The Internet Crime Complaint Center (IC3) has issued an alert on employment scams that target college students. The scam involves phony job opportunities that may be advertised via college employment websites or sent via email (targeting bank accounts). For additional information and examples of phony emails, please see here.
The U.S. Department of Homeland Security (DHS) is pleased to announce the launch of the 2017 Secretary’s Honors Program Cyber Student Volunteer Initiative for current undergraduate and graduate college students. This program is a part of the Department’s efforts to build a cybersecurity talent pipeline by working with secondary, post-secondary institutions and other key partners in academia and the private sector. Through the Secretary’s Honors Program Cyber Student Volunteer Initiative, students are able to learn about the DHS cybersecurity mission by completing hands-on cybersecurity work and building technical experience in key areas such as digital forensics, network diagnostics and incident response.
In the 2017 Secretary’s Honors Program Cyber Student Volunteer Initiative cycle, more than 50 student assignments are available at over 40 local DHS field offices across the country. Participating DHS Components include Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE), National Protection and Programs Directorate (NPPD), Management Directorate/Office of the Chief Information Officer (OCIO), Office of Intelligence and Analysis (I&A), Office of Policy/Cyber, Infrastructure and Resilience Policy, Transportation Security Administration (TSA), and United States Coast Guard (USCG).
The Secretary’s Honors Program Cyber Student Volunteer Initiative application period is open for applications from December 14, 2016 to January 20, 2017 through USAJOBS.
Robert Morris University’s Department of Computer and Information Systems is offering a new certification program: Mobile Forensics and Security. The program, which is offered both in-class and online, gives students hands-on experience with a variety of computer and mobile forensic tools. The program also teaches students about the legal procedures for computer and mobile forensic analysis. It also examines various techniques for preventing unauthorized attacks on mobile devices and computer networks.
The Mobile Forensics and Security Certificate has the following class requirements:
Most of these classes are already requirements for students majoring in Cyber Forensics and Information Security. However, this certificate is available for anyone who is willing to take these courses.
The following brochure has more information about the certificate: 
If you have any other questions, please contact Dr. Paullet at paullet@rmu.edu.
U.S. Steel will be hiring twenty IT/Computer Security/Cyber Security interns for the 2017 Summer session. The positions will be located at the company’s Service Center in the South Side (Pittsburgh). The company will be conducting interviews at their headquarters location from Friday, November 18th, to Friday, December 2nd.
The internship will start in June 2017, will last between twelve and fourteen weeks, and will be paid. Interns will work in one of the following areas: Enterprise Applications and Global Business Processes, Global Plant Systems, Enterprise Resource Planning, or Cyber Security.
The following qualifications are necessary for the internship:
Students should apply to either U.S. Steel’s website or at the following link. There is more information about the internship at the second link.
There is currently an internship opening in the Richmond, Virginia office of Dominion Energy Company in their Computer Forensics department. This opening is for Criminology and Computer Science students. The intern will be responsible for working with Dominion’s Security Computer Forensic specialist in various facets of the security field. Assisting with research and analyzing automated systems are two key components of the position, along with processing electronic storage devices for evidentiary reasons.
The qualified candidate will fulfill the following requirements:
-General knowledge and understanding of security concepts, and sophisticated security technologies, to support computer forensics.
-Experience with the following operating systems; DOS, Macintosh, Linux, Android, and MS Windows is preferred.
-Experience with office products such as Word, Outlook, Powerpoint, Access, Excel, email is highly preferred.
-Consistent demonstration of strong, critical thinking and decision making skills, applied in a security environment.
-Ability to assess security incidents and take appropriate action.
-Demonstrated ability to manage the flow of sensitive information.
-Ability to coordinate and manage multiple work processes.
-Experience with Encase Forensic Software, Encase, FTK, Autopsy, Magnet is a plus.
NOTE: A valid driver’s license is also required for potential candidates.
Interested candidates can find application information at: https://www.myinterfase.com/rmu/Job/Detail/Ly9DOEN5eUhZdG9WVGJ3bzNERDJtdjlaUjZGc2lHYWY3NVB4Y21OQWdQST01
A few weeks ago, I submitted a post about cybersecurity in the automotive industry, specifically about Volkswagen’s foray into invested into cybersecurity for automotive computers. Earlier today, the U.S. National Highway Traffic Safety Administration (NHTSA) suggested that automakers should “make shielding the electronic and computer systems of vehicles from hackers a priority, developing layers of protection that can secure a vehicle throughout its life.” These are not enforceable rules, but strong suggestions from one of the government institutions that are partially responsible for the creation of future regulations that will more strictly govern the automotive industry as a whole.
The NHTSA poses many potential security upgrades in their proposal, entitled “Cybersecurity Best Practices for Modern Vehicle.” Some of these suggestions are moves that manufacturers, like Volkswagen, are already putting into place. Most of the proposals made in the proposal are becoming standard operating procedure for automotive companies, while other suggestions are less likely to be taken into consideration. One proposal in question relates to the disclosure of proprietary information about critical components of electrical and data systems within vehicles. Jonathan Allen, acting executive director of the Automotive Information Sharing and Analysis Center, explained in an interview that this section of the industry is incredibly competitive and that companies will probably avoid disclosing this information until they are required to.
As I mentioned in my last post, the threat of automotive hacking, while still extremely small, is becoming an increasing threat. As companies begin to offer significant vehicle upgrades through wireless data links, much the same as Tesla has been over the past few years, the need for secure connections will continue to grow. Massachusetts Senator Ed Markey agrees with this sentiment and stated in an interview today that “if modern day cars are computers on wheels, we need mandatory standards, not voluntary guidance, to ensure that our vehicles cannot be hacked and lives and information put in danger.” I couldn’t agree more with this sentiment. As technology continues to impact our lives in increasingly different ways, the need for knowledgeable cyber security experts will continue to grow.
Over the past few weeks, users have been reporting that advertisements inherent in the free version of Spotify have been leading to malware links and even automated malware downloads on a handful of user’s devices. For those who are unaware, Spotify provides its free music streaming service by interrupting streams between songs with commercials and clickable links. The ad revenue generated by this practice makes up for the money lost in allowing the option of free usage of the service.
This practice, known as “Malvertising”, has hit numerous companies since the inception of “free” subscriptoin options became popular a few years ago. Yahoo, the New York Times, and BBC are three major entities that have been hit by malware-infected advertisements. The problem is relatively common because ad space is typically sold via third-party auctioneers to the highest buyer. If malicious code makes its way through the auctioning process, then it can potentially bypass the screening of the site that it will be advertised on.
Spotify claims that it has looked into the situation and has removed the malicious advertisements but the safest bet for users is to fork over the cash to unlock the premium service.
CIS @ RMU 