Request Info

1st step 2nd step 3rd step
Provide your information below and an Admissions Advisor will contact you shortly to answer your questions about UAT and your Advancing Technology degree program of interest.

 
 
Next
Previous
 
Next
University of Advancing Technology (UAT) is pleased to provide you with additional information about the college and its programs. By hitting submit, you give us permission to use either direct-dialed, autodialed and/or pre-recorded telemarketing to call or text you at the phone number you provided. Please note that such consent is not required to attend UAT.
Previous
 
Submit

ABOUT UAT
University of Advancing Technology is an elite, private college that serves its student body by fostering knowledge creation and academic excellence in an environment that embraces the young technophiles of the world. With three centers of research and a suite of technology-centered undergraduate and graduate degrees, the University is a recognized leader in technology education.

Learn More About UAT

    What is a WAF?


    A Defense Against Common Cyber Threats   A web application firewall, or WAF, is a filtering and monitoring tool that can function in the space between a website or application and the internet. A WAF is used to defend against numerous common threats and can be combined with other tools to...
    A Defense Against Common Cyber Threats
     
    A web application firewall, or WAF, is a filtering and monitoring tool that can function in the space between a website or application and the internet. A WAF is used to defend against numerous common threats and can be combined with other tools to create a layered approach to security that enhances your protection tremendously.
     
    The WAF can look and potentially defend against cross-site forgery, SQL injection, cross-site-scripting or XSS, and other forms of attack. If someone decides to execute a distributed denial of service attack against your server, you can quickly implement policies that will assist in mitigating the attack. This can be done in combination with other tools to help counter act malicious traffic.
     
    There exist three typical types of WAF and each has positives as well as negatives when deployed in your stack. You can deploy a standalone box that functions as a WAF for your network. It may cost a large amount of cash and often requires a dedicated team to provide care and maintenance for. You could also deploy a software based WAF like a plugin for a WordPress site. This type of WAF is typically localized and focused on protecting one asset. Prices vary but are often less expensive but provide less features as well.
     
    The final type of WAF would be a cloud-based solution provided by a company who handles your DNS. Cloudflare provides a WAF to their customers and this solution can vary wildly in price. A major issue with a cloud-based solution is that you are completely at the mercy of your provided and rarely have insight into their methodology, so you must have a high level of trust with said provided.
     
    Choosing a WAF is an important decision that will be dictated by your budget, skill level, and functional need. You should also spend time monitoring the current traffic of your site while reviewing what attacks are being deployed against you to best choose what tool to deploy. You should weigh each option carefully and then commit to implementing the tool that you are interested in as part of a greater security plan.
     
    Cyber Security Laptop  

    Find out more about the Cyber Security Degrees offered at UAT! 

    Leading cyber security education in the southwest, University of Advancing Technology (UAT) has surpassed 20 successful years since the inception of its elite Network Security degree program. As one of the longest-running cyber security degrees in the southwest, our complete continuum of undergraduate and graduate cyber security degrees have prepared thousands of ethical hacking, network security, and cyber security graduates. The NSA has designated UAT as a CAE training center in cyber defense.

    Visit University of Advancing Technology for more information on all our cyber security majors.

    read more
    less

    Is a Degree in Cyber Security Worth it? – Facts & Job Prospects


    Cyber Security: Is a Degree Worth It? It seems you can hardly go a week without reading about a security or ...

    Cyber Security: Is a Degree Worth It?

    It seems you can hardly go a week without reading about a security or data breach. With cyber security on the mind, it’s no wonder that people are turning to this field as a possible career choice.

    In fact, there has been a notable shortage of cyber security professionals, making this field appear even more lucrative and enticing. And with that, more individuals are going to college to earn a degree in cyber security.

    But is a college degree in cyber security really worth it? Do you need one in order to be successful?

    In this guide, we are answering these questions and more so you can make the best, most financially sound decision for yourself.

    What is Cyber Security?

    The field of cyber security (also written as “cybersecurity”) focuses on securing computer systems, servers, networks, mobile devices, and more against malicious attacks and intruders.

    Hackers often launch attacks against digital devices in order to access private data; cyber security professionals protect individuals and businesses from these threats.

    What is a Cyber Security Degree?

    A cyber security degree will give you the foundation, skills, and coursework to help you pursue a career in cyber security. At most institutions, this comes in the form of a bachelor’s or master’s degree with an emphasis on information security.

    This degree tends to be more rigorous and challenging than many other degrees but can lead to a very fulfilling and lucrative career.

    Popular Areas of Cyber Security

    The field of cyber security is broad and far-reaching, but most individuals tend to focus on a few key areas of computer science. These are the areas that are in the highest demand, but you can always specialize according to your own unique interests and skillset.

    Network Security

    Network security professionals work to help individuals and businesses better protect the integrity of their network and data access. They defend networks against data breaches and other security threats – often using antivirus software, firewalls, VPNs, network analytics, and more.

    Technology Forensics

    Also known as “digital forensics”, technology forensics involves the investigation and recovery of information and data found in digital devices. These professionals help individuals and businesses recover “lost” data, defend against cybercrime, and report on their computer system’s performance.

    Network Engineering

    Network engineers design, construct, and manage networks to ensure they are functioning at optimal performance. Individuals and organizations need optimized and secure networks in order to maintain uptime, keep their data secure, and stay connected across devices.

    Why Study Cyber Security?

    If recent news stories are any indication, it’s becoming increasingly more dangerous for businesses and individuals to ignore digital security threats. With more touchpoints for hackers to take advantage of, we see an increasing need for cyber security professionals to come to the defense.

    You might want a degree in cyber security if you:

    • Love solving complex problems
    • Enjoy working with computers and systems
    • Are interested in designing and building networks
    • Are looking for a field that is challenging yet fulfilling
    • Want to enter a field with massive job opportunities and growth
    • Want a high salary and unending earning potential
    • Want a Recession-proof industry/job
    • Corporate and government job opportunities
    • Want to make an investment in your future by entering a lucrative field

    Is It Worth Getting an Undergraduate Cyber Degree?

    We can say outright that Yes, getting a degree in cyber security is definitely worth it. While the benefits of entering the field of cyber security are limitless, earning a degree is the best way to set you up for success from the get-go.

    Here are some reasons why earning an undergraduate degree in cyber studies is the best path:

    A degree is more applicable than free resources.

    Many aspiring cyber security professionals turn to free resources in order to obtain their skills and experience on a budget. But these free resources can only take you so far.

    For one, you risk learning outdated or inaccurate information. Second, this “unofficial” education very rarely translates well (in the eyes of hiring managers) when it’s time to apply for cyber security jobs. For these reasons and others, it’s best to take the traditional path and earn a degree from an accredited institution.

    You gain access to a wide range of resources.

    Colleges not only provide degrees but help set students up for success by providing access to a wide range of resources, events, skill-building sessions and more.

    Most colleges offer internship opportunities, networking events, career counseling, and other services to help students not only gain more skills in their field but be better prepared to land a job after graduation.

    A degree lands you a higher starting salary and better job prospects.

    The reality is that earning a degree in cyber security opens the door to a higher starting salary and better job prospects compared to jumping straight into the field with no education or experience.

    In fact, recent studies show that a degree in cyber security can boost a job applicant’s “appeal factor” and lead to a higher salary. Also, keep in mind that many companies actually require applicants to have a degree in order to land the job.

    Is a Master's Degree in Cyber Security Worth It?

    A master’s degree in cyber security can also help you appear more attractive to hiring managers and present an opportunity to improve your skills, specialize in a specific area, and/or pivot to a different area of focus.

    The average starting salary of someone with a Master’s of Science in cyber security is higher than that of someone with a bachelor’s degree.

    And with online learning options available, plus on-campus and hybrid options, getting a master’s degree is more accessible than ever.

    Can I Land a Cyber Security Job with No Experience?

    In short, yes, it is possible to land a cyber security job with no experience. But is it easy? Not necessarily.

     In one of our recent posts, UAT professor Aaron Jones shared his thoughts on getting a cyber security job right out the gate:

    “Information technology is hyper-competitive and the level of success you attain will often directly correlate with the amount of effort you are willing to put into it…

    The degree is part of the equation… If the job does not require one but favors that degree, I have put myself above all other seekers lacking that degree.”

     In other words, a degree may not be required in order to land a cyber security position, but it definitely helps. For your best chance of landing a high salary, we recommend earning at least a bachelor’s degree and attending an accredited college that can set you up for success.

    Career Outlook

    According to the U.S. Bureau of Labor Statistics, the median salary for an Information Security Analyst in the United States is $103,590 per year. The career outlook for cyber security analysts is 31%, which is much faster than the national average. Recent projections anticipate the field of cyber security adding over 40,000 new jobs between 2021 and 2029.

    “Demand for information security analysts is expected to be very high, as these analysts will be needed to create innovative solutions to prevent hackers from stealing critical information or causing problems for computer networks.” – bls.gov

    How to Get a Job in Cyber Security

    One of the best ways to prepare you for a career in cyber security is to attend a college that offers internships, networking opportunities, and access to career services. These resources will help you prepare for job interviews, gain hands-on experience, and find job opportunities through your college’s exciting connections.

    Plus, earning an advanced degree in cyber science is a great way to land an even better position and increase your earnings.

    Applying for Cyber Security Jobs

    Here are some tips for applying to cyber security jobs:

    • Read job descriptions thoroughly and write your cover letter to match the requirements the company is looking for.
    • Have a friend or advisor review your resume, checking for errors and providing tips on how to make it more appealing to hiring managers.
    • Look into additional certifications to improve your skills and appeal to employers.
    • Practice your job interviewing skills to master your interviews.
    • Follow up with employers via email to keep your name top of mind and thank them for their consideration in interviewing you.

    Earn a Degree In Cyber Security at UAT

    UAT offers a Master’s of Science in Cyber Security, as well as bachelor’s degrees in Network Engineering, Network Security, and Technology Forensics. Our Cyber Security Degree for Ethical Hackers and Network Security Curriculum has been certified through the NSA/DHS National Information Assurance Training Program in Information Assurance and Cyber Defense.

    Designated as a Center of Academic Excellence by the National Centers of Information Assurance Education (CAE/IAE), UAT’s Network Security Bachelor’s of Science degree prepares students to take on the ever-evolving world of information security.

    If you believe a career in cyber security may be right for you, request information about our degree programs. At the University of Advancing Technology, we’re passionate about helping students enter STEM fields and acquire the skills they need to land a rewarding career in cyber security and beyond.

    read more
    less

    Steps You Can Take to Secure Your Identity Online


    Being a victim of a security breach is frightening and disruptive. Unfortunately, it is becoming an increasingly common part of our digital lives. The FTC states that 7-10% of U.S. citizens are victims...

    Being a victim of a security breach is frightening and disruptive. Unfortunately, it is becoming an increasingly common part of our digital lives. The FTC states that 7-10% of U.S. citizens are victims of identity fraud. On a long enough timeline, most of us become victims of a security breach in one form or another. In fact, you may already be a victim and are unaware.

    A simple method to check for security compromise can be performed at the "have i been pwned?" site. This site was created by Troy Hunt, a Microsoft Director, in order to help increase security breach awareness and prevent exploitation of multiple user accounts. Troy researches breaches and pastebins (a hacker preferred text storage sites) on behalf of others as a public service.

    Here are some simple steps that can help secure your identity and increase your online security posture:

    1. Use unique, complex (upper-case, lower-case, numbers and special characters) and long (greater than 12 characters) passphrases for passwords and change them regularly
    2. Use multifactor authentication, or two-factor authentication whenever possible
    3. Freeze your credit with the three credit bureaus

    Password reuse is very common, as are weak and short passwords. One way to help eliminate this problem is to create an audit list of all accounts that you have created—try to recall all of them. Go through the list and change all of the passwords to something, unique, complex and long. While you’re there, set up multifactor authentication as well. This prevents the hackers from succeeding with multiple account access with the same credentials.

    Network Security degree at University of Advancing Technology


    This audit and password change process can be daunting with the large number of accounts we tend to create, but it's easier to facilitate with a password manager. A password manager is an application that stores and generates strong passwords using the latest encryption algorithms and will outperform even the best human memory. Speaking of imperfect memory, changing all passwords quarterly is a best practice. Some recommendations for password managers to help facilitate this process are:

    Multifactor authentication (MFA) can be implemented by setting up a sign-on generated pin number text to a mobile device, an email, or a code sent to an MFA application hosted on a second device. There are numerous ways to implement this process and it can often be performed natively through the website you interface with. Having MFA and unique, long, complex passwords exponentially decrease your chances of being compromised.

    Finally, there’s the process of freezing your credit. All three bureaus—Equifax, Experian and Transunion—have a free method to freeze your credit from inquiries and new account creation. By blocking your credit, it’s not possible for a threat actor to create an account falsely under your identity. When you need to have a credit inquiry performed, or an account opened, you simply unfreeze your credit during that time period, then re-freeze the accounts when done. It’s a free layer of protection. Here are the links to freeze your credit:

    If you’re in doubt about your personal security, these steps are helpful in assisting you to increase your security posture and reduce risk of identity theft. 


    SECURE YOUR FUTURE WITH A CYBER SECURITY DEGREE

    Network Security degree students will use critical thinking to research current and evolving cyber security trends and become experts in network security industry standards and regulations. Graduates from the cyber security program will have the essential knowledge and experience to automate their own security processes through extensive training in network security programs and scripts, and be prepared for careers in government and multinational corporations seeking certified ethical hacking professionals.

    Don't wait. Apply now!

    Cyber Security Passion

    read more
    less

    Wireless Security Myths: How to Make Security Harder for Just the Good Guys


    Not all advice is created equally—especially when it comes to technology security. There are things you can do which greatly increase your security and protection. And there are things you can do that provide only minimal, if any, protection. Let's look at wireless security. Whenever I can, I use a wired connection. It tends to be faster and more stable. However, wireless...

    Not all advice is created equally—especially when it comes to technology security. There are things you can do which greatly increase your security and protection. And there are things you can do that provide only minimal, if any, protection. Let's look at wireless security.

    Whenever I can, I use a wired connection. It tends to be faster and more stable. However, wireless is incredibly convenient and relatively easy to set up, so it’s pretty prevalent everywhere. But with any networking technology, network security must be considered.

    The average home user, when it comes to wireless security, may do some googling, and come upon some very popular advice. But is it GOOD advice? I googled "how to secure a wireless network", and the first result was from the Cybersecurity & Infrastructure Security Agency with a list of suggested actions, including the following two popular options to minimize the risks to your wireless network.

    • "Restrict access. Only allow authorized users to access your network. Each piece of hardware connected to a network has a media access control (MAC) address. You can restrict access to your network by filtering these MAC addresses. Consult your hardware's user documentation for specific information about enabling these features. You can also utilize the “guest” account, which is a widely used feature on many wireless routers. This feature allows you to grant wireless access to guests on a separate wireless channel with a separate password, while maintaining the privacy of your primary credentials.

    • Protect your Service Set Identifier (SSID). To prevent outsiders from easily accessing your network, avoid publicizing your SSID. All Wi-Fi routers allow users to protect their device’s SSID, which makes it more difficult for attackers to find a network. At the very least, change your SSID to something unique. Leaving it as the manufacturer’s default could allow a potential attacker to identify the type of router and possibly exploit any known vulnerabilities."

    Pretty authoritative, right? I mean, it comes from a government website; certainly, we should heed it. This advice, in a nutshell, sounds pretty reasonable: use MAC address filtering, and disable the broadcasting of your SSID address. I'm going to be radical, though, and tell you to ignore both of those as relatively useless advice, which needlessly complicates things, when there are simpler and better options.

    Let's discuss MAC address filtering first. Basically, you find the MAC address of your network cards, and then add them to a list of "allowed" network cards. If you need to connect a new device to wireless, you need to find the MAC address of the device and add that MAC address to allowed devices—otherwise, it cannot connect. This sounds pretty great, though it is a lot of work if family comes to visit regularly and wants to connect their devices, administrative overhead increases.

    Cyber Security Degrees at University of Advancing Technology


    Does it keep the bad guys off your network? The bad guys need to be near your network, and they need to have the WPA2-PSK you use—the password you give out. They also need to have an approved MAC address. But guess what? A popular tool around for over a decade, Kismet, allows anyone to see the clients connected to your wireless access point, and it lists the MAC address for those clients. Then, the bad guys can change their MAC address to one of these approved clients—it'll take them about 60 seconds or less. How long does it take you to add MAC addresses to the approved list? Probably longer. So, we have a layer of security—and I'm all for layers of security—but this layer of security makes things harder for the good guys and doesn't present any hindrance to the bad guys. It’s not worth the time.

    A similar method is disabling the broadcast of your SSID address. This is another popular recommendation that is effectively like filtering your MAC address. Anyone who comes over to use your wireless will need you to provide your SSID to them to type in, along with your WPA2-PSK wireless password. All the devices you set up in your home will need to be set up manually as well, as they won't be able to "see" your wireless network. This is a lot of overhead. Worth it? Unfortunately, no. Once again, it's work for the good guys, and no hindrance to the bad guys. The bad guys, once again using Kismet, are able to "see" the names of all hidden, non-broadcast SSIDs in the area.

    Both of these options would be like putting your front door on the roof of your house—harder to get to, better security—right? Except every time you want to get in your house, you have to climb a ladder, meanwhile, the bad guys just break a window.

    Instead, focus on the WPA2-PSK key, the password you use to connect to your network. Longer and complex is always better, just like with your passwords. Simply adding a few characters can significantly improve the security of the password and better secure your network, without making things harder for you (and negligible for the bad guys) like MAC filtering and SSID broadcast disabling.

    Work smarter—and be harder to hack!


    SECURE YOUR FUTURE WITH A CYBER SECURITY DEGREE

    Designated as a Center of Academic Excellence by the National Centers of Information Assurance Education (CAE/IAE), UAT’s Network Security bachelor of science degree prepares students to take on the ever-evolving world of information security. Network security students will receive hands-on technical training and learn best of class software and network programming and essential network security analysis.

    IMG_6729-1

    read more
    less

    Cyber Security best practices and what not to do. How to keep your system and organization safe from cyber threats.


    Cyber Security Best Practices Human psychology is a fascinating yet troublesome area of interest for me as a cybersecurity professional. In over 30 years in the industry, the primary “unsolvable” problem has been human behavior. Most people...

    Cyber Security Best Practices

    Human psychology is a fascinating yet troublesome area of interest for me as a cybersecurity professional. In over 30 years in the industry, the primary “unsolvable” problem has been human behavior. Most people don’t intentionally try to create problems, but they sometimes can’t help themselves. Take for example, the continued growth of phishing campaigns, which allows malware into your environment.

    Malware (short for malicious software) is unwanted programs that can cause your system slower speeds, damage or can result in the loss of data or control of your operational systems. Types of malware are extensive, but some of the terms you have heard include virus, worms, ransomware, adware, and more.

    If you aren’t familiar with the term “phishing”, it is a play on the word fishing, where you are trying to bate or entice someone, normally via email or a web advertisement, to click a link. That link will then take you to a compromised site or download the malware onto your system. If your system or network has exploitable vulnerabilities, then you can further compromise your environment, resulting in the loss of confidentiality, integrity and/or availability of your critical data or operational environments. Phishing may be used to ask for your credentials to a specific site (bank, credit card, social media).

    How do people get caught up in these types of activities? Well, here are just a few of the more common reasons.

    Curiosity

    The email header reads: “Queen announces retirement from Royal Duties”. In the email is a link that says “read the latest news here”. Of course, you are curious; but do you click the link? Of course NOT.  If you think it is real news, you can find it on reputable news sites. If you scan the headers of your emails, you might find a few dozen or more headers with attempts to catch you with something you would be interested in. 

    Rewards

    The email header reads: “Complete this survey and get a $100 Walmart gift card”. Inside the email is a link that appears to go to a survey. Of course, it likely isn’t legitimate. 

    Fear, Uncertainty and Doubt (FUD)

    The email header reads: “Action Required: Your PayPal Account is Suspended”. Inside the email is a professional looking button that says PayPal Login. Looks legitimate? Do you have a PayPal Account? Maybe your wife set one up in your name? Don’t click the link. You can check the status of your account by going directly to the vendor’s known legitimate website.

    Boredom

    You are just sitting there trying to find something new and interesting to read or do. Those kinds of situations get us all into trouble.

    Exhaustion or In a Hurry

    Sadly, the faster we try to go or more tired we get, the more likely we are to make a bad decision or just not analyze the situation correctly. This is the same reason why most people don’t read the terms and conditions associated with their applications and memberships. With an average attention span of 8 seconds, people tend to look for “instant gratification”.

    pexels-junior-teixeira-2047905

    Can You Prevent Cyber Security Threats?

    How do you stop humans from “clicking the link”? Better to ask, can you? The human nature will revert to its habits, so cybersecurity education, training and awareness will only take you so far. Don’t get me wrong, education is still essential, but you do have to assume somebody will click a malicious link, and organizations must be ready when they do.

    1. Don’t default to administrator rights so software can be automatically installed. This will help to prevent malware installation and escalation of privileges compromises. You can force any software installation to require additional actions or privileges. While inconvenient, this closes a lot of opportunities for malware installation.

    2. Deploy malware detection tools on the systems and networks. This additional layer of security helps address two possible point of entry.

    3. Logically or physically separate operations on your network. Production operations is normally where your most critical operations occur. Keeping this network segment (or vlan) away from more administrative types of functions moves entry points further away from critical operations.

    4. Seriously consider whether you allow non-organization-owned equipment to connect inside your network. This would include smart phones, tablets, and laptops that don’t have confirmed protections.

    5. Limit the number ports and applications allowed onto your systems and network to the bare minimum needed for operations. While malware can use common communication channels, many will try to use some of the less common channels.

    6. Monitor your network and systems for unexpected issues. This would include performance impacts, attempts to use uncommon communication channels, loss of storage, or increases in resource utilization.

    Sadly, there is no perfect prevention; however, a few pre-emptive actions can significantly reduce the likelihood of a successful malware attack.

    University of Advancing Technology Cyber Security student


    Find out more about the Cyber Security Degrees offered at UAT! 

    Our cyber security degree majors and cyber security lab are recognized by industry and government entities alike for their ability to help generate the future innovators of the cyber security industry. We focus on creating true leaders who will have mastery in ethical hacking and uphold the highest industry standard of cyber integrity in our quickly evolving world of cyber security technology and online security.

    Visit University of Advancing Technology for more information on all our cyber security majors . 

    read more
    less

    H@xc0rd


    H@xc0rd is a simple yet powerful Discord bot for the utilization of common tools frequently used in network security, without the need to understand Linux. “With only one command to start it, there’s no reason not to love it,” says H@xc0rd mastermind Bradley Chavis (Advancing Computer Science, ...

    H@xc0rd is a simple yet powerful Discord bot for the utilization of common tools frequently used in network security, without the need to understand Linux.

    “With only one command to start it, there’s no reason not to love it,” says H@xc0rd mastermind Bradley Chavis (Advancing Computer Science, Network Security). “No more struggling to set up a Linux machine, or trying to find all the tools compatible with Windows. It’s just one command and you’re done.”

    H@xc0rd tools range from exploit to recon, including Hashcat, Hydra, Nmap, Shodan and many more. Each tool has its own custom-built help section to guide the user through understanding what the tool is, how to use it and how to use the results gained from it.

    H@xc0rd was built off the node.js run time library, leveraging many libraries along the way, such as Discord.js and axios. The different commands are based on modules, enabling them to be loaded dynamically. This offers another benefit — the ability to limit users to certain tools and commands. Since many tools within this project can be intrusive to the local network that it’s hosted off of, the bot owner can adjust who has access to what tool at any time, significantly limiting the chance for it to be abused.

    H@xc0rd is even simpler to use on the server this bot is hosted on — only a Discord account and a basic knowledge of the platform is needed. To use the bot, simply tighten the specified prefix that can be found packaged sub.js on file and the command you want to run. Such as a “!ping” command, which gives you latency to the bot.

    Crack a password hash with java ripper and show off the results to everyone on the server. You no longer need to export the results of the tool to a file and send that file to others, time and time again. Better yet, want to find information on how many times a certain password has been compromised, like password? Use the “!haveibeenpwed,” which utilizes the haveibeenpwed guy to query and display the results.

    Want to find out information about a machine accessible to the public internet through “!shodan,” and don’t know where to start? Start with H@xc0rd. Just add the help argument after any command for a comprehensive description of the tool, arguments that can be used with the command and external resources to learn more about that specific tool.

    Now you may ask, how do I know all the commands in the first place? Well, the command “!commands” of course, which lists out all the available commands. Currently, there are approximately 15 types of tools implemented into this project.

    As time goes on, new tools come along and current ones slowly fall out of date by not getting updated. To accommodate this, Bradley and project partner David Austad (Network Security) will consistently update the tools within the project, removing and replacing them with new ones that provide similar results.

    If there is a tool that hasn’t been implemented yet, but you really want to use it, you have the freedom to add it yourself. H@xc0rd was built so that a new tool can be implemented in a matter of minutes!

    During the building of this project, Bradley and David ran into a big issue — at first, the only way to run H@xc0rd was on Linux. Since this didn’t comply with the final goal of utilization by everyone, they searched for a solution and found Docker, a virtualization platform that allows operating systems’ environments, like Linux, to run on systems that generally wouldn’t support that, such as Windows or Mac OS. Docker’s implementation into this project allowed H@xc0rd to be hosted on nearly every operating system and can easily be tuned if one doesn’t work perfectly through the provided install script.

    Another goal of the project was to make it as simple as possible for the user to set it up through install scripts. The entire install process was automated through bash scripts to run natively on most Linux systems.

    Saving the best part for last, it’s free and open source. Bradley states, “You will never be limited with what you can do with this project, only by your imagination.” As time goes on, Bradley hopes others will contribute to it as well. Currently, H@xc0rd is only available via GitHub with plans in the works to host it through Docker as well.

     

    Take your ideas and make them happen with UAT’s Advancing Computer Science degree.

    read more
    less

    Smart House Security Solutions


    Inspired by the lack of Internet of Things (IoT) security in homes and small business environments, Andrew Maddox (Network Security) created Smart House Security Solutions, a budget solution to network segmentation for home use of IoT networks. The project provides underutilized methods and tools for securing everyday IoT environments...

    Inspired by the lack of Internet of Things (IoT) security in homes and small business environments, Andrew Maddox (Network Security) created Smart House Security Solutions, a budget solution to network segmentation for home use of IoT networks. The project provides underutilized methods and tools for securing everyday IoT environments through a less expensive means of network segmentation, which is vital for the future and creates a demilitarized zone for the IoT devices.

    To create the project demo, Andrew and fellow peers took advantage of the equipment in the lab and quickly got their hands dirty making IoT devices.

    UAT’s segmented network was used as an example for this project. UAT’s primary segmented network leads to the primary front facing router with the switch delegating internet access based on IP range from the primary front facing router to personal computers or any computer that might be connected to the network. The IoT network has a wireless access point that facilitates all IoT communication between the devices and server.

    The primary (public) router cannot ping the IoT network or device. As far as the front-facing router is concerned, the information was already passed to the IoT network router which distributes the information to the IoT devices for a more downstream flow. Without direct communication between the primary router and the IoT device/network, the IoT network becomes a demilitarized zone and handles the primary server communicating with the IoT devices and io network.

    Andrew pursued the IoT project because of the experience he would gain and the opportunity it presented. The project involved systems administrative experience, network engineering, team management, problem solving and more. Throughout this project, Andrew learned a great deal about network segmentation as a component of the layers of network security, which is becoming more relevant as IoT becomes more pervasive.

    Andrew is currently a Network Security major in his eighth semester at UAT, a previous CCDC team member and student ambassador and now a full-time employee at Norton LifeLock as a site reliability engineer.

     

    Take security into your hands with a Network Security degree from UAT.

    read more
    less

    Student Spotlight: Daniel “Kody” Mitchell


    Always interested in technology, Daniel “Kody” Mitchell grew up watching his father play World of Warcraft and StarCraft. He quickly fell for these games and soon after, developed a love for programming while taking computer science classes in high school. Kody came to UAT for the nerd and geek vibes. Since attending, he loves the family community...

    Always interested in technology, Daniel “Kody” Mitchell grew up watching his father play World of Warcraft and StarCraft. He quickly fell for these games and soon after, developed a love for programming while taking computer science classes in high school.

    Kody came to UAT for the nerd and geek vibes. Since attending, he loves the family community aspect, the collaborative teamwork-focused environment, the combination of hard work and having fun and how the University truly prepares students for the real world. Kody feels that he has already learned so much about the industry and has gained the basic skills he will need to thrive.

    Studying Artificial Intelligence and Network Security at UAT, Kody chose these degrees because he’s always been fascinated with artificial intelligence and knew that the world needs more cyber security professionals. So, he thought why not combine the two for a unique education and skillset! 

    Kody is a Student Ambassador for UAT and was involved in Nerf Warz! In his free time, Kody has been working on a project to create a calendar-budget program in Python that allows the user to see things at a glance, or hover over days for more details. The basis of the idea consists of the user inputting transactions they make on any given day (expense or income), and based on any recurring fees or payments, the program will show what day the user might run out of money (if there is one).

    After taking a couple of classes taught by Mason Galatas, Kody was inspired by his expertise in his field and hopes to one day know as much as him, be as helpful and have as much fun!

    Kody’s hobbies include 3D printing, programming, playing video games, singing in the car and watching movies. Once Kody gets out in the real world, he can't wait to put the skills he’s learned from UAT to the test and make a positive difference!

    UAT is for people like you. Discover where you fit in at UAT.

    read more
    less

    Golang the new standard for malware langauge?


    In a recent security report by cybersecurity firm Intezer, they reported that a huge spike of malware strains being coded in Go programming has increased about 2,000% in recent years.  This new trend was backed by this report that...
    In a recent security report by cybersecurity firm Intezer, they reported that a huge spike of malware strains being coded in Go programming has increased about 2,000% in recent years. 
    wp7041189
    This new trend was backed by this report that malware writers are actually moving away from C and C++ to Go. This language was released back in 2007 by Google. The first malware written in Go was discovered in 2012.
     
    Intezer states "Before 2019, spotting malware written in Go was more a rare occurrence and during 2019 it became a daily occurrence," Now that has changed since Golang is now becoming common.
     
    Why is it so popular all of a sudden? Well due to Go is fairly easy to be cross-platform. Which in turn allows Malware writers to only needing to write code once and put in binaries from other platforms to be able to cross-platform. So, they can target Windows, Mac, and Linux. Making the malware versatile, another reason is how Golang binaries are a pain to analyze and reverse engineer by security researchers. For Malware writers that's extremely good as it makes the malware detection lower.
     
    The final reason is how Go is built to work extremely well with network packets and requests, it has cloud-native applications already built into it. It's easy to work with especially when it comes to C++ network services.
     
    It's a big plus for these malware writers/developers to have everything they need in one place. Saves them time and probably headaches so it's no wonder Golang malware's are popular all of a sudden. 
     
     
    "Many of these malware [families] are botnets targeting Linux and IoT devices to either install crypto miners or enroll the infected machine into DDoS botnets. Also, ransomware has been written in Go and appears to become more common," (Intezer, 2021)
     
    Here are some of the malware seen using Golang in the past year:

    Zebrocy - Russian state-sponsored group APT28 created a Go-based version of their Zebrocy malware.

    WellMess - Russian state-sponsored group APT29 deployed new upgraded versions of their Go-based WellMess malware.

    Godlike12 - A Chinese state-sponsored group deployed Go-based backdoors for attacks on the Tibetan community.

    Go Loader - The China-linked Mustang Panda APT deployed a new Go-based loader.

    GOSH - The infamous Carbanak group deployed a new RAT named GOSH written in Golang back in August.
     
    Glupteba - New versions of the Glupteba loader were seen in 2020, more advanced than ever.
    A new RAT targeting Linux servers running Oracle WebLogic was seen by Bitdefender.

    CryptoStealer.Go - New and improved versions of the CryptoStealer.Go malware was seen in 2020. This malware targets cryptocurrency wallets and browser passwords.
    read more
    less

    How to Choose a Technology Major for 2021 and Beyond


    Choosing a college major is a big undertaking. Even more daunting is planning for a career that will grow and remain exciting for decades. Getting a college degree is more than just a rite of passage or something you have to do. It is the first step to a journey that will shape your present, your future and how you want to contribute to society. If you have a...

    Choosing a college major is a big undertaking. Even more daunting is planning for a career that will grow and remain exciting for decades. Getting a college degree is more than just a rite of passage or something you have to do. It is the first step to a journey that will shape your present, your future and how you want to contribute to society.

    If you have a passion for technology, you are in for a great adventure.

    Fueling economic growth, improving standards of living and creating new jobs are just some of the benefits of technology. With an economic impact of $1,879b and over 4.6 million US job postings, tech jobs are exploding.


    So how do you know which major to choose?

    The key is to select a major that:

    1. Offers strong job opportunities after graduation
      Technology jobs are hot in 2021. Arming yourself with strong skills gives you a great advantage when you are ready to start your career. Coding and programming, understanding data analysis and knowing best practices for your chosen field are skillsets that employers look for.

    2. Opens doors to industries that excite you
      Technology companies and non-profits are working to solve some of the most important problems in the world. From climate change to eliminating hunger, from nanoprocessors to self-driving vehicles, technology is leading the way to breathtaking human progress.

    3. Helps you realize your passion and ways to express it
      Your life can be immensely enriched if you are fortunate enough to figure out what excites you and find work in that area. Choosing the right major can help you earn a living and build a life doing what you love.

    4. Provides long-term opportunities for income, growth, and experiences
      A rewarding career should provide you with the opportunity to learn constantly, advance toward your goals and grow as a person. 

    Choosing the right college major can lead to a career that lets you take on new challenges and experience the rewards of solving big problems using technology. Ideally, it will provide you with a platform for launching your career and a foundation for a meaningful long-term adventure.

    An Overview of the Top 10 IT Jobs by Projected Growth Rate
    Tech Job Median Pay Projected Growth Rate
    Artificial Intelligence Engineer $146,085 344%
    Information Security Analyst $99,370 31%
    Software Engineer $107,510 22%
    DevOps Engineer $111,311 21%
    Java Developer $103,464 19%
    Data Analyst $118,370 16%
    Computer Research Scientist $122,840 15%
    Data Scientist $100,560 15%
    PHP Developer $86,616 13%
    IT Manager $146,360 10%

    High Demand Technology Majors with Long-Term Potential

    As a technology major, you are ideally positioned to take part in some of the most exciting trends in history. These tech trends are growing quickly in 2021 and offer strong career potential over the longer term.

    Trend 1: An Explosion of Data
    By the year 2024, an estimated 149 zettabytes — the equivalent of more than 149T gigabytes —will be created globally every single day. The challenge is to take all that data, store it and deploy it in ways that help businesses, organizations and entire societies.

    From small e-commerce shops to huge government agencies, organizations of every size and type know they need to use their data more effectively. It is among their highest priorities. That is the role of the data scientist. They integrate math, computing and critical thinking to answer deep questions, solve big problems and invent data-centric tools and technologies.

    Some data scientists shape huge data stores to optimize traffic and services in large cities. Others monitor the click flows and user patterns on huge web platforms. Some help to create IoT solutions that make driving safer. Data scientists use raw data to develop insights and tools that unlock the future.

    Short-term Demand: Data Science, Data Analysis or Machine Learning appear on nearly every list of top career options for 2021. The US Bureau of Labor Statistics (BLS) lists Data Scientists among its most in-demand professions now.

    Long-term Outlook: The best opportunities in data science combine AI and machine learning to connect create new knowledge. That trend is just starting. The BLS expects 15% growth in the demand for Data Scientists between now and 2029.

    Trend 2: Growth in AI
    Artificial Intelligence is coming into its own as a stand-alone technology that helps humans make decisions, create media and manage large-scale online platforms, among many other things.

    It is also a sort of "operating system" for other leading-edge technologies such as automation, DevOps, chatbots, and robotics. AI-driven applications will touch nearly every area of our lives. That's why AI majors’ study human cognition decision-making along with networks, programming and computer science.

    Short-term Demand: Artificial intelligence specialists are in strong demand now. AI is a young, expanding field that is creating outstanding career opportunities.

    Long-term Outlook: Forbes reports that AI will create $15.7 trillion in economic value by 2030 and lead to 12 million new jobs by 2025. Recruiting site ZipRecruiter.com calls the career prospects for AI professionals "excellent." The site notes that AI is expected to grow "explosively" over the coming decades as the technology matures and finds its way into more uses.

    University of Advancing Technology offers multiple Cyber Security Degrees

    Trend 3: The Scourge of Cybercrime

    The cost of cybercrime is expected to exceed $6.1 trillion in 2021, according to Cyber Security Ventures. That's $190,000 every second.

    Whether they are guarding against identity theft, preventing destructive hacking or detecting and defeating espionage, fighting cybercrime is a growth area for well-trained professionals. Sadly, as long as there are cyber targets, there will be cybercrime. Society depends on a new generation of cybersecurity superheroes to deter, detect and defeat it.

    Short-term Demand: 74% of companies worry that a lack of cybersecurity talent will put their data at immediate risk, Forbes reports. The New York Times calls the current employment market a "mad dash" to find qualified information security professionals.

    Long-term Outlook: The Bureau of Labor Statistics expects the demand for cybersecurity experts to remain strong for the next decade, at least.


    Choosing a Technology-Focused University

    An investment in education is an investment in your future. We have seen that one way to maximize your investment is to consider both immediate and longer-term career implications. Choosing which college to attend is just as important as choosing the right major. Just like your degree, you want to make sure your university is the right fit for you.

    Technology changes fast. So, it is crucial to choose a university that is fully dedicated to preparing you for your future. Rigorous academic coursework and extensive hands-on skills building will provide a broad and deep foundation on which to build your technology career. Ask your potential college how often they update the technologies, software, and tools you will be using. You can’t learn the newest advancing technologies if you’re working with outdated equipment.

    Life-long learning is important for any degree major but even more so for technology majors. Technology is exciting because it is constantly changing, and you need to be ready to change with it. Seek out a university that offer opportunities for continued learning after you graduate. Look for alumni programs and benefits that will help you advance in your career long after your graduation date.

    Classes, studying, and working on course projects will make up the bulk of your college career, however, don’t forget to look outside the classroom for more to learn. Take advantage of social clubs, student events, and networking opportunities to build a group of like-minded friends and maybe even future colleagues or business partners.

    College can be expensive so invest wisely. Speak with financial advisors to learn what programs and scholarships are available. Spend some time researching grants or private sources of aid. Consider the length of time you will be in college too. Most bachelor’s degrees require four-years of study however, if your university of choice offers accelerated programs or year-round study, then you may be able to graduate sooner. That means you can be earning a salary and moving up the company ladder while your peers are still in school paying for tuition, books and room and board.


    Putting it all Together: Choosing Your Tech Major and College

    Choosing a technology major should be fun and exciting and done with some planning for the future. Technology careers can be rewarding and long-lived with the right plan of action in place. That plan starts with choosing a major that aligns with your interests and goals for what you want to accomplish in your career. Selecting the right university will ensure that you get a solid academic foundation in your major of choice, build lasting relationships with like-minded people, and provide the tools and resources for life-long learning that will help you build and grow a great tech career.

    If you're interested in a career in technology, University of Advancing Technology is a great place to start. UAT is an elite, private university that offers cutting-edge technology majors at it's Tempe, Arizona campus, online, and hybrid classes. This tech-focused University has the status of being among a select few 100% STEM-based universities in the nation. Learn more at UAT.edu or request information.

    University of Advancing Technology campus in Tempe, AZ. Students gathering in the courtyard

    read more
    less

    UAT Promotes Cyber Security Awareness Month with Tips & Anecdotes


    UAT has led the way in cyber security since the late 90s, writing the rule books for cyber security education in Arizona.   Marking over 20 successful years since the inception of its elite Network Security degree program, UAT is proud to participate in Cyber Security Awareness Month, during the month of October, allowing our faculty of experts to share important...

    UAT has led the way in cyber security since the late 90s, writing the rule books for cyber security education in Arizona.

     

    Marking over 20 successful years since the inception of its elite Network Security degree program, UAT is proud to participate in Cyber Security Awareness Month, during the month of October, allowing our faculty of experts to share important information on cyber security with the public.

     

    UAT recognizes the importance of training cyber security experts, in its students, alumni, faculty and in local members of the community.

     

    We have compiled a few tips and anecdotes about our students below.

     

    From Cyber Security Program Champion Greg Miles:

     

    • Security isn’t an instant solution. It's a lifetime process that must be integrated from the very first steps of any project.
    • Introducing the concepts of cyber security and identity protection at an early age, will help you in the battle against the bad guys a.k.a. hackers.
    • UAT provides students with a security education that includes traditional theory, extensive hands-on, innovation projects, and industry exposure. UAT strives to provide employers with well-rounded and well-educated employees to support this rapidly-growing field. We're priming white hat, ethical hackers for good
    • UAT students and alumni have the opportunity to work as paid volunteers at Black Hat and attend DEFCON. These epic experiences provide students with extensive exposure to multiple cyber security companies, which is better than any job fair, and awesome experience to add to their resume.

     

    UAT Cyber Security students at Black Hat
    UAT Cyber Security students at Black Hat

     

     

     

    From Network Security Professor Mason Galatas:

     

    • Cyber security is really, really important. These figures help illustrate why.
    • The network security attack surface is expected to reach 4 billion by 2020, just over two years from today. Cyber crime is expect to triple during this time. Now is the time to educate yourself.
    • A hack can cripple a company. A security breach, without appropriate remediation measures and response capability, both of which are expensive, can force a company out of business. According to the NCSA, 60 percent of small and medium companies that experience a data breach go out of business within six months.

     

    Cyber Security Awareness Month at University of Advancing Technology Professor Mason Galatas with Cyber Security Alumni Will Peterson

     

    From UAT President Jason Pistillo:

    • Having started a degree teaching students how to defend networks in 1998, we’ve helped contribute to the Arizona cyber security industry by pre-populating the talent pool for 20 years.
    • That’s allowed a record amount of cyber companies to germinate here in Arizona, Including Trusona (headed by Ori Eisen), Terraverde (Ed Vasko) and CellTrust (Sean Moshir).
    • With the momentum of talent and active cyber companies in Arizona, we have the opportunity to cement Arizona as a central hub for cyber security like the silicon valley of cyber.
    • Anyone can be a script kiddie, it’s takes brilliance, creativity and discipline to be a true cyber security professional and that’s why UAT is so passionate about making sure graduates have proven they have the skills, have competed and won multiple competitions including WRCCDC and created an innovation in their field.

     

    Cyber Security students at WRCCDC - Take 2nd Place Cyber Security students at WRCCDC - Take 2nd Place

     

    • Our information and privacy is becoming more precarious by the second. The more connected the world gets, the more vulnerable we are; but the worst part is the societal apathy that’s emerging towards breaches of confidential information, privacy and the disregard for Intellectual Property.

    Want to know more about cyber security from UAT's experts?

     

    UAT is hosting a Cyber Security Open House on Oct. 12, with industry experts, faculty and alumni to offer tips on how to stay safe online and talk about the importance of Cyber Security education to the public.

     

    Learn more about protecting yourself online. Dive into what it's like working for the Cyber Security Industry. Celebrate Cyber Security Awareness month on October 12, with a full slate of activities, industry talks, and topics involving some of industry's top professionals. Don’t miss out on this incredible educational event!

     

    What: UAT Cyber Security Open House

    When: Thursday, Oct. 12, from 6:30-8:30 p.m.

    Where: University of Advancing Technology: 2625 W. Baseline Rd. Tempe, AZ 85283

    Why: To celebrate Cyber Security Awareness Month and educate the public on tips to stay safe online.

    Event is Over

     

    See you on Thursday night!

     

    read more
    less

    UAT Hosted 2nd Annual Cyber Security Open House


    UAT held the 2nd Annual Cyber Security Open House on Thursday, Oct. 12, in conjunction with the national cause, Cyber Security Awareness Month.   UAT Cyber Security professors Wayne Kibbe and Mason Galatas teamed up to present a slideshow on the basics of cyber security and how to protect yourself the best you can from hackers.   Professor...

    UAT held the 2nd Annual Cyber Security Open House on Thursday, Oct. 12, in conjunction with the national cause, Cyber Security Awareness Month.

     

    UAT Cyber Security professors Wayne Kibbe and Mason Galatas teamed up to present a slideshow on the basics of cyber security and how to protect yourself the best you can from hackers.

     

    Professor Wayne Kibbe said, “Cyber Security education is very important for several reasons. First, the demand for cyber security skills is rapidly growing and US Labor Department reports claim shortages for the foreseeable future. Second, as more and more devices connect to the internet, the chances of individuals getting hacked is increasing. A career in the field could be very rewarding by protecting not only individual consumers, but private businesses and government agencies as well.”

     

    Some important takeaways from the presentation include:

    • Online shopping is a risk - make sure to use credit cards versus debit cards due to extra built-in protection from credit card companies. Gift cards are even more secure.
    • Social media can give away too much personal information. Avoid sharing your address, phone number, birthdate and schools you or your family has attended. Also, don't advertise on social media that you are on vacation. You'll catch attention from the wrong people!

     

    Cyber Security - tips to stay safe online by UAT Cyber Security experts Cyber Security - tips to stay safe online by UAT Cyber Security experts

     

    • Social engineering - be careful what information you share with people who are randomly and overly curious in specific personal questions.
    • Free WiFi may look legit, but beware it could be disguised with a common name like "Starbucks Guest" so the customer is likely to assume it's safe and for the use of Starbucks customers. Use a Virtual Private Network (VPN) to be sure communications are safe, even on a public network.
    • Be aware of other tech in your house that may connect to the Internet such as an XBox, Smart TV's, refrigerators, thermostats and more. These devices can be vulnerable to attacks, as well.
    • Update your software. Hackers commonly target software that does not update automatically because users are less likely to run updates regularly themselves. This can create opportunities for bad guys to infiltrate the program.
    • Passwords are hugely important so don't be generic. If you struggle in creating a unique password, try multi-factor authentication. In addition to multi-factor authentications, applications such as Lastpass can create lengthy and random passwords for you.

     

    For more information on cyber security and how you can reach a higher level of training and education, please click to learn more about UAT.

    read more
    less

    Evening Open House


    Curious about a career in tech?     Stop by the University of Advancing Technology during our open house event to learn how our exciting technology degrees will prepare you for a future-proof career in ...

    Curious about a career in tech?

     

    openhouseCyber-1

     

    Stop by the University of Advancing Technology during our open house event to learn how our exciting technology degrees will prepare you for a future-proof career in cybersecurity, computer science, artificial intelligence, robotics, business technology and more.

     

    Ready to take your career to the next level? Check out our patent-pending graduate degree programs in technology leadership or game production and management.

     

    Busy with work? No problem. We use SyncFlex, a flexible learning model, which enables students to attend class in person, participate via livestream or watch a recording of class anytime.

     

    When:
    Thursday June 27th

    5:30pm - 7:30pm

     

    Where:

    University of Advancing Technology

    2625 West Baseline Road

    Tempe, AZ 85283

     

    Here's the schedule:

     

    1. Faculty Meet & Greet (5:30 p.m. - 6 p.m.)
    2. Cyber Security Degree Focus (6 p.m. - 7 p.m.)
    3. Campus Tours (7 p.m. - 7:30 p.m.)

     

    Click here to RSVP

     

    Questions? Reach out to Erin: eeichhorst@uat.edu. She is awesome!

     

    Logo 172x172

     

    read more
    less

    Surveillance... or Infiltration?


    This week, AZ Family News reported “Security cameras at Tempe hospital, Graham County detention center allegedly hacked in huge breach,” detailing a potential...

    This week, AZ Family News reported “Security cameras at Tempe hospital, Graham County detention center allegedly hacked in huge breach,” detailing a potential security breach at St. Luke’s Hospital in Tempe, AZ. The article cited startup Verkada Inc., which produced the security cameras for St. Luke’s, explaining how hackers are able to target and access these systems.

    cameras-1

    Aaron Jones, UAT Lead Cyber Instructor and leader in the local cyber community, commented on this story as well as how it is possible for hackers to infiltrate systems such as these.

    “The hackers claimed to have accessed data and live feeds from 150,000 cameras used by Verkada clients, including big names like Tesla and software company Cloudflare. St. Luke's Hospital in www.azfamily.com

    Ubiquitous surveillance is a double-edged sword, and while cameras have been instrumental in solving crimes and locating missing person, their use can also be a severe blow to privacy. The current "attack" perpetrated by an alleged collective of individuals is another strong indicator that some basic security practices are not being followed.

    Of note is mention that administrator access was gained through the use of credentials found on the internet. This is a strong indicator that two-factor authentication was not in place and therefore, someone’s admin account, once breached, was the only piece of protection between the outside world and their most private files.

    It also would be indicative that if true that only a single set of credentials were used, that it is possible, that the admin was reusing credentials in multiple places. Another thing we certainly would not want to do.

    laptop-1

    Companies who have had their data accessed are still victims, even if a third party was the ultimate culprit. We have seen this targeting of third-party providers in many breaches, such as the famous Target breach, and it is a concern that we should always keep in the back of our minds. We can do much to secure our own systems, but what are our partners doing to secure theirs?

    We should expect that any piece of infrastructure left online could be of interest to someone with ill intent. Cameras are a very easy target and due to their very nature, will often contain plenty of entertaining or interesting data. I believe this "breach" is an excellent reminder of how important it is to follow basic security practices, such as not reusing credentials, implementing two factor authentication, and working with your vendors to verify that they are following industry standard practices in cyber security.”

     


     

    More about Aaron: 

    Aaron Jones-1Aaron Jones, the lead Cyber Instructor at the University of Advancing Technology, is a softwaredeveloper who currently creates applications for law enforcement. He is also an AZ POST certified General Instructor as well as a public speaker. He earned a B.Sc., in Computer Information Systems from Park University in 2013 and an M.A., in Intelligence Analysis with a focus in Cyber Security in 2014. He has been the recipient of recognition from the El Paso Police Department, State of Texas, Texas Military Forces, Chandler Police Department, and others. 

     


     

    Interested in studying cyber security?

    Sponsored by the U.S. National Security Agency and Homeland Security Department, University of Advancing Technology’s ethical hacking degree is highly regarded by industry and government entities. UAT’s Network Security Bachelor of Science degree prepares students to take on the ever-evolving world of information security. Network security students will receive hands-on technical training and learn best of class software and network programming and essential network security analysis.

    Find out more at https://www.uat.edu/network-security-degree. And apply at www.uatfastapp.com

    CyberCave-1

    read more
    less

    VMware vulnerability leaves about 6,700 servers ripe for the picking.


    VMware vCenter servers have been hit in a new attack which left them exposed and vulnerable by the hackers which allowed them to take over any unpatched machine and take over companies' entire networks. Mind you this is about 6,700 servers that are at risk.  ...

    VMware vCenter servers have been hit in a new attack which left them exposed and vulnerable by the hackers which allowed them to take over any unpatched machine and take over companies' entire networks. Mind you this is about 6,700 servers that are at risk.

     dfsdf

    A security firm for threat intelligence, Bad Packets is currently scanning all potential at-risk devices to report. This vulnerability targets a plugin in VMware vCenter, it's called vSphere Client (HTML5). These servers are vital to an enterprise that uses VMware as this server is a utility to manage VMware products installed on local machines.

     

    This vulnerability was reported last year by a security firm Positive Technologies which discovered that an attacker could target the plugin's HTTPS interface and use malicious code to elevate privileges without the need to authenticate. Due to how vital this server is in managing other VMware products it was classified as highly critical and was reported to VMware.

     

    It was hush-hush due to how many corporations use vCenter, so they took the time to test and make sure a patch can patch the bug. But a Chinese researcher decided to post the proof-of-concept about this vulnerability labeled as CVE-2021-21972, with this posted it denied companies any time to apply the patch.

     

    Which resulted in a free for all for people to find any vCenter system that is still vulnerable and left online as hackers from different crews stepping over each other to get into these vulnerable systems. Then on top of that the exploit for the vulnerability was a one line cURL request.

     

     

    In a Shodan query more than 6,700 VMware vCenter servers are still connected to the server and will be vulnerable till a admin patches it. VMware has taken this pretty seriously as this vulnerability has scored a 9.8 out of 10 and is trying to get customers to get their systems patched.

     

    Ransomware gangs like Darkside and RansomExx been going after VMware systems and showed that gaining access to these systems are worth it for how much they can get an enterprise to pay up the ransom. A plus is Positive Technologies published a in-depth technical report on the bug which will allow Blue Teams to better defend their networks.

    read more
    less

    SSL: The Key to Web Safety


    Should you equip your website with an SSL Certificate? YES! And here’s why…  An SSL certificate is a file that creates a connection between a website and a cryptographic key. When you use SSL to secure your website, you are working to guarantee that the transfer of data between the...

    Should you equip your website with an SSL Certificate?

    YES!

    And here’s why… 

    An SSL certificate is a file that creates a connection between a website and a cryptographic key. When you use SSL to secure your website, you are working to guarantee that the transfer of data between the server and the user is safe from prying eyes or tampering. This guarantee of security enhances the trust relationship between your site and the customers who are visiting, inspires confidence that can often convert into sales, and increases the page ranking that companies like Google or Microsoft provide when you show up in their search results.

    A website that does not employ an SSL certificate will be branded with a warning to the user that the site is insecure and potentially dangerous. As we move forward, insecure connections will continue to be phased out and some browser developers have indicated that you will soon need to edit your browser configuration to even allow insecure communication between user and server at a not far off date.

    Google began providing a "very lightweight signal" in their ranking algorithm for SSL/HTTPS back in 2014. This small ranking benefit has gradually increased as they have decided that SSL/HTTPS is increasingly important in our modern economy.

    Obtaining an SSL certificate can be free if you use Let's Encrypt, an opensource certificate authority that provides TLS/SSL certificates to over 240 million websites. Major sponsors of Let's Encrypt include Mozilla, Cisco, EFF, and the Chrome project as well as many others. Using a simple application, you can quickly stand up all of the infrastructure you need to rapidly deploy HTTPS support on your website.

    If you are wondering if you should use or deploy HTTPS support on your site, the absolute answer is, yes. It is inexpensive and easy to deploy, provides a heap of benefits, and enhances your users experience and security. There are no reasons not to use SSL or to provide a secure connection to your website.

    pexels-pixabay-60504

    Interested in cyber security? UATs offer a variety of degree choices, from associate to master degree options. Review the programs available at https://www.uat.edu/cyber-security-degrees, and contact admissions@uat.edu to get started!

    read more
    less

    SolarWinds massive Malware attack now tied to Russia.


    The FBI, CISA, ODNI, and the NSA released a statement stating that Russia has orchestrated the SolarWinds attack. It was believed that the hackers were working with a foreign government, but the security agencies have pointed the blame to Russia. (Photo by Alexander...

    The FBI, CISA, ODNI, and the NSA released a statement stating that Russia has orchestrated the SolarWinds attack. It was believed that the hackers were working with a foreign government, but the security agencies have pointed the blame to Russia.

    fdzsd-1(Photo by Alexander Ryumin TASS via Getty Images)

     

    The background to this attack is due to the software provider SolarWinds was breached and a malware-laced update was deployed on Orion software. Which infected networks across US companies and government entities. Which US Security firm FireEye reported on as many other outlets reported this massive attack.

     

    FireEye's own network was even breached as the SolarWinds supply chain attack allowed the hackers to get into their network which around 10 US governmententitieswere breached and around 18,000 Orion customers as well.

     

    The SolarWinds supply chain attack is also how hackers gained access to FireEye's own network, which the company disclosed earlier this week.

     

    The Washington Post cited sources claiming that multiple other government agencies were also impacted.

    Reuters reported that the incident was considered so serious that it led to a rare meeting of the US National Security Council at the White House.

     

    Sources speaking with the Washington Post linked the intrusion to APT29, a codename used by the cyber-security industry to describe hackers associated with the Russian Foreign Intelligence Service (SVR).

     

    FireEye didn't confirm the APT29 attribution and gave the group a neutral codename of UNC2452, although several sources in the cyber-security community with government entities confirming the APT29 attribution, done by the US government, is most likely correct, based on current evidence.

     

     

    In security alerts sent to its customers in private on Sunday, Microsoft also confirmed the SolarWinds compromise and provided countermeasures to customers that may have been affected. 

     

    "The campaign is widespread, affecting public and private organizations around the world," FireEye said.

     

    "The victims have included government, consulting, technology, telecom, and extractive entities in North America, Europe, Asia, and the Middle East. We anticipate there are additional victims in other countries and verticals," FireEye added.

     

    This malware being tied to Russia is a big security concern across the US and its allied countries as it has breach public, private, and government entities across the board. It's gonna be tense to see how this plays out.

    read more
    less

    WordPress can't catch a break with vulnerabilities.


    Seems like WordPress can't catch a break. Another zero-day vulnerability in a plugin for WordPress which has been installed in more than 500,000 sites. In this particular vulnerability, it allows hackers to reset passwords for admin accounts.   This vulnerability was used for weeks on...

    Seems like WordPress can't catch a break. Another zero-day vulnerability in a plugin for WordPress which has been installed in more than 500,000 sites. In this particular vulnerability, it allows hackers to reset passwords for admin accounts.

     

    dims



    This vulnerability was used for weeks on end and thankfully was patched Monday. It was able to impact Easy WP SMTP which is a plugin to let site owners to configure SMTP settings for outgoing emails. A company called Ninja Technologies Network or NinTechNet for short. They state that Easy WP SMTP 1.4.2 and older versions have a feature that creates debug logs for all emails and is stored in the installation folder.


    "The plugin's folder doesn't have any index.html file, hence, on servers that have directory listing enabled, hackers can find and view the log," said NinTechNet's Jerome Bruandet. He also says that sites still running on these outdated versions the hackers have been able to automate the attacks to identify the admin account and do a password reset.


    Since a password reset involves sending an email with the password reset link to the account, that very email is displayed in the Easy WP SMTP debug log. So, the attacker can grab the reset link and take over the account.


    "This vulnerability is currently exploited, make sure to update as soon as possible to the latest version," Bruandet warned earlier this week on Monday.


    Now there is Easy WP SMTP 1.4.4 which the developers found a workaround for the vulnerability by moving the debug logs into the WordPress logs folder. This is now the second vulnerability as the first one was found back in March of 2019 with the same plugin. 


    That vulnerability allowed backdoors on accounts. While it's an unfortunate situation this time with WordPress 5.5 where it has an auto-update feature, so an admin doesn't need to update it manually. But the question is if those sites are updated and have the auto-update feature enabled.

    Hopefully a good admin who checks and updates regularly enable the auto-update to avoid this plugin mess.

    read more
    less

    Russia is planning to ban social media sites.


    In another day of "Russian government is doing nothing wrong" they want to push a law to block foreign social media sites inside Russia in a way a repercussion for "discriminating" against Russian news outlets operating outside of Russia.Russian Duma (state parliament) with a bunch of...

    In another day of "Russian government is doing nothing wrong" they want to push a law to block foreign social media sites inside Russia in a way a repercussion for "discriminating" against Russian news outlets operating outside of Russia.

    wfe


    Russian Duma (state parliament) with a bunch of lawmakers have been debating on this since of April of this year, the most top platforms are Facebook, Twitter, and Youtube. This is brought up due to Russian news outlets have complained about their information being censored on some of these sites.

    "Media outlets such as Russia Today, RIA Novosti, Crimea 24 were censored. In total, about 20 acts of discrimination were recorded," Russian lawmakers said.

    The acts of discrimination referenced in the draft bill's notes refer to rules introduced at Twitter and Facebook this year, and at YouTube in 2018.

    The three sites have been showing special labels on the profiles of state-affiliated news agencies and have been reducing their visibility for users on the sites by removing their content from recommendation algorithms. As each of these sites have it where on their "Recommended" or "Explore" it hides Russians outlets from popping up unless I personally seek it out.

    Russian lawmakers argue that these rules are "unreasonable restrictions" that "discriminate against materials from the Russian media," and even go as far as "violations of fundamental human rights and freedoms of Russian citizens."

    The new law will give Russian Prosecutor General's Office and the Foreign Ministry the ability to ban these social media sites in Russia.

    As soon the law is passed Russia's telecommunications watchdog, the Roskomnadzor will be ordered to put these sites on a blacklist. Which LinkedIn has been since 2016.

    Russia's legal office found no issues with the law's text and gave the greenlight for further discussions and ratification.

    The Russian government also announced the start of new proceedings against Google for failing to censor up to 30% of "dangerous" content from the search results shown to Russian citizens. So maybe Google will be put on a ban list and I expect a bunch of people to get proxys and VPNs set up.

    read more
    less