurity engineers develop programs that identify the weak points in an organization’s system and strengthen them.

Network Security Engineer

Network security engineers build and maintain communication networks, such as wide area networks (WANs), local area networks (LANs), and intranets. Also known as network architects, these engineers are in charge of monitoring virtual networks of organizations as well as firewalls, email security, and web protocols.

This security position is highly important. Security engineers apply their understanding of cybersecurity to determine how best to build a network that will be impenetrable to cyber attacks.

They are involved in the analysis of network traffic. That is to deduce how much growth will occur to determine the future needs of the network. The average yearly pay of Network security engineers is $100,000.

Penetration Tester

Also known as Pen-testers or ethical hackers, penetration testers do the opposite job of security analysts but with the same goal in mind. A pen-tester, with the permission of the organization, tries to hack their systems.

They identify and exploit vulnerabilities the way a hacker would know if the system is truly impenetrable from the standpoint of a hacker. Penetration testers make about $90,000 yearly and are experts in cyberattacks. They understand and follow the trends in hacking techniques which they apply in doing their jobs.

They also conduct thorough routine tests on computer systems, networks, and even web applications. The tests are to identify specific weaknesses that can be exploited by hackers. By having a proper understanding of how hackers think and applying their logic, pen-testers can identify vulnerabilities ahead of hackers and beat them at their own game.

Cybersecurity Consultant

Cybersecurity consultants are very important in protecting organizations. They are tasked with providing the best way to protect systems, data, and software against any form of attack. They carefully evaluate risks and issues, detect faults in existing strategies. Also, devising the best security method a company should adopt.

These consultants are experts in the field of cybersecurity with years of expertise under their belts. They use their knowledge and experience to provide professional supervision and technical advice to security teams. Security consultants undergo research on security procedures to determine the appropriate one for every challenge. They then use their findings to design and deploy cybersecurity practices and operating models.

Cybersecurity Instructor

If you have a solid knowledge of cybersecurity with years of experience in the field, and you are also good at teaching effectively, then you should consider working as a cybersecurity instructor.

You won’t have to be actively involved in protecting systems and networks. But you’ll be in charge of educating new cyber professionals. This can easily be done via online classes and by creating specific cybersecurity courses online. Through online courses, you can share your knowledge with anyone interested and get paid.

Cybersecurity Manager

Cybersecurity managers are in charge of overseeing and directing the security program for a given system or network. They need to have an in-depth understanding of security concepts, risk management, and project management skills.

In addition, cybersecurity managers identify security gaps, designing solutions, building firewalls, and providing reports to the staff and management of the company. The managers manage the teams under the security department and building awareness of cybersecurity.

They also go through the security policies to determine which ones are working and which ones aren’t. They also have one of the best paid remote cybersecurity jobs in the industry.

What Kind of Cybersecurity Jobs Are Remote?

Fortunately, most of them! Due to the internet-native nature of cybersecurity, the majority of IT security professions can be done remotely.

A handful of cybersecurity roles may still require occasional face-to-face meetings, especially when discussing sensitive, business-critical matters. For the most part, however, remote work is a possibility.

The Ashley Madison Hack: What Exactly Happened?

in Features
Ashley Madison Hack

Ashley Madison, a dating service that caters to married people or people in relationships seeking an affair, suffered a major security breach in August 2015. Impact Team – a hacker group – leaked personal details such as names, email addresses, credit card information, and sexual fantasies of about 30 million users of the service. The Ashley Madison hack was a historic data breach.

Learn about the Ashely Madison data leak and the controversies that followed.

How Did the Ashley Madison Hack Happen?

Founded in 2008, Ashley Madison runs a widely popular web service with the unashamed intention of helping married people have extramarital affairs. “Life is short. Have an affair.” is the company’s catchphrase.

In July 2015, hackers threatened to release company data including sensitive customer information. The hackers gave an ultimatum to Avid Life Media, the parent company, to permanently shut down Ashley Madison and Established Men – a sister hook-up site that linked young ladies to older successful men – within 30 days. 

The hackers accused ALM of promoting extramarital affairs and prostitution. Impact Team called out the company out for not keeping its promise to delete user data from their website after users paid the required fee of $19. The data included site usage history and personal identifying information.

To drive their point home, the Impact Team published a file containing some of the company’s financial information, including employee salaries and profile details of two customers of the site. 

The First Major Leak

On August 18, after the 30-day ultimatum had elapsed and the websites were still running, the hackers posted “Time’s up” on the dark web together with a BitTorrent tracker file cryptographically signed with a PGP key. 

The tracker file was actually a compressed 10 GB file that contained usernames, passwords, home and email addresses, height, weight, sexual fantasies, the last four digits of credit card numbers and even GPS coordinates of millions of users as well as passwords for the site’s Windows domain, and PayPal account details of executives of the company.

The Second Major Leak

The second dump was on August 20, two days after the first. This data dump was quite different from the first in that it mostly contained the company’s internal Data, including a 19GB file of ALM’s CEO Noel Biderman’s emails, and Ashley Madison’s website source code. 

The Third Major Leak

The Impact Team served a third-round of dumps. The leaked data included a list of government emails used to create user profiles, mailing addresses, IP addresses, the total amount spent on on-site purchases, and signup dates. 

Authenticity of Leaked Data 

Ashley Madison

The authenticity of some of the leaked data is still in contention. Accounts were often created without the consent of the real email address owners (sometimes as a prank). The site required the real owner of the account to pay $19 to permanently delete their profile. But they never deleted user data.

Cybersecurity experts noted that just because an email address was in the data leak didn’t mean the legitimate owner created a profile.

For instance, one of the email addresses appeared to have belonged to Tony Blair, a former UK prime minister. However, experts proved that the majority of the leaked data was authentic. Brian Krebs, a popular security expert, confirmed that lots of Ashley Madison account holders agreed.

The Aftermath of the Ashley Madison Hack

cybersecurity

Avid Life Media released a statement condemning the hack. They called it an act of criminality. CEO Noel Biderman had to step down from his executive position, an action he claimed to have taken in the best interest of the company. 

Subsequently, the company offered rewards for information about the hackers. The Police in Toronto also showed commitment to finding the culprits. The company together with the Canadian Police and US FBI worked to investigate the attack and arrest the perpetrators. A $500,000 bounty was offered for information on the Impact Team but no arrests have been made to date.

Canadian law firms Charney Lawyers and Sutts and Strosberg LLP filed a $567 million class-action lawsuit against ALM. The suit was on behalf of all Canadians citing the 30 million users whose information were published. They included the users who paid Ashley Madison’s permanent-delete fee but did not have their information erased in the suit as well. Ruby Corp (rebranded Avid Media) announced $11.2 million to settle the lawsuit.

Fallout of the Hack

Ashley Madison leak

Users with leaked information were targetted after the cyberattack. Josh Duggar, a reality TV star and Christian YouTube Sam Radar were among those that suffered public disgrace.

Numerous search websites popped up that allowed people to search for the emails of their colleagues or spouses. Some individuals and companies blackmailed users. Others received extortion emails requesting for bitcoin.

Customers of the website also suffered great psychological consequences resulting from the hack. Having to deal with an affair publicly hurt the victims as well as their spouses and children. A good number of those affected sank into depression and anxiety. Tragically, two suicides were traced to the hack, one of a pastor and professor at the New Orleans Baptist Theological Seminary. 

Security 

Security researchers revealed poor security practices in Ashley Madison source code. It had hardcoded security credentials such as database passwords, API secrets, and SSL private keys. The online service also didn’t use email verifications to filter bots and prevent people from opening multiple fake accounts. 

The only things they seemed to get right was not storing full credit card numbers on their servers. They made use of Bcrypt, a strong password-hashing function to hash customers passwords rather than leave them in plaintext. 

The hack arguably made people more conscious of their data privacy and holding companies accountable.

What is Cyber Threat Intelligence? A Beginner’s Guide for 2020

in Cybersecurity
Cyber Threat Intelligence

There’s been a surge of interest in cyber threat intelligence in recent years. It owes much of its growth to the devastating record of sophisticated cyberattacks that have affected even some of the best-protected enterprises.

Additionally, the internet has become increasingly unsafe for individuals as evil hackers have made online theft a source of income, making cyber threat intelligence such an important concept in the world of security.

What is Cyber Threat Intelligence (CTI)?

Threat Intelligence

Threat intelligence is any knowledge that allows you to prevent or mitigate attacks. It enables you to understand the motivations, intentions, and competencies of your potential attackers. Without it, you will not understand the risks to your enterprise faces.

Cyber threat intelligence is the information collected, filtered and analyzed to answer essential questions regarding any cyber threats that an organization may face. Some of those questions include: who is likely to attack what assets, where, when, and how.

“Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and action-oriented advice about an existing or emerging menace or hazard to assets.”

– Gartner

Threat intelligence is generally broken down into three subcategories: Strategic, Tactical, and Operational.

How Strategic Threat Intelligence Helps Identify Threats

Strategic threat intelligence is non-technical and used by high-level strategists to inform specific decisions. At this level, Chief Investment Security Officers and IT managers collect all the information needed to set priorities or make budgeting and staffing decisions. They also make decisions based on business risks and potential attacks.

The basis of strategic threat intelligence rests on strong two-way communication between threat analysts and the board of directors.

How Operational Threat Intelligence Helps Identify Threats

Operational threat intelligence, also called technical cyber threat intelligence, provides highly specialized technical intelligence to coordinate and guide the response to specific incidents. It is often related to malware, campaigns and often come in the form of forensic reports.

At the operational level, the team can find relevant information about threats, reconstruct the attacks, and take action to stop them.

How Tactical Intelligence Helps Identify Threats

Tactical threat intelligence provides data about specific tactics, techniques, and procedures (TTPs) used by threat actors to achieve their intentions. Technical defenders – such as system architects and security personnel – and security decision-makers are the audience for this type of threat intelligence.

Organizations can effectively manage defences and allocate security resources when they understand the tools, infrastructure, attack vectors, and other strategies used against targets in their industry or location.

8 Steps for Implementing a Cyber Threat intelligence Program

  1. Develop a strategic roadmap
  2. Build a central knowledge base
  3. Expand monitoring
  4. Train staff
  5. Automate workflows
  6. Organize communications
  7. Develop a hunt mission capability
  8. Refine and improve the process

Benefits of a Good Cyber Threat Intelligence in an Organization

  • Cyber threat intelligence gives organisations insights on mechanisms and implications of threats, allowing them to build defence strategies and frameworks, and reduce attacks. The end goal is to mitigate harm and protect their network.
  • It gives corporations a good understanding of what’s happening outside their network. It also gives them better visibility of the cyber threats that bring the most severe risk to their infrastructure.
  • Removes invalid threat indicators so they don’t create
    false positives.
  • Helps corporate management decide how to budget to adequately mitigate risk.
  • Provides situational awareness and context to determine attackers’ intentions, targets, and methods.

Top 3 Cyber Threat Intelligence Data Services

IBM X-Force Exchange

IBM’s threat intelligence sharing platform for security analysts provides fast access to intel on recent cyber threats. You can then share your findings with other users. Through this, you can search for URLs, IP addresses, web applications and CVEs. It also gives you insight into their historical records, risk scores, locations and lots more.

Recorded Future

Recorded Future provides threat intelligence feeds solution that has more than 65 threat data streams. The platform allows you to integrate with other threat feeds you already have. It correlates and analyzes the data for you. The advantage it gives is the ability to focus on intelligence that matters. That allows you to make quicker, better-informed security decisions.

FireEye iSIGHT Threat Intelligence

FireEye iSIGHT is another popular platform that combines machine-based intelligence, adversary, and victim. The company has intelligence researchers around the world to deliver the intel on attackers’ tactics and techniques.

Cyber threat intelligence plays an integral role in protecting your business against cyber threats. Any business that takes cybersecurity seriously should dedicate resources towards it.

Go to Top