You may notice a change in the format of today’s UNM4SK3D Cyber Security News. Cybrary wants to hear from you! Do you prefer a shorter newsletter focused on 1 topic or the extended version featuring 3 main topics? Comment below with your feedback.
In light of the Vault 7 documents released by Wikileaks, the NSA, which is known for its’ secrets, recently launched an official GitHub page. Hackers and coders rejoice!
You most likely know GitHub, but for those who don’t, it is an online service designed for sharing code amongst programmers and open source community. Since the Edward Snowden leaks, the NSA has moved away from complete anonymity to a slightly more public-facing agency, first by joining Twitter, and now GitHub. Typically, the NSA employs the most brilliant coders and mathematicians, who have developed tools like EternalBlue which if used with malicious intentions can cause serious damage, but aside from manipulating vulnerabilities, the agency develops some useful security tools. Currently, the NSA has posted 32 projects as part of the NSA Technology Transfer Program (TTP), while others are ‘coming soon.’
In this list from The Hacker News, some of the NSA’s open source projects are listed:
- Certificate Authority Situational Awareness (CASA): A simple tool that identifies unexpected and prohibited certificate authority certificates on Windows systems.
- Control Flow Integrity: A hardware-based technique to prevent memory corruption exploitations.
- GRASSMARLIN: It provides IP network situational awareness of ICS and SCADA networks to support network security.
- Open Attestation: A project to remotely retrieve and verify system integrity using Trusted Platform Module (TPM).
- RedhawkSDR: It is a software-defined radio (SDR) framework that provides tools to develop, deploy, and manage software radio applications in real-time.
- OZONE Widget Framework (OWF): It is basically a web application, which runs in your browser, allows users to create lightweight widgets and easily access all their online tools from one location.
The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace. OSS invites the cooperative development of technology, encouraging broad use and adoption. The public benefits by adopting, enhancing, adapting, or commercializing the software. The government benefits from the open source community’s enhancements to the technology. -NSA statement
Need to catch up on what’s been happening with Wikileaks and the NSA? Read here for the previous UNM4SK3D newsletters which discuss the details.
According to the new Unisys Security Index™ that surveyed more than 13,000 consumers in April 2017 in 13 countries, concerns over viruses/malware and hacking rose dramatically, with 56% of surveyed Americans seriously concerned (i.e. “extremely” or “very concerned”). This marks a 55% increase since 2014, when 36% of respondents were seriously concerned.
By definition, wireless access exploitation is “the defeating of security devices in Wireless local-area networks (WLANs).” There are two basic types of vulnerabilities associated with WLANs: those caused by poor configuration and those caused by weak encryption.
Test your wireless access exploitation knowledge in a revolutionary way and gain hands-on experience necessary to become an ethical hacker. In the Wireless Access Exploitation skill assessment, you will need to recognize and exploit the vulnerabilities in order to gain access to a wireless network and secure your own.
Do you have what it takes to crack wireless networks? Use code MARKET10 for 10% your purchase until 6/30.
Olivia Lynch (@Cybrary_Olivia) is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.