RQ Communications is your Telecommunications Expert, specializing in refurbished Nortel, Avaya, Shoretel and Cisco telephone equipment. We provide a wide range of telephony equipment to meet your needs; that includes telephones, servers, voicemails, circuit boards, hard drives, memory and complete systems.
Showing posts with label IT Professionals. Show all posts
Showing posts with label IT Professionals. Show all posts
Saturday, September 16, 2017
Most people think that Macs and all the other Apple devices are immune to viruses.
But those in the know (sysadmins, pc techs and network admins) know all too well that Macs are just as vulnerable to viruses just like PCs.
So, are Apple devices and Macs immune to viruses? Short answer: no. Then why do so many people believe that they are? Let’s break it down.
Viruses are always written for a specific platform. A virus written for Windows can only run on a Windows machine. Now consider that the aim of a computer virus is to spread to as many other machines as possible, much like the common cold spreads through the population when we hit winter.
Attackers are obviously going to most often target the platform that the majority of people use in order to get the best return from their attack. And that platform happens to be Windows. Read the full story here… Are Macs immune to viruses?
According to some of the top cybersecurity researchers, like Symantec, Kaspersky Lab and Google, there seems to be some technical evidence that the WannaCry malware attack that is infecting and wrecking havoc on more than 300,000 computers in over 150 countries, has a connection to the North Korean-run hacking operation known as the Lazarus Group.
The Lazarus Group, which has widely been regarded as a Korean nation-state hacking group, that has been blamed for a recent string of bank heists and well as the 2014 Sony hack.
First Links To Suspicion
Speculation of a possible North Korea connection went live today after Google researcher Neel Mehta posted a cryptic tweet showing similar code elements of the two pieces of malware, with the hashtag #WannaCryptAttribution, and researcher Matthiu Suiche then tweeted a screenshot of the two code families, saying, "Similitude between #WannaCry and Contopee from Lazarus Group ! thx @neelmehta - Is DPRK behind #WannaCry ?"
After the intriguing tweets, Kaspersky Lab late today posted a blog outlining the similarities between the WannaCry and Lazarus Group code. They confirmed that the February ransomware variant is a precursor to the WannaCry attacks this month. "It shares the same the list file extension targets for encryption but, in the May 2017 versions, more extensions were added," they wrote.
"Neel Mehta's discovery is the most significant clue to date regarding the origins of Wannacry," Kaspersky researchers wrote. But they say more research is necessary to more definitively connect any dots.
Apparently, a variant of WannaCry found in February shared some computer code with a hacking tool the Lazarus group used in 2015.
“For now, more research is required into older versions of Wannacry,” Kaspersky Lab said in a blog post. “We believe this might hold the key to solve some of the mysteries around this attack.”
On Monday, security firm Symantec also reported finding clues that may link WannaCry with the shadowy group. It’s found earlier versions of the ransomware on machines that have been compromised by hacking tools used by Lazarus, according to Vikram Thakur, technical director at the company.
“Shortly after these tools were found on these machines, we could see WannaCry files showing up,” he said.
Some experts also report that the evidence is very circumstantial. And that it's not uncommon for tools used in other hacks or often leaked on the internet so anyone interested could also use the shared code.
[caption id="attachment_2642" align="alignnone" width="720"] A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec, in Mountain View, California, U.S. May 15, 2017. Courtesy of Symantec/Handout via REUTERS ATTENTION EDITORS - THIS IMAGE WAS PROVIDED BY A THIRD PARTY. EDITORIAL USE ONLY. NO RESALES. NO ARCHIVE.?[/caption]
Hackers do reuse code from other operations, so even copied lines fall well short of proof.
U.S. and European security officials told Reuters on condition of anonymity that it was too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.
FireEye Inc (FEYE.O), another large cyber security firm, said it was also investigating a possible link.
“The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator,” FireEye researcher John Miller said.
Looks like we have to wait and see if the evidence the cybersecurity researchers come up with can say definitively whether or not who was the real culprit in these attacks. You can, however, rest assured knowing that some of the best and brightest are on the case and will get to the bottom of this.
View our CyberSecurity section for more stories like this and other cybersecurity news.
“On average, 59 percent of enterprises get at least five applicants for each open cybersecurity position, but most of these applicants are unqualified,” the report states.
Most organizations surveyed are focused on hiring cybersecurity experts who have hands-on experience and certification rather than formal education. But, according to the report, in a newly burgeoning field, that’s hard to find.
“Almost 27 percent of respondents state that they are unable to fill open cybersecurity positions in their enterprises—with another 14 percent of respondents unaware as to whether their enterprises could fill these positions or not,” the report states. Source: REPORT: INDUSTRY GROUP RAISES ALARM ABOUT CYBERSECURITY SKILLS GAP
Help is Available
But ISACA is looking to fix that by helping HR departments find the most qualified it pros with their certification platform, which provides a 2-hour test that will report on strength and weaknesses of a candidate as well as offer performance based online training.
“It is all virtual machines, which means in each particular lab you’re talking to a real firewall, a real DMZ, a real web server, a real database server, whatever the configuration happens to be,” Chief Innovation Officer Frank Schettini explained to Associations Now. “And they’re actually up and live up in the cloud, so it is actually a real-time lab.” Source: NEW TOOL LETS HR TEST APPLICANTS’ CYBERSECURITY SKILLS
Streamlining The Process
It helps HR easily test competencies of a cybersecurity candidate as well as letting managers improve their existing IT employees.
“Now instead of going through a process of blindly hiring someone, you go through the process of having them run the skills assessment test, reading the results, and then deciding whether you want to hire the individual,” Schettini said.
“What this tool allows you to do is … know up front before you hire them what type of training investment you’re going to want to do to bring them on board,” he continued. “So the hiring process becomes much more straightforward—you know what you’re getting, you know what training program you want to set up—and the beauty of the platform is you can leverage the platform any way you want to set up that training program.”
Source: NEW TOOL LETS HR TEST APPLICANTS’ CYBERSECURITY SKILLS
Hopefully, this tool, along with a real concerted effort to teach the much-needed cybersecurity skills to the new crop of it professionals, will help us close our rather large current skills gap.
Ashton Mozano, a cybersecurity professor at the University of San Diego, details how most of the undergrads with a computer science or computer engineering degree, would rather create new products and technologies for Apple and Google than design and operate systems that spot, resist and alleviate a variety of attacks, than work in the non-sexy realm of cybersecurity despite the fact that most of the jobs, pay extremely well with the some of the lower-level positions paying as much as $80,000 a year. Management positions can top $235,000!
The nation’s colleges and universities are scrambling to add courses to prepare students to fill the huge number of cybersecurity jobs that have arisen due to exponential growth in hacking worldwide. The extent of the problem isn’t clear; analysts say the number of job vacancies ranges from 100,000 to 350,000, with as many as 45,000 positions in California. Ashton Mozano, a cybersecurity professor at the University of San Diego, says there are thousands of $80,000 entry-level jobs available to applicants who have nothing more than an undergraduate degree in computer science or computer engineering. Tons of $80,000 entry-level jobs going ignored - The San Diego Union-Tribune
It's been said that the best investment is in the tools of one's own trade and let's face it, as an IT Professional, there are plenty of tools that are needed to do an effective job.
Tools that help you monitor the network and scan for vulnerabilities, to tools that help you manage, troubleshoot and diagnose your systems and applications.
Over 202,381 professionals have used IT Central Station research on enterprise tech. Their site lets it pros compare the tools based on product reviews, ratings, and comparisons. All of their reviews and ratings are from real users, validated by their triple authentication process.
Cognos Software is IBM's Business Intelligence and Performance Management solution, offering BI, strategy management, financial performance, and data analytics applications. Cognos caters to all levels in an organization with products designed for individuals, workgroups, departments, mid-size companies, and big enterprises.
Microsoft BI is a business intelligence solution that turns data into insightful and useful business information that is relevant to all levels of the business.
Microsoft BI combines familiar Microsoft tools - Office, SharePoint, and SQL server, with extra features for end-users, such as Power View and Power Pivot. This powerful product gives businesses a competitive advantage by allowing end-users to better analyze their data, collaborate and better present their data.
OBIEE is a multifaceted network of tools that can create a more fluid and better-integrated data flow for your business. This service is actually a platform that is made up of six individual elements, rather than a single tool with multiple features. These services include: presentation catalog, BI presentation service, BI scheduler service, BI server service,administration client, and metadata repository.
The purpose of the OBIEE is to have an entire system for all of your enterprising needs. The various tools within the suite can take your data, organize it, analyze it and then glean the pertinent information from it,sending it on to the relevant parties who can then use it for metrics, pattern analysis, and future projections. The essence of the platform is to integrate your current IT together with their tools in order to give you the overall best return on investment with minimal fiscal obligations.
QlikView is a Business Intelligence tool that allows you to keep tabs on all of your business-related information in a clean, clear, and easy to access database that is intuitive to build and simple to navigate. It is ideal for business owners who wish to improve overall output by creating the most productive system possible.
Tableau is an enterprise analytics platform that enables your organization to explore trusted data in a secure and scalable environment. It gives people access to intuitive visual analytics, interactive dashboards, and limitless ad-hoc analyses that reveal hidden opportunities and eureka moments alike. Get the security, governance, and management you require to confidently integrate Tableau into your business—on-premises or in the cloud—and deliver the power of true self-service analytics at scale.
A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec, in Mountain View, California, U.S. May 15, 2017. Courtesy of Symantec/Handout via REUTERS ATTENTION EDITORS - THIS IMAGE WAS PROVIDED BY A THIRD PARTY. EDITORIAL USE ONLY. NO RESALES. NO ARCHIVE.?[/caption]
