Information Technology

StackCommerce
Cybersecurity skills are highly valued in the tech industry, and there are always job openings available. So if you want to switch to a well-paid tech job, these 10 e-learning bundles can help. They all have classes starting at the beginner level, and they’re on sale for an additional 50% off when you use coupon code LEARNNOW during our Best of Digital Sale.These courses are self-paced, and you don’t have to complete all of them before you can start applying for new positions. In fact, you’ll often be able to start sending out over 100 job applications a day after completing just one course.The Super-Sized Ethical Hacking BundleYou can learn beginner to advanced ethical hacking techniques, even with no prior experience. This bundle covers topics ranging from pen testing to social engineering, including hands-on interactive courses.For a limited time only, get The Super-Sized Ethical Hacking Bundle for $21.50 (reg. $1,080) with code LEARNNOW.The Ethical Hacker Master Class BundleThese 10 courses not only teach you ethical hacking from scratch, but they’ll also train for coveted CompTIA certifications. This includes A+, Network+, and Security+, three foundational certs that can endorse your skills in designing and implementing functional networks and addressing security incidents.For a limited time only, get The Ethical Hacker Master Class Bundle for $19.50 (reg. $4,883) with code LEARNNOW.How to Hack from Beginner to Ethical Hacking CertificationYou need no experience whatsoever to learn how to hack with this bundle of courses. They are designed for all levels and can take you from total novice to professional. Some of the topics covered include using Raspberry Pi to hack devices and coding custom tools with Python.For a limited time only, get How to Hack from Beginner to Ethical Hacking Certification for $19.50 (reg. $1,649) with code LEARNNOW.The Premium Ethical Hacking Certification BundleWhether you’re looking for an all-in-one hacking guide from zero to hero, specialized WordPress hacking skills, or CompTIA pen-testing prep, this bundle has what you need. You can switch to an exciting tech career with just one of these courses.For a limited time only, get The Premium Ethical Hacking Certification Bundle for $30 (reg. $1,600) with code LEARNNOW.The Ultimate White Hat Hacker Certification BundleThis is a highly-rated bundle of courses that provides a range of cybersecurity training in just 10 courses. Some courses cover tools like Wireshark, Tcpdump, Syslog, and Nmap, while others can help you gain valuable CompTIA certifications.For a limited time only, get The Ultimate White Hat Hacker Certification Bundle for $20 (reg. $1,345) with code LEARNNOW.The All-In-One 2022 Super-Sized Ethical Hacking BundleIf you’re looking for the most comprehensive bundle of ethical hacking courses, this is it. These trainings cover everything from bug hunting and pen-testing through an ethical hacking certification course.For a limited time only, get The All-In-One 2022 Super-Sized Ethical Hacking Bundle for $21.50 (reg. $3,284) with code LEARNNOW.The All-in-One Ethical Hacking & Penetration Testing BundleWhile the courses in this bundle cover a wide range of topics, from phishing to network layer attacks, it’s particularly suitable for anyone who wants to work with Microsoft Azure. The “Cloud Security with Microsoft Azure for Beginners” course, for example, could help you pursue a career change.For a limited time only, get The All-in-One Ethical Hacking & Penetration Testing Bundle for $14.99 (reg. $1,800) with code LEARNNOW.The 2022 Premium Certified Ethical Hacker Certification BundleThese 10 courses offer free ethical hacking tools, certifications to make your resume shine, and much more. Start from scratch and move at your own pace into advanced network hacking.For a limited time only, get The 2022 Premium Certified Ethical Hacker Certification Bundle for $17.50 (reg. $2,000) with code LEARNNOW.The 2022 Ultimate Ethical Hacking Super-Sized Certification Prep BundleWhether you are a complete novice, a Cisco professional, or anything in between, this bundle offers training material that can help you succeed as an ethical hacker. You can even prepare for the CompTIA Network+ and Security+ exams.For a limited time only, get The 2022 Ultimate Ethical Hacking Super-Sized Certification Prep Bundle for $17 (reg. $1,800) with code LEARNNOW.The Complete 2022 PenTest & Ethical Hacking BundleWith hands-on hacking, practical pen-testing courses, and more, you’ll be ready to take the CompTIA PenTest+ course included in this bundle. This certification may even help your resume stand out when seeking cybersecurity roles.For a limited time only, get The Complete 2022 PenTest & Ethical Hacking Bundle for $24.50 (reg. $1,770) with code LEARNNOW.

More ZDNet Academy Deals More

Eugene Krupnov: “A day after we left, an enemy rocket hit a high-rise building not far from our home in Kyiv.”
Image: Eugene Krupnov
“Our daughter kept asking if we would die.” Eugene Krupnov, developer of the popular Mac application Unclutter, found himself answering his eight-year-old daughter with a bit of pop-culture gallows humor. “Not today, we joked, quoting Arya from Game of Thrones.” On February 24, Krupnov and his family evacuated from Kyiv. “As we were fleeing the city, we heard how the shelling escalated, we saw unthinkable traffic across the highways and endless lines at every gas station. It was night time. And it seemed like an apocalypse.”
“The first days we had more confusion, panic and anxiety. Now you almost get used to things, and just have to care less. I try to consume less news, as it often brings stress and sadness.”  
— Unclutter’s Bohdan Toporivsky  

Krupnov told ZDNet, “A day after we left, an enemy rocket hit a high-rise building not far from our home in Kyiv.” Ukraine has a very large tech sector. According to Bloomberg, the country boasts a quarter of a million tech professionals, many of whom provide coding services to major players like Apple, Google, Lyft, Ubisoft, Daimler, BMW, Citi, and JPMorgan, among many others. According to the trade group IT Ukraine Association, as reported in the Wall Street Journal, IT export volume, “increased 36% to $6.8 billion last year, up from $5 billion in 2020 and $4.2 billion in 2019.” According to Ukrainian developer outsource firm Daxx, via research from SkillValue, Ukraine’s developers rank 5th worldwide in terms of overall competence. There are also thousands of entrepreneurial companies building their own software products. We spoke to eight of them this week. Tanya Vert is a PR specialist at BeLight Software. I’ve spoken to her over the years, particularly when I reviewed Live Home 3D. The idea for this article occurred to me when I was using Live Home 3D last week to rearrange my home workshop. Here I was using a product to rearrange my home, when the developers were losing theirs. The BeLight team is spread across Ukraine now, with half of the team staying in Odesa. When I checked in with Vert, she told me, “There are air raid alarms several times a day, explosions are heard all the time. People spend several hours every day in shelters. There is no subway in Odesa, so underground parking lots, basements and corridors inside buildings serve as shelters. Every night, we enjoy missiles, drones and air defense performance in the sky over the sea.” Headway startup team in the first days of the war.
Image: Headway startup
Bohdan Toporivsky is SEO and Content Manager, also at Unclutter. He shared what he calls “our life these days” with me. “The first days we had more confusion, panic and anxiety. Now you almost get used to things, and just have to care less. I try to consume less news, as it often brings stress and sadness.” In his email, he told me, “We are happy to have enough food and clothes – too many Ukrainians don’t have that luxury. Most of my other friends I text with are holding up relatively well too. It’s rather hard to sleep, air raid alert wakes us up once or twice a night (more during the day) and we go to the basement a.k.a. bomb shelter.” Bohdan Toporivsky: “It’s rather hard to sleep, air raid alert wakes us up once or twice a night (more during the day) and we go to the basement a.k.a. bomb shelter.”
Image: Bohdan Toporivsky
Right now, he’s living in a refugee/guest house of a local church. “We settled there,” he said, “not knowing for how long. It’s been almost a month now.” In the past week, I’ve spoken to eight companies either based in Ukraine or with large teams who work there. Amidst the horror of war, there were two themes that became apparent during our conversations: their efforts to maintain business continuity, and the Ukrainian spirit of their team members. Business continuity and data security Skylum is a company known for its Luminar and Aurora HDR photo editing products. Many in the Mac community know them by their original name, MacPhun. According to a post by CEO Ivan Kutanin, his team of 130 is currently scattered across Ukraine and the world.  Despite all the pressures he and his company are facing, one of the most important messages he wants his customers to hear is one of reassurance, “Rest assured that we securely host all of our infrastructure and user data on Amazon Web Services. All servers for this cloud service are located in the European Union and are not in Ukraine, so you can be confident that your data is securely stored.” Image: Anna UstynovaThe CEO of a software company is doing his best to reassure his customers about their security, while his own team is working out of “bomb shelters, on the road, or in the homes of relatives and friends in safer locations.” MacPaw is another company very familiar to Mac users. They make CleanMyMac X, Gemini Photos, and the Setapp Mac software subscription service. In a letter to ZDNet, Oleksandr Kosovan, MacPaw’s CEO and founder told us, “MacPaw is a company from Ukraine and operates primarily in Kyiv. Part of our team decided to stay in Ukraine to defend our country and help people in need. Some team members moved abroad to safer places with their families and kids.”
“There are many different situations being experienced by our people. Some have returned to 80-100% work capacity, others are still in shock, while others are experiencing air-raid alarms every few hours.”
— Readdle’s Maria Henyk

According to Kosovan, “Those team members who are already outside of Ukraine are working to maintain MacPaw products and the stability of the company’s services. While preparing for the massive invasion, the company also organized an office in Ivano-Frankivsk, Western Ukraine. We prepared the company to work completely autonomously.” Kosovan told us he is staying in Kyiv, “to protect Ukraine and stop the war in any way possible.” So is MacPaw CTO Vera Tkachenko. In a tweet, she says, “Seventh day of a war. I’m staying in Kyiv and have to move to a shelter several times a day. Food and medicine supplies are limited. Civilians in suburbs are attacked with bombs several times a day. But our defense forces are real heros and we’ll win!” Image: Bohdan ToporivskyReaddle is a Ukrainian-founded company that produces Spark email and PDF Expert. In an email conversation with Maria Henyk, Readdle’s PR & marketing manager, she told us, “We’re equipping a location in Odesa as a shelter for the team, their families, and their pets. The company is providing financial help for all Ukrainian employees, along with assistance for those who can and want to move abroad.” “There are many different situations being experienced by our people,” Henyk told us. “Some have returned to 80-100% work capacity, others are still in shock, while others are experiencing air-raid alarms every few hours.” Henyk asked us to share this message, “As for our customers, nothing has changed for them. For many years, we’ve been investing in the safety and security of our systems and products, so everything customer-facing is up and running. Millions of people worldwide rely on our products, receiving timely updates and customer support.” Anna Ustynova provides communications and global PR for Headway, a maker of a motivational app. In an email, she told ZDNet, “Since the beginning of the invasion, the top priority of Headway has been to ensure the safety and well-being of our employees and their families in Ukraine. We have launched an emergency plan, and now over 95% of the Ukrainian Headway teammates and their families, who desired to move, are in a safe place.” Image: Anna UstynovaShe continued: “Our Kyiv R&D unit settled down partly in the west of Ukraine, partly abroad. No employee was fired; instead, Headway is going to hire more Ukrainian talents and all previously sent offers were secured and already two employees have joined us since 24th February.” Ajax System makes smart alarms popular in Europe. Valentine Hrytsenko, chief marketing officer at Ajax Systems told ZDNet, “Since the outbreak of the war in Ukraine, our company is doing everything necessary to ensure the protection and safety of its people, business, and supplies to partners.”  
“To protect the safety of our team members, we won’t be providing further details of our contingency plans or team member locations.”
— Grammarly’s Jen Dakin

As with the other companies seeking to retain some level of normality in the midst of war, Hrytsenko sought to reassure customers, “The Ajax server infrastructure functions without interruption, so users and partners don’t have to worry about the stability of already installed systems. Ajax’s servers are geographically dispersed throughout Europe in Amazon data centers in Ireland and Germany.” Grammarly makes a well-known cloud-based writing assistant. According to Jen Dakin, consumer PR manager, “Grammarly’s first priority remains the safety and well-being of our team members. We have implemented our contingency plans that include relocating team members and their families to help them remain safe.” Beyond that, Dakin was keeping operational security for Grammarly, telling us only, “To protect the safety of our team members, we won’t be providing further details of our contingency plans or team member locations.” These developers are doing their best to reassure their customers that their services will continue, even as their world is being blown apart around them. Each of these teams spent years building their companies and products into successes, and ensuring continuity of their businesses – in the worst and most scary of conditions — is also about survival. If their companies suffer or shutter, they lose their livelihoods too. But there’s so much more. Each of these companies shared with me their contributions to the war effort. Ukrainian spirit Jen Dakin told us, “Grammarly will donate all of the net revenue earned from Russia and Belarus since the war started in 2014 through 2022 to causes supporting Ukraine—totaling over $5 million.” Hrytsenko of Ajax Systems told us about work the company is doing with the Ministry of Digital Transformation of Ukraine. He described an app Ajax built called Air Alert that “instantly informs about the beginning and end of a civil defense alert. The app generates a loud critical alert warning of an airstrike, chemical attack, or other types of civil defense alerts. The app receives signals first-hand from Ukrainian regional administrations, allowing people to react as quickly as possible.” Image: Anna UstynovaReaddle’s Henyk told ZDNet about the dedication of the company’s employees and how the company is supporting them, “Many people are taking part in volunteering projects, and some have joined territorial defense forces. We are proud of our team and such strength and bravery and are keeping their positions open and paying all salaries for all people as normal.” In her email to us, she continued: “Readdle employees themselves have donated tens of  thousands of dollars to the Ukrainian defense, and the company has matched this amount.” MacPaw’s Kosovan shared his pride in his team: “MacPaw team members volunteer to provide food and medicine, support Ukrainian Army, donate blood and money to Ukrainian charities like other Ukrainian citizens all over the country. Some of us are fighting in the Ukrainian Army, Territorial Defense, and the Ukrainian IT Army.”
“We try and do what we can. Our warriors need all the support they can get, on all fronts.”  
— Bohdan Toporivsky  

Kosovan also tells us that since the beginning of the war, MacPaw has been actively involved in delivering humanitarian aid to Ukrainians in need through the MacPaw Development Fund. In an email to ZDNet he said, “The MacPaw Development Fund is able to quickly source and distribute large quantities of food, medical supplies, hygiene products, and other humanitarian aid to those in need. The Fund can do it faster than most larger organizations and this can help save lives when every moment counts. Through the Fund, to date, MacPaw has spent over $4M to provide food, medical supplies, and other necessities to Ukrainians in the war zones.” BeLight’s Vert told us a little more about how her team is supporting the war effort: “We keep working from home now and help Ukraine in every way we can. Some with donations, others are helping Territorial Defense with supplies, or with the preparation of Molotov cocktails (a special explosive substance used by civilians to fight the occupants), some joined the regional branch of the Red Cross in Uzhhorod, Western Ukraine, as a volunteer.” For Unclutter’s Toporivsky, it’s all about volunteering. He told ZDNet, “A few days after the war began and we moved to that safer place, we understood that we could not just wait, read awful news, and take no action anymore.” “And four of us began doing whatever we could to somehow help our Ukrainian defenders and victims of war. Then six of us, then many more in different cities of Ukraine and beyond,” Toporivsky said in an email. “Thanks to various friends with connections to the Ukrainian army, volunteers, and funds, we started arranging humanitarian help from Poland, Slovakia, Czech Republic, and other European countries. Food, medicines, clothes, hygiene products, etc. Military equipment and protection too, when possible.”

“There aren’t many of us, and the scale could be much bigger – we still try and do what we can,” says Toporivsky. “It’s hardly possible to do regular work nowadays. Hoping I’ll get back to it later, when things slow down. After all, our warriors need all the support they can get, on all fronts.” Life in Ukraine Unclutter CEO Krupnov told us, “We’ve been planning to release a major update this fall. And minor updates this spring. But now all the development has come to a halt. We’re only able to provide user support.” “Imagine that your life has completely changed in just a few days,” Krupnov said. “It’s emptiness, fear for your loved ones, and shame you feel because you don’t do enough for your country. It’s a sensation of overwhelming despair each time you read about murdered civilians and children or soldiers who died protecting their homeland. It’s also destroyed cities – the places you loved and felt connected to.” Still, he’s hopeful. “Though we’re scattered across the globe now, we still keep in touch and support each other. Some day, after the victory, we will get together once again to continue our work after a great celebration.” If you want to help, we’ve provided a number of donation sites and resources you can explore in the companion article, “Ukraine: How you can help.”

Ukraine Crisis

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV. More

These contribution opportunities were suggested by the companies we profiled in the companion piece, “Ukrainian software developers: Email and photos from the war zone.” Humanitarian Support NBU Fundraising Account: According to their website, “This account is meant for charity contributions from Ukraine and from abroad. The Ministry of Social Policy will channel the raised funds to support Ukraine’s citizens severely affected by the war.”

Donate goods and food to Ukranians: If you live near any of the cities listed at this link, you can bring goods and food to be delivered to Ukranians in need by Nova Poshta Global. Help host evacuating Ukranians: UkraineNow works to find relocation destinations for evacuees. Save the Children: Save the Children is operating an emergency fund for displaced Ukrainian evacuees. Razom Emergency Fund: Razom unites various Ukrainian activists. Razom Emergency Response is providing critical humanitarian war relief and recovery according to the most urgent needs as they evolve. Nova Ukraine: Nova Ukraine is a nonprofit organization dedicated to providing humanitarian aid to the people of Ukraine. MacPaw Development Fund: The MacPaw Development Fund has been sourcing medical supplies and distributing them to hospitals, financing the production of protective gear for the Ukrainian Army and territorial defense units, supplying the military with cell phones and computers, and printing maps for patrols in Kyiv. World Central Kitchen: WCK arrived in Poland on Feb. 24th to help refugees arriving from Ukraine. In response to the February 24 attacks on Ukraine, the WCK team is serving hot, nourishing meals at a 24-hour pedestrian border crossing in Southern Poland. The Salvation Army: The nonprofit’s “Love Beyond Conflict” campaign is asking donors to support families fleeing crisis in Ukraine to help provide peace and safety.Team Rubicon: Serves communities by mobilizing veterans to continue their service, leveraging their skills and experience to help people prepare, respond, and recover from humanitarian crises. The nonprofit is pre-positioning its mobile Emergency Medical Team in Poland to assist the mass crowds of refugees crossing the border every day. Community Organized Relief Effort (CORE): A crisis response organization that brings immediate aid and recovery to underserved communities across the globe. In immediate response to the crisis in Ukraine, the CORE team is on the ground in Poland supporting the immediate needs of refugees. CORE’s initial efforts are focused on distributing hygiene kits and supplying refugees with cash assistance to help families get access to life-saving items such as food, water, and safe transit to shelter. The Tunnel to Towers Foundation: Honors the sacrifice of firefighter Stephen Siller who laid down his life to save others on September 11, 2001, as well as our military and first responders who continue to make the supreme sacrifice for our country. On March 10, the nonprofit committed $1 million to the children of Ukraine in an effort to help them find safety amid the conflict in their country. Additionally, T2T is collecting additional donations to amplify their impact and provide relief.Unclutter’s Help Ukraine Fund: Unclutter has a neat approach. If you donate, they’ll give you a free copy of Unclutter (note: I use this every day) and the funds you donate will go to local volunteers and charitable organizations. Support animals Help rescue, feed, and relocate animals: UAnimals helps shelters financially, provides them with food, and tries to evacuate animals to other countries. Journalism support Donate to support journalists on the ground: Donations to the 24.02 Fund provide bulletproof vests, helmets, fuel, sat phones, diesel generators, walkie talkies, and relocation help for journalists’ families. Activism Join a peace protest: This Google table lists upcoming peace protests and additional information about each protest’s organizers. Defense Support Donations to the Ukranian Army: This is a direct donation link to an account that disburses funds to the Ukrainian Army. Donations to Ukraine’s military via National Bank of Ukraine: This is another direct donation link that disburses “to support the Armed Forces of Ukraine.” Come Back Alive: This fund supports the Ukrainian Armed Forces with, according to the fund, “financing purely defense initiatives. Since 2014 we have provided around 1000 thermal imagers and over 250 UAVs. In addition to the material support, we increased the technological capabilities of the Army through providing 1,500 tablets with Armor software aimed at stopping the artillery.” Support Ukrainian defenders: The KOLO fund, a charity fund created by IT specialists from Ukraine, provides soldiers and volunteers with helmets and body armor, satellite phones and tactical radio equipment, quadcopters and drones, and thermal imagers and sights. You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV. More

Cyber criminals are posing as recruiters and employers to offer people fake jobs in a scheme designed to steal money, personal data and trick victims into helping them commit money laundering. Detailed by cybersecurity researchers at Proofpoint, the job fraud campaigns attempt to lure people in with the promise of upfront payments for simple jobs that can be done while working from home. 

ZDNet Recommends

Nearly 4,000 of these email threats are being sent every day – most are sent to people in the United States, but Europeans and Australians have also been targeted. SEE: A winning strategy for cybersecurity (ZDNet special report) In over 95% of cases, the attackers are aiming at email accounts linked to universities and colleges, targeting students who are likely to be open to flexible and remote work opportunities.Remote work has risen because of the COVID-19 pandemic, something that could make the approaches look less suspicious to victims. Some of the fraudulent emails even reference COVID-19 as a reason for the fake jobs being remote. While the lure of making easy money from remote work sounds tempting, the attacks are designed to fleece victims – according to the FBI, the average loss for victims of employment fraud actions is around $3,000. “These types of threats can cause people to lose their life savings or be tricked into participating in a criminal operation unknowingly. They are very concerning for universities especially,” said Sherrod DeGrippo, senior director of threat research and detection at Proofpoint. Those behind the attacks use several different templates, often using the real branding and logos of the companies they’re claiming to come from. The attackers are also known to use spoofed or compromised email addresses of recruiters in order to send initial emails. One of the scams purports to be from the United Nations Children’s Fund (UNICEF) for an executive personal assistant role, claiming to offer $400 for eight hours a week of work. The email contains link to a Google form, asking for a name, alternative email address, and phone number. If the victim enters their details, they receive another email with more information about the supposed job, and if the offer is accepted, the attackers send a fake cashier’s check, initially for $950, then rising to $1,950 – this is designed to look like the victim will be paid, when that isn’t the case. Instead the attackers ask the victim how much they have in their bank account, so money can supposedly be used to send toys to children in orphanages – researchers were asked to transfer $1,000. The attackers asked for the transfer to be made – something that leaves the victim out of pocket because the fake cashier’s check that supposedly covers the cost can’t be cashed. Another of the phony jobs takes a different route, sending emails in which the attackers are claiming to be recruiting college students for an alleged modelling job – which doesn’t really exist. The email claims that the victim will be paid over $2,750 up front, and any expenses related to the shoot will be reimbursed.  SEE: My stolen credit card details were used 4,500 miles away. I tried to find out how it happened  The attacker emails a fake check and, in some instances, it is even sent to the victim’s home – but because it’s fake, it can’t be cashed. In this case, the fraud is based around sending money to cover “shipping costs” for items to be used in the shoot – items that are never ordered for a shoot that won’t happen, ultimately resulting in money being stolen from the victim. Not only can these fake jobs leave people out of pocket, they could also potentially be unwittingly helping to facilitate cybercrime, as it’s likely some of these cash transfers are part of fraud related to other schemes. In aiming at students, the attackers are potentially exploiting naivety about online threats and the world of work – for example, a legitimate employer is very unlikely to send a paycheck before an employee’s first day of work and nor will they ask employees to buy items before they start the job. In order to avoid falling victim to these scams, it’s recommended that caution is exercised when receiving an unexpected job offer, especially if it comes from a freemail account like Gmail or Hotmail, but claims to be coming from a legitimate organisation. People should also be wary about nonexistent or overly simple interview questions and a lack of information about the job itself, or requests to switch to a personal email address or private chat account to discuss the opportunity. It’s also worth remembering that if an opportunity seems too good to be true, then it probably is.MORE ON CYBERSECURITY  More

Sitel has published an update concerning a recent security incident involving the Lapsus$ hacking group and Okta.  Following the circulation of screenshots by the Lapsus$ group on March 22, which appeared to show unauthorized access to Okta accounts and potentially privileged information, Okta launched an investigation. Sitel, an Okta subprocessor, was named as the third-party responsible for the security breach. 

ZDNet Recommends

The best security key

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

Okta says that Lapsus$ may have impacted up to 366 customers in January 2022. Over five days, Lapsus$ had access to an Okta.com Superuser/Admin account reportedly owned by a Sitel customer support engineer. Okta has since said the company “made a mistake” by not informing customers sooner. “Sitel is our service provider for which we are ultimately responsible,” the company commented. “In January, we did not know the extent of the Sitel issue — only that we detected and prevented an account takeover attempt and that Sitel had retained a third-party forensic firm to investigate.” On March 29, Sitel published a statement on the cyberattack, having said little more previously that an investigation was ongoing. Sitel says it is “cooperating with law enforcement on this ongoing investigation and are unable to comment publicly on some of the details of the incident.” However, the company has said that the incident was related to the “legacy Sykes network only.”Documents obtained by cybersecurity researcher Bill Demirkapi and viewed by TechCrunch, including a Mandiant forensics report, suggest that attackers were able to access a spreadsheet containing passwords for domain administrator accounts. Sitel claims the document “listed account names from legacy Sykes but did not contain any passwords” but did not provide any further details. “The Sitel Group Security team believes there is no longer a security risk regarding this incident,” Sitel added. “Even after the completion of the initial investigation, Sitel Group continues to work in partnership with our cybersecurity partner to assess potential security risks to both the Sitel Group infrastructure and to the brands Sitel Group supports around the globe.” After taking a “vacation,” Lapsus$ has begun publishing new content on the hacking group’s Telegram chat.  On March 30, Lapsus$ claimed to have compromised Globant, a software development firm headquartered in Buenos Aires, Argentina. The threat actors allege that they have managed to steal client source code and have published a 70GB torrent file.  ZDNet has reached out to Globant, and we will update when we hear back.  See alsoHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The vast majority of cybersecurity professionals think that the business they work for is a target for nation-state hackers, but only a small fraction think that their organisation can confidently identify if attacks are actually being carried out by hostile states.According to analysis by cybersecurity company Trellix, half of all organisations think they’ve been the target of a nation-state cyberattack within the past 18 months, while a further 42% think they’ll be subject to one in the future. Fewer than one in 10 businesses believe that they’re not a target for nation-state hackers at all. 

For organisations that have been targeted by nation-state-backed hackers, the most likely suspects identified by cybersecurity staff are Russia and China, along with cyber -criminal mercenaries suspected of working on behalf of governments.  SEE: A winning strategy for cybersecurity (ZDNet special report) North Korea, Iran and western governments are among those that are also suspected of being behind attacks, while some cybersecurity staff concede that it’s just too difficult to tell who is behind campaigns. When asked how confident they were that, without help, their organisation could tell the difference between cyberattacks carried out by a nation states and cyberattacks carried out by cyber criminals, just a quarter said that they have complete confidence that this would be the case. This lack of awareness could lead to issues down the line, as nation-state-backed hacking operations are often designed to create long-term persistence on networks, meaning that if an intrusion isn’t correctly identified as being the work of hostile government-backed cyber attackers, even if an attempt is made to clean it up, not knowing that it’s a well-resourced nation-state-backed attack could lead to backdoors and other remnants of the attack being missed – and exploited later on. “Nation-state cyber incidents are more sophisticated and persistent than an average cyber crime incident. Successfully detecting and responding to these types of attacks requires a deeper understanding of the adversaries’ methods and their intended goal,” John Fokker, principal engineer and head of cyber investigations at Trellix, told ZDNet. “Many organisations struggle with successfully detecting backdoors left behind after a state-backed cyber incident,” he added. Even organisations that aren’t confident in their ability to identify nation-state-backed cyberattacks say it’s important to be able to do so, although many are limited by cybersecurity strategy or a lack of resources. The vast majority – 90% – of those surveyed said that their own government needs to do more to help to help them protect themselves against hostile, foreign observatories. “Governments can provide organisations who have been targeted with vital intelligence to better assess the origin and objective behind a state-backed cyber incident,” said Fokker. Defending against cyberattacks, particularly those by enemies with significant resources behind them, is a challenge, but there are steps that can be taken to improve the odds. This includes cyber-hygiene measures, like applying critical security patches, and requiring the use of multi-factor authentication to help keep attackers out of the network. It’s also vital for cybersecurity staff to fully understand the network they’re defending, so they can identify all the assets that need protection and to take action against any potentially suspicious activity. MORE ON CYBERSECURITY More

A new strain of Python ransomware is targeting environments using Jupyter Notebook. 

Jupyter Notebook is an open source web environment for data visualization. The modular software is used to model data in data science, computing, and machine learning. The project supports over 40 programming languages and is used by companies including Microsoft, IBM, and Google, alongside numerous universities. Aqua Security’s Team Nautilus recently discovered malware that has honed in on this popular data tool.  While Jupyter Notebook allows users to share their content with trusted contacts, access to the app is secured through account credentials or tokens. However, in the same way, that businesses sometimes do not secure their AWS buckets, leaving them open for anyone to view, Notebook misconfigurations have also been found.  The Python ransomware targets those that have accidentally left their environments vulnerable. The researchers set up a honeypot containing an exposed Jupyter notebook application to observe the malware’s behavior. The ransomware operator accessed the server, opened a terminal, downloaded a set of malicious tools — including encryptors — and then manually generated a Python script that executed ransomware.  While the assault stopped without finishing the job, Team Nautilus was able to grab enough data to simulate the rest of the attack in a lab environment. The encryptor would copy and then encrypt files, delete any unencrypted content, and delete itself. 
Aqua Security
It should be noted that no ransom note was included as part of the package, which the team suspects indicate one of two things: either the attacker was experimenting with their creation on the honeypot, or the honeypot timed out before the ransomware attack was completed. While attribution isn’t concrete, the cybersecurity researchers say they might be “familiar” with the miscreant due to their trademark checks before an attack begins. Clues indicate the individual could be from Russia, and if it is the same attacker, they have been linked to cryptojacking attacks on Jupyter environments in the past.  A Shodan search reveals several hundred internet-facing Jupyter Notebook environments are open and accessible (although some may also be honeypots.) “The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and deletes itself after execution to conceal the attack,” the researchers said. “Since Jupyter notebooks are used to analyze data and build data models, this attack can lead to significant damage to organizations if these environments aren’t properly backed up.” See alsoHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Change the default user name and password settings on your internet-connected uninterruptible power supply (UPS) units, the US government has warned.  UPS units are meant to provide power backup to keep devices, appliances and applications connected to the internet by supplying off-grid power to places like a data center during a power outage. But hackers have been targeting internet-connected UPS units to disrupt the backup power supply. 

The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DOE) said they “are aware of threat actors gaining access to a variety of internet-connected uninterruptable power supply (UPS) devices.” SEE: This sneaky type of phishing is growing fast because hackers are seeing big paydaysHow? Just like many Internet of Things (IoT) devices, such as routers and smart-lighting systems, they are gaining access “often through unchanged default usernames and passwords.” The risk of not changing the default credentials in IoT devices and appliances isn’t new. It’s also a problem that reminds admins of the importance of network-hardening guidance.    UPS devices are a critical backup power supply because of the costs of downtime when core business applications and staff devices can’t connect to the internet. In healthcare, lives might depend on a UPS in an outage because of powered medical devices.As CISA notes, UPSs can protect small loads, such as a few servers, large loads, like an entire building, or massive loads, including a data center. One complication in an organization is the question of exactly who should manage UPS devices, which only becomes necessary during a power outage. “Various different groups within an organization could have responsibility for UPSs, including but not limited to IT, building operations, industrial maintenance, or even third-party contract monitoring service vendors,” CISA notes in an insights alert. CISA doesn’t cite examples of recent attacks or attribute these threats to specific actors. However, in this case, it seems more important to emphasize remediation steps. As CISA notes, it’s rare that a UPS’s management interface needs to be accessible from the internet. So, its bolded advice is: “Immediately enumerate all UPSs and similar systems and ensure they are not accessible from the internet.” It also recommends viewing its, and the NSA’s, warning that state-sponsored attackers have targeted internet-accessible operation technology (OT) to breach critical infrastructure, such as water utilities. Again, the agencies warn of the risks of remote access to OT networks and the use of default passwords. If the UPS device’s management interface must be accessible from the internet, CISA advises putting these controls in place: Ensure the device or system is behind a virtual private networkEnforce multi-factor authenticationUse strong, long passwords or passphrases in accordance with National Institute of Standards and Technology guidelines (for a humorous explanation of password strength, see XKCD 936, CISA notes)Check if your UPS’s username/password is still set to the factory default. If it is, update your UPS username/password so that it no longer matches the defaultEnsure that credentials for all UPSs and similar systems adhere to strong password-length requirements and adopt login timeout/lockout features More