A flaw in Shopify API flaw exposed revenue and traffic data of thousands of stores
Researcher discovered a high-severity flaw in Shopify e-commerce platform that could have been abused to expose the traffic and revenue data for the stores. Bug bounty hunter Ayoub Fathi. discovered a vulnerability in a Shopify API endpoint that could be exploited to leak the revenue and traffic data of thousands of stores.
Are your passwords among the 100,000 most breached ones?
Year after year, the list of most often used passwords changes but a little: the latest one, compiled by infosec researcher Troy Hunt and published by the UK National Cyber Security Centre (NCSC), puts “123456”, “123456789”, “qwerty”, “password” and “111111” on the top five spots.
Hotspot finder app blabs 2 million Wi-Fi network passwords
This should come as no surprise, but it still sucks big-time: thousands of people who downloaded a random, very popular app called WiFi Finder found that it got handsy with users’ own home Wi-Fi, uploading their network passwords to a database full of 2 million passwords that was found exposed and unprotected online.
JOBS
The 10 most in-demand tech jobs of 2019
The tech jobs landscape of 2019 will likely look largely the same as it did in 2018, with roles in software development, cybersecurity, and data science dominating across industries.
“Emerging technologies will be key catalysts for the in-demand jobs we expect to see in 2019,” said Sarah Stoddard, community expert at job search site Glassdoor. “From artificial intelligence, automation, virtual reality, cryptocurrency and more, demand for jobs in engineering, product, data science, marketing and sales will continue to rise in order to support the innovation happening across the country.”
Refreshing government’s approach to decreasing the cyber workforce gap
To close the cyber workforce gap, the Department of Homeland Security (DHS) seems to follow the advice of Robin Williams in The Dead Poet Society recognizing that “just when you think you know something, you have to look at it in a different way.” While the majority of the government views acquiring and maintaining cyber talent as a zero sum employment game between industry and government, DHS is taking a more comprehensive view of managing talent by recognizing and rectifying systemic self-sabotaging practices and self-imposed barriers to recruiting and retaining talent that plague all government agencies.
EDUCATION
Keeping your cybersecurity skills relevant in 2019
Staying relevant in any job is a challenge, but in a world where threats are constantly evolving and changing, cybersecurity is certainly not an easy field to keep up with. If you want to stay in the game and remain competitive, you need to constantly be learning, researching and practicing — and we’re not talking about certifications. Your certifications should help to act as a foundation of your knowledge, but any additional techniques and information that you need to stay ahead of global and trending threats need to come from other sources.
You need to develop new skills and stay in the loop so that you can identify and strengthen your skill set to stay relevant. We have put together a number of tips and tricks to help you to continue upskilling and developing yourself, as well as how you can continue to acquire new cybersecurity skills in 2019.
Full Scholarships to Cyber Training for Veterans
SANS Institute, the world’s largest information security training and certification organization, is offering full scholarships to best-in-class cybersecurity training to transitioning military in Charlotte and surrounding communities. The SANS VetSuccess Immersion Academy is a six-week hands-on immersion training program. Participants receive advanced technical training, certifications and connections to high-paying jobs in cybersecurity. The program is 100 percent scholarship based. SANS has trained more than 165,000 information security professionals around the globe.
Federal Cyber Reskilling Academy Announces Second Class
Following strong interest from federal employees in the Federal Cyber Reskilling Academy’s first class, the White House announced Tuesday it is accepting applications for a second class.
More than 1,500 feds applied to be part of the inaugural class, and 30 were selected last week to receive hands-on training in cyber defense analysis through the program, which was launched by the CIO Council’s Workforce Committee and the Education Department.
Whereas the first class was open only to feds with non-technical backgrounds, federal Chief Information Officer Suzette Kent told a crowd at GDIT’s Emerge conference that this class would be open to all federal employees. Kent said the program is an example of the administration’s commitment to “make investments on the people side” of technological hurdles.
UPCOMING EVENTS
Hacker Halted Security Conference Free for Women through IBM Security Scholarship
Funded by IBM Security, the scholarship is designed to help address the underrepresentation of women and veterans in cybersecurity and help them further their skills and expertise in this high-demand field. Hacker Halted 2017 and 2018 saw a large increase in female attendees due to the support of IBM Security and the sponsorship fund. In fact, approximately 34% of last year’s registrants were women – a huge number for information security conferences. IBM Security and EC-Council hope for similar results for the veteran population.