Information Technology

It’s actually so much easier than you might imagine to train for a well-paid career in the tech industry. Even just one of the six certification exams covered in The All-in-One Microsoft, Cybersecurity & Python Exam Prep Training Bundle is enough to make your resume shine among masses of competing job applicants.

ZDNet Recommends

The “Python MTA 98-381 Complete Preparation Course” will teach you the basics of computer programming, so you’ll learn how to code the right way, using less time with improved efficiency and maximum productivity. And you can actually be ready to pass the PCEP Certified Entry-Level Python Programmer Certification Exam in just seven days with “PCEP: Certified Entry-Level Python Programmer Certification Prep Course”. In “MTA 98-361 Software Development Fundamentals Preparation Course”, you’ll find out how to build custom functions, automate programming tasks, and much more. By the end of this class, you’ll have the skills to land a job in IT software development.The skills you learn in “ITIL 4 Certification Exam: A Complete Preparation Masterclass to Master ITIL” will help you to understand your customers better, improve management of your resources and increase productivity. You’ll also learn how to manage risk without disrupting your service or, worse, sabotaging it accidentally.”CySA+ Cybersecurity Analyst Certification Preparation Course” is a student favorite; they rated it an impressive 4.8 out of 5 stars. It covers cyber incident response, threat and vulnerability management, security architecture, and toolsets. Instructor Dr. Chris Mall is supremely well-qualified to teach it with a Ph.D. in Computer Science, Software Development, as well as multiple professional certifications in information technology.If your website exists in Europe, it is essential to have a comprehensive understanding of GDPR. And that’s what you’ll get from the “GDPR CIPP/E Certification Complete Preparation Course”.Just one of these certifications is enough to qualify you for a new well-paid tech career. It won’t be long before you’ll be checking out new iPhones and gaming accessories bargains.

You really don’t want to pass up the opportunity to equip yourself with in-demand tech skills when you can get an additional 40% off the already low $29 sale price of The All-in-One Microsoft, Cybersecurity & Python Exam Prep Training Bundle for a limited time during our VIP Sale by using the coupon code VIP40.

ZDNet Academy More

Whenever I’m asked for things that are a must-have, a YubiKey is on the top of my list no matter what platform or operating system people are using — Windows, Mac, or Linux, Android or iOS.It doesn’t matter.Everyone needs a YubiKey.

see also

Best VPN services

Virtual private networks are essential to staying safe online — especially for remote workers and businesses. Here are your top choices in VPN service providers and how to get set up fast.

Read More

So, what is a YubiKey?A YubiKey is the ultimate line of defense against having your online accounts taken over. And with prices starting at $45, it’s one of those indispensable gadgets for the 21st century.A hardware authentication device made by Yubico, it’s used to secure access to online accounts, computers, and networks. The Yubikey 5 Series look like small USB flash drives and come in a range of different connectors — USB-A, USB-C, and USB-C and Lightning combo. There are versions that also include support for NFC.It offers two-factor authentication (also known as multi-factor authentication or two-step verification) for hundreds of online services, from Facebook, Google, and Twitter, to more specific services such as Coinbase, Salesforce, and Login.gov. Your YubiKey can also be used to secure password storage services such as Bitwarden, Password Safe, and LastPass.

The YubiKey 5 Series keys support a broad range of protocols, such as FIDO2/WebAuthn, U2F, Smart card, OpenPGP, and OTP. Having a YubiKey removes the need, in many cases, to use SMS for two-factor authentication — a method that has been shown to be insecure.If your online accounts are keeping something that you can’t afford to lose, a Yubikey makes perfect sense. I’ve been using YubiKeys for years now, and they have been flawless and foolproof.While one YubiKey is enough to get started with, I have several. Not only does this give me a backup in case I lose one (I haven’t yet!), but if I pick a couple with different connectors (say the USB-C/Lightning and a USB-A with NFC), this gives me the flexibility to log into accounts across a range of devices.
YubiKey 5 NFC

This YubiKey features a USB-A connector and NFC compatibility.

YubiKey 5C NFC

This Yubikey features a USB-C connector and NFC compatibility.

YubiKey 5Ci

This Yubikey features a USB-C connector and a Lightning connector for the iPhone.

Yubico FIDO Security Key NFC

A cheaper version of the Yubikey, this one is FIDO certified and works with Google Chrome and any FIDO-compliant application on Windows, macOS, or Linux. Use this to secure your login and protect your Gmail, Dropbox, Outlook, Dashlane, 1Password, accounts, and more.Note that this YubiKey is not compatible with LastPass, which requires a YubiKey 5. Always check for compatibility with the services you want to use before buying. More

iOS 15 is a treasure trove of new features to explore. One awesome new feature could help prevent you from losing your iPhone.Called Separation Alerts, what this does is that it can alert you if you leave one of your devices behind by sending a message to other devices that you have with you.This feature is part of the Find My app, so to find it you need to make your way into the app.Once there, tap on Devices at the bottom. Tap into a device and look under Notifications for Notify When Left Behind (note that not all Apple hardware currently supports this feature). ×img-1612.jpgOne there, you can activate it, as well as creating exclusion zones where you won’t get notifications (your home is automatically added, but there may be other places where you walk away from your devices).It’s that simple.Now if you accidentally leave behind a device, it will attempt to alert you by sending a message to your other devices.

Separation Alerts also work for AirTags, as well as third-party accessories that support Apple’s ‌Find My‌ network. More

Coinbase is sending out breach notification letters to thousands of users after they discovered a “third-party campaign to gain unauthorized access to the accounts of Coinbase customers and move customer funds off the Coinbase platform.” First reported by The Record, the letters say at least 6,000 Coinbase customers had funds removed from their accounts.”In order to access your Coinbase account, these third parties first needed prior knowledge of the email address, password, and phone number associated with your Coinbase account, as well as access to your personal email inbox. While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor,” Coinbase told affected customers in the letter. “We have not found any evidence that these third parties obtained this information from Coinbase itself. Even with the information described above, additional authentication is required in order to access your Coinbase account. However, in this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account. Once in your account, the third party was able to transfer your funds to crypto wallets unassociated with Coinbase.”

Coinbase has faced significant backlash and criticism since a groundbreaking report from CNBC this summer found that thousands of people had suffered from similar account takeovers and saw money vanish from their accounts.When they contacted Coinbase for help, they were either ignored or hit with flippant responses that it was not the company’s fault they lost money. For some time Coinbase had no customer service at all. One couple, Mindaugas and Loreta from Horsham, Sussex, UK, lost more than $20,000 in a Coinbase phishing scam. The two said scammers pretended to work for Binance and Coinbase before breaking into the couple’s account and transferring their cryptocurrency to a private wallet. 

The couple contacted researchers with CyberNews for help after their attempts to get help from Coinbase were ignored. “At first, we thought it might be some kind of mistake or a glitch. But since their knowledge base had no option that covered any bugs or glitches, we decided to inform Coinbase that my husband’s account has been compromised. But all we got back was a password reset request,” Loreta said.The scammers doubled down on the attack, sending them a password reset for the Binance platform, where the couple also had purchased cryptocurrency. The scammer called the couple to gain their account information for Binance. “He said ‘We see that you have an account at Binance and since Coinbase and Binance are sister companies…’ And that’s when I saw he was trying to dupe us. Next thing I hear, he’s telling us to prove our identity either by transferring £5,000 from our Binance account to Coinbase or by giving them our Binance authentication code so that they can transfer the missing £15,000 to my husband’s Binance account,” Loreta said, noting that after this incident they called the police.”We’re still waiting for an answer. And since ‘only’ £15,000 was stolen, we’re not very hopeful that the police will do anything about it. Right now, all we hope for is that Coinbase takes a hard look at their security procedures and improves them so that situations like ours don’t happen to others.”Edvardas Mikalauskas, senior researcher at CyberNews, told ZDNet that through investigating the case of the couple, they found that the cryptocurrency had been laundered through a series of wallets that made it impossible to figure out where they went. Mikalauskas said hundreds, if not thousands, of cases like Mindaugas’ occur every day and noted that while crypto wallets are unlikely to have the same robust security procedures as a bank, Coinbase could introduce better suspicious or malicious behavior detection techniques and more robust measures to protect user accounts. “For example, banks commonly use AI to spot malicious behavior and automatically block transactions that look suspicious, then contact the customer for verification. These threat detection techniques should then be supplemented with better customer support relating to account breaches and takeovers, to help customers deal with the issues that result from a scam,” Mikalauskas said. “I wish Coinbase had a protection system in place to refund the lost crypto.”In its breach notification letters, Coinbase said it has updated its SMS Account Recovery protocols so that the authentication process cannot be bypassed. For the 6,000 US victims referenced in the letter, Coinbase said it would be depositing funds into their accounts equal to the value of the currency removed from their account at the time of the incident. “Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost. You should see this reflected in your account no later than today,” Coinbase said.But in addition to the cryptocurrency that was stolen, Coinbase said the cybercriminals who accessed the accounts also saw personal information like names, email addresses, home addresses, dates of birth, IP addresses for account activity, transaction history, account holdings and balances.Some accounts may have had information changed as well, Coinbase admitted. They have set up a phone support line at 1 (844) 613-1499 to help those who may have questions. They will also provide free credit monitoring for an undisclosed amount of time for those affected. Coinbase noted that it is still investigating the incident and is speaking with law enforcement about the issue.  More

The Justice Department has sentenced a former medical records technician for the US Army after he was caught accessing personal information from US veterans and using the data to steal millions from benefits sites. Fredrick Brown, a 40-year-old from Las Vegas, was sentenced to more than 12 years in prison after pleading guilty to conspiracy to commit wire fraud and conspiracy to commit money laundering charges. Brown’s actions led to $1.5 million in losses after he targeted more than 3,300 members of the US military community through a multinational fraud ring. Brown worked with four other people to defraud both service members, their dependents and civilians employed by the Department of Defense.As a civilian medical records technician and administrator with the US Army at the 65th Medical Brigade, Yongsan Garrison in South Korea, Brown admitted to stealing names, Social Security numbers, military ID numbers, dates of birth and contact information for thousands of military members between July 2014 and September 2015.While logged into the base’s electronic health records database, he took photos of his computer screen and sent the photos to Robert Wayne Boling Jr., who was based in the Philippines. From there, Boling Jr. and others used the information to access DOD and Veterans Affairs benefits sites and steal millions of dollars.

“Rather than honoring those servicemembers and veterans who sacrifice for them, the defendant and his co-conspirators targeted and stole from these brave men and women in a years-long fraud scheme. Such conduct is an affront to the United States and will not be tolerated,” said the Justice Department’s Brian Boynton. US Attorney Ashley Hoff noted that many of those targeted in the scheme were disabled or elderly because they receive more service-related benefits.In addition to his prison sentence, Brown was ordered to pay $2,331,639.85 in restitution. The Justice Department said 34-year-old Trorice Crawford had also been charged in 2020 in connection to the crime.  More

The White House plans to convene a 30-country meeting this month to address cybersecurity, President Biden said in a statement Friday. The topics of the meeting, Biden said, will include combating cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, building trusted 5G technology and better securing supply chains. “We are bringing the full strength of our capabilities to disrupt malicious cyber activity, including managing both the risks and opportunities of emerging technologies like quantum computing and artificial intelligence,” Biden said. The first cybersecurity meeting will be held virtually, CNN reports. The meeting follows a series of dramatic cybersecurity incidents over the past year, including the Colonial Pipeline ransomware attack that shut down gas and oil deliveries throughout the southeast, the SolarWinds software supply chain attack and an extensive hack on Microsoft Exchange servers.Following the Kremlin-backed SolarWinds attack, cyber attacks became a major part of talks between Biden and Russian president Vladimir Putin over the summer. In late July, Biden said that a major cyber reach could lead to “a real shooting war.”

In addition to mobilizing multi-national cybersecurity initiatives, the Biden administration has taken steps to improve cyber resiliency domestically. “The Federal government needs the partnership of every American and every American company” to address cybersecurity, Biden said Friday. “We must lock our digital doors — by encrypting our data and using multifactor authentication, for example—and we must build technology securely by design, enabling consumers to understand the risks in the technologies they buy.”Back in August, Biden secured promises from major tech companies, such as Google, Apple and Microsoft, to spend significant sums improving the nation’s cyber resiliency. In May, the president issued a cybersecurity executive order requiring federal agencies to modernize their cyber defenses. The Biden Administration earlier this year also launched a 100-day initiative to improve cybersecurity across the electric sector. More

Superhero-based passwords are increasingly showing up in datasets of breached information, according to a new blog post from Mozilla.Mozilla used data from haveibeenpwned.com to figure out the most common passwords found in breached datasets. Superman showed up in 368,397 breaches, Batman was featured in 226,327 breaches and Spider-Man was found in 160,030 breaches. Wolverine and Ironman were also seen in thousands of breaches. “A password is like a key to your house. In the online world, your password keeps your house of personal information safe, so it’s important to make sure it’s strong,” a Mozilla spokesperson said.  
Mozilla
The blog is a follow-up to another Mozilla report about the popularity of passwords related to Disney princesses, particularly for users of the Disney+ streaming service. Due to the prevalence of breached account details on the dark web, a number of companies are beginning to turn to password-less systems. Last month Microsoft extended its passwordless sign-in option from enterprise customers that use Azure Active Directory (AAD) to consumer Microsoft accounts on Windows 10 and Windows 11 PCs. 

Vasu Jakkal, Microsoft corporate vice president of the Microsoft Security, Compliance, Identity and Management division, said that nearly 100% of the company’s employees are passwordless. “We use Windows Hello and biometrics. Microsoft already has 200 million passwordless customers across consumer and enterprise,” Jakkal said.”We are going completely passwordless for Microsoft accounts. So you don’t need a password at all.”A some services are also turning to two-factor or multi-factor authentication as a way to avoid the use of passwords.  More

Corporations invest billions into protecting private data. Globally, the cybersecurity services market brought in $173 billion in 2020. However, cybersecurity isn’t only a concern for government agencies and major corporations. Hackers and scammers also target individuals, including college students. Fortunately, college students can protect their private data and improve their internet safety without a corporate-sized budget.This internet safety guide walks through the steps you can take to improve your data security and protect your private data. From identifying red flags to avoiding common scams, college students can often avoid online threats for free.Why is cybersecurity awareness important?Internet safety matters––particularly for college students. Take identity theft, for example. Victims of identity theft may see their credit score tank. That can make it harder to qualify for an apartment, apply to certain jobs, or take out a car loan. And bad credit can follow students for years after graduation.College students need to prioritize cybersecurity awareness. By taking a few simple steps, students can protect their private data and decrease the chances of falling for a phishing scam, putting private information at risk, or becoming the victim of identity theft.Why hackers target college studentsHackers target college students because of their unique vulnerabilities. For example, scammers focus on college students because of their social media use, lax monitoring, and poor cybersecurity awareness.Social media use: College students tend to include a large amount of personally identifiable information on social media. Hackers can use this information to guess passwords or the answers to common security questions.Lax monitoring: For many people, college represents the first time they open credit cards or manage their own bank accounts. And some college students fail to keep a close eye on their finances. That means they miss fraudulent charges. Similarly, college students might not check their credit report or find out if scammers stole their identity. 

Poor cybersecurity awareness: College students, like everyone else, worry about data theft. But most Americans fail to follow safety practices to secure their information. Many simply see data breaches and cyberattacks as an unavoidable fact of modern life.Common online threats towards college studentsCollege students face many of the same online threats as the general public, including phishing scams and fraudulent shopping sites. However, certain scams target college students. This section introduces the common online threats that college students face. PhishingA phishing scam tricks people into revealing private data or downloading malware. Many criminals target colleges with phishing scams because college email addresses often follow a predictable format that includes the student’s name. Students might receive emails that look official and ask them to confirm personal data or messages claiming they won a prize or lottery and must click on a link to claim their prize. These scams harm millions of victims every year.Fraudulent shopping sitesFake shopping sites trick students into entering their personal information, including credit card numbers. And fraudulent shopping sites target more than your data. Some send products that may be unsafe.College students are vulnerable to fake shopping sites because these criminals target students. Fake sites might be advertised on social media that targets students. These sites often look legitimate because they steal product photos to imitate real online shopping sites.Job scamsCollege students invest a lot of time into looking for jobs. But criminals use fraudulent job postings to capture private information. These job scams convince students to enter their Social Security number and other data. Some scammers even reach out with unsolicited job or interview offers. However, these scams are actually phishing attempts disguised as job postings.Students should watch out for warning signs of a fishy job posting. A very high guaranteed salary, very low job requirements, or a demand that applicants pay a fee for their interview can indicate a scam.Romance fraudSocial media and dating website fraud can trick students into providing personal information or sending strangers money. Romance frauds hook students through catfishing, where scammers pretend to be someone else online. These scammers may spend weeks or months building an online relationship with college students before asking for money or personal information. Students can protect themselves from romance fraud by limiting the information on their profile and using a throwaway email address.Reporting cybersecurity threatsIf you identify a cybersecurity threat, report it to your college’s IT department or information security office. Most colleges provide information about how to report a threat and what to include in your report.What if you fall for a scam or criminals steal your identity? You can protect yourself in several ways. First, report cybercrimes to law enforcement. Filing a police report can also help you recover money and protect your identity. Second, notify your financial institutions and freeze your accounts. Your bank can help you cancel your credit cards or take additional steps. Finally, notify credit reporting agencies and monitor your credit to remove any fraudulent reports.Tips and tricks for avoiding hackersCollege students can take simple steps to avoid hackers and protect their privacy. From spotting red flags to avoiding unsecured wifi networks, here are some easy tips and tricks to make your data safer. Learn phishing red flagsHackers use phishing scams to trick people into sharing private data. In one of the most common phishing scams, hackers claim to be from a reputable company, including government agencies. Their emails ask people to enter private information, like their birth date, Social Security number, or credit card number. Hackers then use that information to steal someone’s identity.You can avoid phishing scams by looking for red flags, including incorrect grammar or spelling, fake-looking URL or email addresses, or high-pressure attempts to convince readers to click on a link. And phishing goes beyond email––watch out for phishing attacks on social media, by phone, and through text message.Use caution when shopping onlineSome scammers use fake online shopping deals to trick people into entering credit card information. Instead of jumping on a deal that sounds too good to be true, take a few steps to verify the seller. Reviews posted on third-party sites such as the Better Business Bureau might indicate a scam. Using a debit-type gift card can also protect buyers from risking their credit score by falling for an online shopping scam.Install antivirus softwareA computer virus can destroy your data and disable your computer. Antivirus software identifies malware and other viruses to prevent your devices from becoming corrupted. You can protect yourself by installing antivirus software from a trusted company like Norton or McAfee. In addition to using antivirus protection on your laptop or desktop, consider installing antivirus software on other devices connected to the internet, including your cell phone and tablet.  Follow password best practicesA strong password can prevent hackers from accessing your private data. Instead of reusing the same password on multiple platforms, use unique passwords to avoid damaging data breaches. Fortunately, you don’t need to remember every single password. Instead, use a password manager to keep track of your passwords.Set up two-factor authenticationTwo-factor authentication adds an extra layer of security. Instead of simply logging in with a username and password, users must authenticate their identity through a second source, such as a code sent to their cell phone or an email link.Change your password after a breachData breaches can compromise your passwords. And most people do not change their password after a data breach. By changing your password, you can prevent hackers from accessing private data. The site Have I Been Pwned lets people check whether a data breach has affected their accounts.Beware of unsecured wifiUnfamiliar and unsecured wifi can put your data at risk. Cybercriminals can access these networks to steal your information. Many colleges offer unsecured wifi access on campus.How can you avoid unsecured wifi? First, choose a secured network if possible. Second, reduce your potential exposure by using a VPN on an unsecured network. Finally, avoid entering personal data like credit card information while using an unsecured network.Add physical protectionAntivirus software, VPNs, and password managers protect your data from online intrusions. But you should also protect the physical safety of your devices. That means using passcodes to access your devices and protecting your devices from theft. Avoid leaving devices unattended on a college campus or in any other public space. Use a cable lock on your laptop, put it away when not in use, and lock your dorm room or car. Take care on shared computersCollege students often use shared computers to write papers, conduct research, or search the internet. But computers available to the public in the campus library and computer lab do not have the same protections as private computers. You can protect your data on shared computers by not saving passwords and clearing your browser history. Use caution when making online purchases or logging into accounts with private data through a shared computer.
What are key threats to student safety in online learning environments?

Students in online learning environments must protect themselves against threats like cyberbullying, ransomware, phishing, and other threats to their internet safety. College students taking online classes should avoid sharing personal information or other forms of student data to protect themselves from identity theft and other cybercrimes.

Are college networks secure?

Colleges use security methods to protect their networks. However, many colleges offer public wifi access, which can potentially expose student data. When using a college network, students should implement their own security measures, such as using a VPN.

How students can stay safe on the internet?

Internet safety starts with awareness of potential online threats. Students can avoid phishing scams, malware, and other cyberattacks by knowing how to spot a threat. College students should also use secure passwords, avoid inputting personal data on shared computers, and protect their computing devices. More