Bug Bounty Hacker and The Taste of Paradise
Inject and steal the data of nearly 200 campus stores
Bleeping Computer on May 3, 2019
According to Joseph Chen, Trend Micro’s fraud researcher, the malicious Magecart script got injected on April 14 within the payment checkout libraries used by PrismWeb-powered online stores. The stolen credit card information included card number, expiry date, card type, card verification number (CVN), and the cardholder’s name. Furthermore, skimmer stole personal information like addresses and phone numbers for billing.
The scale of malefactors’ campaign is striking: 176 colleges and universities in the U.S. and 21 in Canada that became victims of the skimmer.
Actually, the Magecraft groups are notorious for their attacks against high profile international companies like British Airways, Ticketmaster, etc.
Becoming a bug bounty hacker: legal work pays off
Infosecurity Magazine on May 3, 2019
To discover the taste of paradise, you no longer need a chocolate bar featuring tropical beaches with coconut palms. There is a more complicated and not less effective way – become a bug bounty hacker. Large organizations like Starbucks, Verizon, Toyota, Airbnb hire legal hackers to reveal security vulnerabilities. And usually, their work pays off – this year, Santiago Lopez, a 19-year-old hacker from Argentina, was the first in the world bug bounty hacker to earn $1 million from hacking.
The ethical hacking industry is booming. On average, companies pay $2,000 for a critical vulnerability, with bounties as high as $100,000 for a single flaw. In addition to flexible working hours and a great deal of autonomy, this career becomes extremely popular among the young generation.
What is interesting, when it comes to hacking education, nearly 80% of hackers choose online resources and blogs as their primary source to upgrade the professional experience, while only 6% have completed a formal course or hacking certification. Thus, the bug bounty hacker’s career is more achievable than you may think.
University of Virginia students proved the national cybersecurity champions title
EdScoop on May 3, 2019
In the last days of April, the 2019 National Collegiate Cyber Defense Competition was held in Florida. The competition is designed to illustrate students the real cyber attacks scenarios and encourage them to investigate the career opportunities in cybersecurity, attracting talent to fill the emerging cybersecurity workforce gap.
Students from the University of Virginia won the second national cybersecurity competition. Yonghwi Kwon, a computer science professor at UVA and the team’s faculty advisor, said he was confident of the team’s capabilities and described students’ pre-competition mood as “focused and calm”.
The task was to defend the network of a fictional agriculture firm from simulated cyber attacks and to create a clear detailed incident report. Indeed, the effective collaboration between team members was a key factor of success.
I think that’s how our team did so well. Yes, you need the technical skill, but that teamwork and communication component is critical because if your team falls apart, if you get too frustrated and you are not communicating while you’re working together, you’re not going to be able to do as well or efficiently or maybe not solve the problem at all.
Mariah Kenny, UVA team captain
Fitting new K–12 digital infrastructure – need extra space?
EdTech Magazine on May 3, 2019
One of the matters of raising IT leaders’ concern in education sector is safety and accessibility of physical infrastructure at schools. While technologies are emerging, the classroom space leaves the same. What can admins do to solve this problem?
- Evaluate your space for storage opportunities. For instance, open spaces can be transformed into computer labs.
- Optimize your equipment for the space you have – investing in smaller but more powerful hardware is the key.
- Send infrastructure needs to the cloud. Check out three data storage solutions to optimize the data processing in your organization.
And we also would emphasize the importance of data security in educational organizations. The Education Industry Cyber Incidents Report provides recommendations on how to stay alert and be protected.