Phishing Attacks and Defenses

A Cape Cod Community College graduate, Wayne Nordstrom is pursuing a bachelor’s degree in cyber security from the University of Maryland. A former security engineer at CVS Health, Wayne Nordstrom is a senior vulnerability risk manager at Blue Cross Blue Shield. He specializes in phishing attacks defense.

Phishing attacks aim to steal important data from a person, such as credit card numbers or login credentials from important websites. In a phishing attack, the hacker tries to disguise themselves into a trustworthy source of entity such as a university, for example, or a bank, and make a person send their credentials. Typical phishing attacks can be sent through e-mail or messages. A person is then tricked into entering a fake link that creates problems in the computer and delivers data to the hacker.

There are ways for companies to defend against phishing attacks and prevent damage caused by them. One of them is two-factor authentication. It adds an extra layer that checks whether or not a website is safe for a person to log in to it.

from WordPress https://ift.tt/30eyBUf
via IFTTT

Three Trends in Cybersecurity to Watch

At Blue Cross Blue Shield, Wayne Nordstrom performs infrastructure and applications vulnerability scanning. He was previously the senior desktop engineer at Suffolk University in Boston. Wayne Nordstrom has an AS in cybersecurity from Cape Cod Community College and is currently studying for a BS in networks and cybersecurity at the University of Maryland.

As technology continues to evolve, so does the global cyberthreat landscape that businesses must navigate. Here are three areas worth watching in the years ahead.

Attacks on cloud services
Embracing cloud-based computing technology has many benefits, such as increased efficiency and reduced operational costs. If not adequately maintained or configured, cyber attackers can exploit the vulnerabilities and disrupt business.

Artificial (AI) intelligence integration
As the frequency and intensity of cyberattacks grow, AI can help under-resourced or overstretched security teams cope. By helping to analyze massive quantities of data, AI supplies teams with threat intelligence and boosts response times.

More automotive hacking
Modern vehicles are loaded with automated software that aids in engine timing, cruise control, airbags, door lock, and communication technologies. Self-driving autos use even more complex systems. All these are opening the door for more automotive hacking.

from WordPress https://ift.tt/3G8nk81
via IFTTT

How to Spot a Deepfake

A senior vulnerability risk manager at Blue Cross Blue Shield, Wayne Nordstrom researches cybersecurity trends and emerging technology. Among others, Wayne Nordstrom focuses on coming up with solutions to fight cyber fraud.

One of the latest methods by which scammers and hackers commit cyber fraud is using the technology deepfaking, which can digitally manipulate a person’s appearance and identity. The most famous deepfakes belong to popular personalities, morphing their faces to someone else’s as they make an impression. A more sinister use of the technology has also emerged, with scammers using the algorithmic technology to produce more subtle deepfakes to manipulate victims.

These deepfake scams can take a variety of forms, from blackmail to extortion schemes. However, researchers have found a few ways to spot a deepfake, even with the naked eye. The tell-tale sign, studies show, is the pupils of a deepfaked image. While other features can be approximated by the algorithm, even high-quality deepfakes have trouble maintaining a clear, round shape for a person’s pupils, leading to said pupils having a distorted or ragged edge.

There are some issues with this detection method, not least that some real people have irregular pupils due to genetic factors but also that all the research on the signs of deepfakes is in the public domain. Like the readily available deepfake technology, the manual on how to spot them is in the hands of those who would use it to manipulate others. This has led some researchers to worry that deepfake algorithms could be improved by referencing research on their weaknesses, thus requiring new detection techniques to be discovered.

from WordPress https://ift.tt/3mzezLs
via IFTTT

How Scammers Are Using Deepfakes to Manipulate Victims

Wayne Nordstrom is a networks and cybersecurity graduate candidate senior vulnerability risk manager. Among other digital tools that hackers and scammers use, Wayne Nordstrom has researched the impact of emerging technologies, such as deepfakes, on scammer tactics.

Deepfakes are a digital imaging technique that allows anyone, not just computer experts, to use an algorithmic program to superimpose one person’s face onto another person’s body. This can be done in post-editing, such as when producing a video, but it can also be done in real-time for situations like video conferences.

Although the concern that deepfakes were going to be used during the 2019 presidential election to manufacture fake, disparaging videos of presidential candidates never materialized, deepfake technology has already made it possible for criminals to create fraudulent blackmailing material.

One story from The Indian Express tells of a man who spoke with a scammer on a video call, only to collect visual data from the live feed to create a deepfaked video. This video appeared to show the man on a live “sex chat” and was henceforth used to blackmail him and sent to his family and friends when he refused to pay. Cybersecurity experts warn that such stories could become more common as the technology becomes more widespread and easier to use.

from WordPress https://ift.tt/3CzkTce
via IFTTT

Cyberattacks and Cyberthreats Increase during Pandemic

A graduate of Cape Cod Community College, Wayne Nordstrom holds an associate of science in cybersecurity and penetration testing. Wayne Nordstrom works as a senior vulnerability risk manager at Blue Cross Blue Shield, where he helps the insurance provider defend against cyberattacks.

The coronavirus has made many people move from a typical workplace to an online setting, which opened the door to increased cyberattacks. According to the FBI, since the start of the pandemic, the number of cyberattacks has tripled, and Google reported that it has faced over 18 million phishing attempts in that time.

Most of the cyberattacks in 2020 were motivated by financial gain, with nearly 86 percent of the attackers requesting a ransom. The average cost of a ransomware attack in 2018 was only $5,000; in 2020, this number reached $200,000. This has made companies want to hire or contract with cybersecurity professionals to defend against any potential threats, with more than 500,000 open positions in the United States and over 3 million throughout the world.

from WordPress https://ift.tt/3tBcktV
via IFTTT

Most Common Cyberattacks, Phishing, and Malware

A cybersecurity specialist, Wayne Nordstrom is currently working toward a bachelor of science in networks and cybersecurity. He also holds an associate of science in cybersecurity and penetration testing. Wayne Nordstrom serves as a senior vulnerability risk manager of Blue Cross Blue Shield, where he performs vulnerability scanning and penetration testing to detect and protect the company from cyberattacks.

Phishing cyberattacks are some of the most common threats in the cyber world. In a phishing attack, the hackers try to trick a person or company into sending them important information such as passwords or documents that can be used by the hacker to extort the person or company for financial gain. Phishing attacks are typically e-mails or messages that look like they are coming from a safe and trustworthy source, such as a friend or institution. Another commonly encountered cyberattack is malware.

Malware can be used by hackers to spy on people and obtain valuable information, or can be used to gain access to a computer or network. One of the most common forms of malware attack is ransomware. After entering the system, a ransomware attack can encrypt a person’s files so that the person can no longer use them. Ransomware attacks typically demand a ransom in return for the decryption key that can enable the person to regain access to their information and documents.

from WordPress https://ift.tt/38eOgDm
via IFTTT

The Stages of a Penetration Test and Goal

A graduate of the Cape Cod Community College, Wayne Nordstrom holds an associate of science in cybersecurity and security penetration testing. Wayne Nordstrom is the senior vulnerability risk manager of Blue Cross Blue Shield, where he performs penetration tests.

A penetration test is a cyber-attack simulation that aims to detect the vulnerabilities of a computer system. The first stage of the penetration test identifies the system to attack and determines how to attack it. The second part is represented by an analysis of the system. The analysis can either be static or dynamic. The static analysis of the system involves the inspection of an app code to see how it will act when it runs. On the other hand, the dynamic focuses more on the active performance of the code when the system is already running.

The third stage of the penetration test involves attack simulations such as SQL injection or backdoor attacks that can reveal the vulnerabilities in the system. Then testers act upon the vulnerabilities and gain access to the system. Testers can then try to maintain access for a longer period of time to see if the vulnerabilities allow the attack to plant threats that can remain in the system and steal data. After the penetration test is done, the testers and the organization make reports to assess the vulnerabilities and improve the system to resist a real attack.

from WordPress https://ift.tt/3BoaFvp
via IFTTT

Benefits of Partnering with ISACA

Wayne Nordstrom is a cybersecurity professional with an extensive technical background who has worked in senior technical positions across multiple organizations. A senior vulnerability risk manager with Blue Cross Blue Shield, Wayne Nordstrom is a member of ISACA.

ISACA (short for “Information Systems Audit and Control Association”) helps business technology experts and their businesses fully harness the potential of technology. In its quest to encourage innovation, ISACA offers partnership opportunities that enable organizations or companies to build a global professional network. By partnering with ISACA, companies access exhibiting as well as sponsorship packages to help them make a noticeable impact.

Partner companies can exhibit their products to audiences at ISACA events around the globe, where they can interact with top decision makers and influencers keen to learn more about new product offerings that help boost enterprise productivity. ISACA sponsorship, meanwhile, provides companies with flexible and customizable packages that enable companies to attain their marketing goals and realize the best returns on investment. Learn more at www.isaca.org.

from WordPress https://ift.tt/3xX2yn7
via IFTTT

What Is Zero-Day Vulnerability?

Wayne Nordstrom has been working in cybersecurity for more than 10 years. With a keen interest in his cybersecurity, Wayne Nordstrom enjoys participating in extra-curricular cybersecurity activities, including capture the flag tournaments and zero-day vulnerability competitions.

In cybersecurity, zero-day vulnerability refers to an unknown flaw that has yet to be detected. It is an undiscovered exploit that can expose a vulnerability in hardware or software. When this vulnerability is detected by someone other than the developer, cyberattacks become a very real threat.

Cybercriminals will target these zero-day vulnerabilities and cause problems for unsuspecting users of the product. They will quickly develop malware and use it to gather personal data on businesses and individuals. Until this exploit is detected and patched by the developer, the hardware or software will be open to these types of attacks.

Users must always ensure that their cybersecurity software is up to date and any software installed on their computer. There is no way to stop zero-day vulnerabilities completely, so the user must be proactive and preventive.

from WordPress https://ift.tt/3yvtr2D
via IFTTT

Key Differences between Node.js and PHP

Wayne Nordstrom is an IT security professional with more than a decade of experience. His skills include network and application vulnerability assessment. Network incident response and investigation is another. Wayne Nordstrom is also proficient in programming. Two of the programming languages he has worked with are javascript and PHP.

Javascript is a client-side or browser-based programming language. Node.js is a server-side implementation of javascript. It has migrated to handling the backend chores of web applications.

Javascript now contends with PHP, a server-side language for backend web programmers.

In choosing between node.js and PHP programmers should keep in mind some key differences.

PHP executes code one line at a time, a behavior known as running synchronous code. In contrast, node.js is asynchronous, able to run lines of code in parallel. This means that node.js has the potential to be faster particularly if a PHP code line takes time to execute.

PHP programs use the language in conjunction with a front-end programming language. Since node.js is a javascript implementation, node.js developers don’t need to switch. Having to switch from one language to another in a project has a direct impact on a coder’s efficiency.

PHP and node.js work with traditional relational databases and newer NoSQL databases. Node.js is the more popular technology for MongoDB, CouchDB, and other NoSQL databases.

from WordPress https://ift.tt/32BIlW9
via IFTTT