- 0
-
Recently Browsing 0 members
No registered users viewing this page.
-
Similar Content
-
By News Staff
Save 97% off the Cybersecurity & IT Career Certification Pathway Bundle
by Steven Parker
Today's highlighted deal comes via our Online Courses section of the Neowin Deals store, where you can save 97% off the Ultimate Cybersecurity & IT Career Certification Pathway Training Bundle. Further your it career with 169 hours of prep content on the most in-demand Cisco and CompTIA certifications — from experts David Bombal and Total Seminars.
This deal consists of the following courses:
Cisco CCNA 200-301 Exam: Complete Course with Practical Labs
Ace the Newest CCNA 200-301 Exam & Be a Cisco Certified Network Associate CompTIA IT Fundamentals ITF+ FC0-U61
Iron Out Your IT Foundation Skills on Computer & Mobile Devices, Software, Networks, Security, and Basic Troubleshooting CompTIA A+ Certification Core 1 (220-1001)
Kickstart Your IT Career by Acing the Industry-Standard Certification for Security to Cloud, Data Management & More CompTIA A+ Certification Core 2 (220-1002)
Expanded Skills on Configurations, Security Software Troubleshooting & Operational Procedures CompTIA Network+ Certification N10-007
Address the Current & Changing Networking Technologies As a CompTIA Network+ Professional CompTIA Security+ Certification SY0-501
Ace the Globally-Recognized Exam on Network Threats & Risks Identification, Management, and Mitigation CompTIA CySA+ Cybersecurity Analyst CS0-001
7-Hour Guide on the High-Stakes Security Analyst Certification CompTIA PenTest+ (PT0-001): Ethical Hacking
Be Proficient in Penetration Testing & Vulnerability Management and Land a Career in One of the Fastest-Growing Job Markets Good to know
Length of access: lifetime Certification of completion included Updates included Redemption deadline: redeem your code within 30 days of purchase For full descriptions, terms, and instructor info please click here.
Here's the deal:
This Ultimate Cybersecurity & IT Career Certification Pathway Training Bundle normally costs $1,592 but it can be yours for just $34.99 for a limited time, that's a saving of $1,557.01 (97%) off!
>> Get this deal, or learn more about it <<
See all Online Courses on offer, This is a time-limited deal, ending soon!
Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.
Not for you?
If this offer doesn't interest you, why not check out the following offers:
The Win Your Dream 2020 Tesla Model 3 Giveaway Ivacy VPN - 5 year subscription for just $0.99 per month NordVPN - 2 year subscription at up to 68% off +3 months for free! Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store
Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.
-
By Usama Jawad96
Microsoft declares war on Israeli surveillance company NSO Group
by Usama Jawad
Back in 2019, Israeli technology company NSO Group found itself embroiled in controversy when it was alleged that its Pegasus program was used to hack WhatsApp. The sophisticated attack technique allowed attackers to inject spyware into Android and iOS devices by simply calling them. The victim is not even required to attend the call in order for the attack to be successful.
While WhatsApp plugged the vulnerability, it later took NSO Group to court for its malicious actions. The surveillance company has denied wrongdoing multiple times using the defense of immunity since it claims that Pegasus is used on behalf of governments. Following recent reports of Al Jazeera journalists being hacked using software developed by NSO Group, Microsoft and various other corporations have now joined the fight against the Israeli firm.
Group of anonymous hackers in black costumes working with computers in office image via ShutterstockIn a sternly worded blog post, Corporate Vice President of Customer Security & Trust at Microsoft, Tom Burt has described NSO Group as the cyber mercenaries of the 21st century and stated that they should get no immunity. Together with Cisco, GitHub, Google, LinkedIn, VMWare, and the Internet Association, Microsoft has filed an amicus brief in WhatsApp's legal case against NSO Group. Simply stated, this means that the firms will be providing assistance to the court by offering technical expertise.
Microsoft has highlighted that Pegasus infected WhatsApp on 1,400 devices last year, including those of journalists and prominent figures fighting against human rights violations. It emphasized that NSO Group's business model is very dangerous for a number of reasons. Primarily, there is no guarantee that the cyber-weapons won't fall into the wrong hands. Even if NSO Group sells Pegasus only to governments, it could be handed over to customers who lack proper defenses, resulting in highly dangerous software being stolen. Microsoft also stated that:
Lastly, the Redmond tech giant emphasized that such tools developed by private security firms are a threat to human rights and privacy. It stated that NSO Group's clients are spread throughout the world, and they utilize cyber weapons to track journalists and other opposing groups. Microsoft indicated that even if NSO Group's own intention is not to violate human rights, its tools certainly allow its clients to do so.
Moving forward, Microsoft has urged that private security firms such as NSO Group should be liable for any laws that are broken by using their tools, and they should not be granted immunity in any circumstances. The coalition hopes that the amicus brief will enable it to protect the rights and privacy of all its global customers.
-
By News Staff
Black Friday lets you save an additional 70% off eLearning deals and more
by Steven Parker
Today's highlighted deals comes via our Online Courses section of the Neowin Deals store, where you can save an extra 70% off eLearning deals. That's not all we also have a promo code for 40% off all Apps + Software deals, and a site wide coupon for 20% off everything else.
The Premium Learn to Code 2021 Certification Bundle
Use code BFSAVE70 for additional 70% The All-In-One AWS, Cisco & CompTIA Super Certification Bundle 2021
Use code BFSAVE70 for additional 70% The Premium DJing & Music Production Bootcamp Ft. Ableton + Logic Pro X
Use code BFSAVE70 for additional 70% off The 2020 Adobe Graphic Design Certification School
Use code BFSAVE70 for additional 70% off The Wall Street Survival & Stock Trading Guide Bundle
Use code BFSAVE70 for additional 70% off Good to know
Length of time users can access the courses: lifetime Redemption deadline: redeem your code within 30 days of purchase For terms, certification and instructor info, please click on the course title.
Black Friday Coupons:
Use code BFSAVE20 for an additional 20% off site wide with what's not covered below. Use code BFSAVE40 for an additional 40% off all Apps + Software Use code BFSAVE70 for an additional 70% off all Online Courses Apply any one of the above coupons when checking out to save!
>> Shop now at Neowin Deals <<
See all Online Courses on offer. This is a time limited deal.
Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.
Not for you?
That's OK, there are other deals on offer you can check out here, but be aware that these are all time-limited offers. If you are uncomfortable sharing your details with a third-party sponsor, we understand. Check out the Neowin Store for our preferred partners.
The Win Your Dream 2020 Tesla Model 3 Giveaway Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store
Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.
-
By zikalify
IBM, Red Hat and others want inclusive language in software
by Paul Hill
IBM, Red Hat and VMWare are among several companies that have come together to create the Inclusive Naming Initiative which aims to eliminate problematic language from projects and replace them with an agreed set of neutral terms. To do this, the initiative will define processes and tools to remove harmful language from projects.
Some of the processes and tools which the Inclusive Naming Initiative will be creating include a comprehensive list of terms with replacements, language evaluation frameworks and templates, and infrastructure to aid the transition.
Explaining the need for more inclusive words, the initiative says:
Initially, attention will be aimed at replacing the terms ‘master’, ‘slave’, ‘whitelist’ and ‘blacklist’ because these are the most visible and problematic across the industry. Over time, it will expand its scope to find replacements for other terms that reference mental health, gender, physical handicaps, and several other categories. In the future, it might also give tips to avoid colloquialisms that don’t translate into other languages very well or are a barrier to understanding.
While some people may be against the changing of these terms, the Inclusive Naming Initiative argues that the neutral terms are more descriptive, for example, it says that ‘Denylist’ is more precise and more accurate than ‘blacklist’.
Source: Inclusive Naming Initiative via Phoronix
-
By Abhay V
Cisco Webex vulnerabilities allowed "ghost" users to go undetected in meetings, fixed
by Abhay Venkatesh
With the COVID-19 pandemic forcing more employees into remote work and collaboration, video conferencing services have seen a huge increase in adoption. The increase in usage also brings the question of security and data privacy. Researchers at IBM analyzed one such popular offering, Cisco’s Webex, and discovered three vulnerabilities in the service that could let attackers join a meeting as a “ghost” without being detected.
The bugs resulted in such bad actors being able to not just joining a meeting secretly, but also stay in a meeting as an audio participant even after being “expelled”. The attacker could also gain details about meeting attendees from the lobby without even entering the call. Even when such an actor enters the call, the only indication is in the form of a connection beep, something that could be ignored in meetings with many attendees. IBM says that it found that the vulnerabilities affect both scheduled meetings and unique meetings with specific URLs.
The researchers explain in the post (spotted by ZDNet) that the vulnerabilities work when attackers exploit the “handshake” process between Webex client at the user’s end and the server. Attackers could manipulate the request sent over the WebSocket – a connection between the client and the server – due to “improper input validation and sanitization” and inject specially designed values into the request to join as a ghost host. The researchers successfully tested the scenarios and could join the meeting without being present in the participants’ list and without being detected.
IBM’s researchers have also put together a video of the findings:
IBM says that it immediately shared the details of its finding with Cisco owing to the severity and urgency of the issues. The networking company worked on a fix for the said vulnerabilities, for which it released security advisories today. The three bugs are labeled CVE-2020-3441, CVE-2020-3471, CVE-2020-3419 and have been successfully fixed. Since the issue affected Webex clients on most platforms, the firm recommends that users update their apps to the latest versions.
-
Question
So I recently moved into a new apartment, and the modem we received from Cox Communications was a Cisco DPQ3925. Unfortunately, I was not here when they set it up. It probably would not have mattered either way, but I would have at least requested a standard modem rather than a modem/router combination. I have my own router that I have configured with Tomato, tons of scripts and configured just the way I want. I thought it would be no problem to put their device in bridge mode. Yikes... I was certainly wrong. I went searching and found this post which explains that the option is there but hidden. The firmware version I have on mine must have corrected that, because it is no longer available. Sure, I can go pay for a new modem, but I would rather not. I called Cox and they said they only offer the combination boxes and of those there were only two models. I looked up the other one they mentioned and it also has no way to change the mode.
I would prefer not to double NAT. Could I just place the router in the combo's DMZ? Would that work fine? Thanks in advance. :)
Link to post
Share on other sites
10 answers to this question
Recommended Posts