Hackers have stolen $12.38 million in cryptocurrency from LastPass users this month, leveraging data from a 2022 breach that compromised sensitive data that included customer vault information, according to crypto investigator ZachXBT. The theft of nearly 150 addresses, with funds quickly converted and moved, highlights the enduring impact of the 2022 breach.

Is this the same LastPass that someone in the CIN community recommended to me when I posted a query about password managers????

CAPP told me to reach out to my account manager but I havent been able to get a hold of him

Hello CINners,

I forgot about the requirement to change the CIN password.
I have been agonizing about this since I learned that it was
coming down the road.

Anyway, I just wanted to alert anyone, who may have had
plans to use the password "P@ssword1234", I've taken
that one already. Sorry - first come, first serve!!! Of course,
like so many others things, I'm willing to sell it for the right
price: $250 starting

Thank you for your understanding.

Old CASP+ certs will be rebranded SecurityX on December 17, 2024​

CompTIA CASP+ Name Change

CompTIA Advanced Security Practitioner (CASP+) name will be renamed to SecurityX December 17, 2024.

CompTIA Advanced Security Practitioner (CASP+) will be renamed to SecurityX on December 17, 2024. The name change will not affect your CASP+ certification. You will automatically receive the rebranded SecurityX badge and can download a new certificate and transcript in CertMetrics. This update emphasizes the advanced (i.e. “Xpert”) level of the certification.

Hackers are threatening as early as this week to release the personal information of potentially
hundreds of thousands of Rhode Islanders connected with RIBridge, the state’s health and
social services system that suffered a cyberattack on Dec. 5, 2024.


You would think that a government entity, that has financial resources for technology and personnel,
would be able to keep hackers at bay. Apparently not! This is just one of the latest in breaches of
a government (local, county, state, federal) entity.

We're at war, and no one's invincible!

Are you passionate about empowering adult learners to achieve their professional goals? Academy of Hope (AoH) Adult Public Charter School is seeking dynamic and experienced instructors to build our workforce programs. Looking for CompTIA certified instructors to teach CompTIA Tech+ and CompTIA A+.

The address can be found at their website. https://aohdc.org/ The position is a hybrid (mainly remote with occasional on-site labs (one or two times a month)) but we will consider fully remote teachers for the right candidate. Two locations Ward 5 (Northeast site: 2315 18th Place, NE) and Ward 8, (421 Alabama Avenue, SE). This is part of the workforce development program. Preference is given for instructors located in the area.

As an instructor in our workforce program, you’ll work in a supportive, mission-driven environment dedicated to transforming lives through education. Each role requires subject matter expertise, the necessary industry-standard qualifications, and a commitment to guiding and supporting students in reaching their career milestones.

Day and Night Positions available. The frequency is four days a week Monday to Thursday from 1030 to 1400 hrs or 1800 to 2100 hrs. There is some flexibility and does depends on needs of the organization. Courses run for the duration of a Fall/Winter or a Spring terms.

Instructor Responsibilities​

Each instructor is responsible for delivering high-quality, engaging instruction tailored to adult learners in their respective subject areas. Core responsibilities include:

• Planning and Preparation: Develop lesson plans, classroom activities, and resources that align with AoH’s curriculum standards and prepare students for industry-specific certification exams.
• Instruction and Student Support: Deliver hands-on and theoretical instruction that builds critical skills and knowledge. Create an inclusive learning environment that encourages student engagement, participation, and success.
• Assessment and Testing: Administer tests and practical exams to evaluate student progress and competencies. Provide constructive feedback and guidance to help students improve.
• Attendance and Progress Monitoring: Record and monitor attendance, providing necessary support to students to maintain high attendance and engagement levels.
• Classroom Management: Foster a respectful and organized learning environment to facilitate positive learning experiences for all students.
• Student Assistance: Offer academic and career counseling within your subject area, providing students with pathways to certification, further education, and employment opportunities.

Qualifications​

Scope of Work and Education Requirements​

While not required, preference will be given to instructors living in the Washington, DC and surrounding region.

CompTIA Tech+ (ITF+) and A+ Instructor

• Responsibilities: Provide foundational and advanced IT skills training, covering computer hardware, software, troubleshooting, networking, and cybersecurity essentials.
• Education Requirements: Must have CompTIA Tech+ and/or A+ certification (depending on the course level) and a minimum of an associate degree in Information Technology or Computer Science. Instructional experience is preferred. Working in the IT field and having real-world experience is a plus.

Why AoH?​

Join a dedicated community that values lifelong learning and gives students the tools they need to succeed. AoH offers competitive compensation, a collaborative work environment, and the chance to make a meaningful impact on adults working toward career growth and personal development.

<APPLY HERE> https://www.paycomonline.net/v4/ats...79&clientkey=421781097AE0D0B6241B18F83BF15054

Hello CINners,

I use Chrome and Edge routinely for my web browser needs.

If you use either one of these browsers, what security features
are indigenous in each of these browsers, that can be configured
to offer me the ultimate security protection?

No opinions please - just facts!!!

Hi CINers,

Any information regarding a TTT for PenTest+ 003. I haven't received any emails regarding it. Since it will officially launch on 12/17, I was wondering if any official updates were sent from CompTIA.

Thanks.
Brandon

Dear all,
Please, I am looking for some instructor materials for the A+ course. But I am unable to find it.

Anything will help to deliver- PPTs, Ebooks, labs, demos;s.

Please can anyone help me with that?

Technical skills such as penetration testing, vulnerability scanning, and incident response are essential for success in the field of cybersecurity. But soft skills—like critical thinking, problem solving, reporting, and communication—are sometimes undervalued despite being just as crucial.

How do you support your students in acquiring soft skills in addition to their technical knowledge?

What tasks do you include in your curriculum?

How you manage to develop well-rounded cybersecurity professionals is something I would really like to hear about.

The set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment.


Your Answer:

We're looking for experienced trainers/mentors to join our team and teach a variety of CompTIA IT / Cyber / Cloud / PMP / CSM / Azure certification courses, including:

• CompTIA A+
• Network+
• Security+
• Cloud+
• PenTest+
• CySA+
• PMP
• ITIL
• Scrum
• Azure

About Us
We are a well-established post-secondary tech training school located in Tampa, FL. Our mission is to empower students to achieve their tech career goals. With consistent cohorts throughout the year, we provide a supportive and flexible teaching environment providing consistent teaching gigs throughout the year. This assignment would be contract work, part time. Active certification maintained through CEU's works or certified in the latest version of the above certifications. No degree required. No clearance is necessary but would be a bonus. Local trainers would be ideal and training is remote. We are in FL so Eastern Standard Time. Language would be English.

What We're Looking For

• Experienced Instructors: Prior hands on experience in the field as well as teaching, training, and mentoring experience in all of the above.
• Certifications: Must hold current certifications in what you will be teaching.
• Flexibility: Local trainers are preferred but delivery is remote for the right candidate and can work around your schedule as we have day and evening cohorts
• Engaging Educators: Trainers who can inspire and guide students, ensuring strong engagement and high pass rates as well as job placement rates.
• Looking for our trainers to be part of our team for the long haul. I will always try to keep the gigs coming!
• If you can bring your ideas to the table to make processes better, classes engagine and outcomes for students more successful, let's talk.

Why Join Us?

• Flexible Scheduling: Work around your other gigs or commitments.
• Competitive Pay: Starting at $30/hour with opportunities for increases/bonuses based on performance, student engagement, after class attention to student needs, pass rates and job placement rates. Time can be spent assisting the school in process improvements, new ideas to attract new students and provide successful outcomes for all.
• Future Growth Opportunities: We’re expanding our course offerings in 2025 to include ITIL, Scrum, and PMP, Azure and end of 2025 looking at adding AWS, CISM, CISSP, CASP. If you’re certified in these areas, we’d love to chat!

Next Steps
If you’re interested in being part of our team or would like to learn more, please reply.

We look forward to hearing from you!

Human error contributes to 68% of data breaches, according to Verizon’s 2024 Data Breach Investigations Report.

Watcha think CINners? Higher? Lower? On the money?

If higher or lower, give me a number!!!


Happy Marvelous Monday!!!!

Hello CINners,

I wanted to throw a little something in the direction of your networking types, to
see where you are with a certain subject. Got a couple of questions:

Question 1: What are the three (3) main ways to deploy VXLAN?


Question 2: When deploying VXLAN, the method used is based on what?



Whatcha got CINners????

Hello CINners,

No, I ain't talking about Disaster Recovery - not that DR. My focus in this post in on
Detection and Response.

In cybersecurity, we got all these DRs that adding more and more weight to the barbell:
- EDR - a single-point security tool; focusing solely on endpoint device protection
- NDR - focusing on network-level threat detection; specifically monitors network traffic for suspicious activity
- MDR - a service offering; a managed service that includes threat detection and response capabilities; often
built on top of EDR
- TDR - Threat Detection and Response; two most common uses: endpoint TDR and analytical TDR
- XDR - provides a unified view across multiple security layers, like endpoints, networks, and cloud; integrates
various security data sources

Okay, most of you already know about these DRs. I only stopped today to ask if any of these appear in the
objectives of the CompTIA cert exams.

As always, thanks for your time!!!

Despite its strength, OSINT must always be used in an ethical manner. For instance, how can we make sure students learn the distinction between ethical, legal research and intrusive or illegal conduct while we are educating them about reconnaissance techniques?

1. When teaching OSINT, what moral conundrums have you encountered?
2. How can the responsibility associated with this knowledge be made clear to students?

I'd love to know how you tackle this crucial subject!

𝐒𝐭𝐫𝐞𝐧𝐠𝐭𝐡𝐞𝐧𝐢𝐧𝐠 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲: 𝐓𝐡𝐞 𝐆𝐫𝐨𝐰𝐢𝐧𝐠 𝐑𝐨𝐥𝐞 𝐨𝐟 𝐈𝐝𝐞𝐧𝐭𝐢𝐭𝐲 𝐚𝐧𝐝 𝐀𝐜𝐜𝐞𝐬𝐬 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 (𝐈𝐀𝐌) 𝐒𝐨𝐥𝐮𝐭𝐢𝐨𝐧𝐬

The identity and access management market size was valued at USD 15.93 billion in 2022 and is projected to expand at a compound annual growth rate (CAGR) of 12.6% from 2023 to 2030.

Identity and access management (IAM) assures that the appropriate person and job position (identities) in an organization have access to the tools they need to perform their duties.

The rising cases of fraudulent and cybercrime activities are driving organizations to implement IAM systems as a result of the rapid adoption of the cloud and the advancement of new technologies. IAM uses identity analytics and intelligence to monitor unusual user account activity.

𝐈𝐝𝐞𝐧𝐭𝐢𝐭𝐲 𝐚𝐧𝐝 𝐀𝐜𝐜𝐞𝐬𝐬 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 (𝐈𝐀𝐌)
➼Single Sign-On (SSO)
➼Multi-Factor Authentication (MFA)
➼Role-Based Access Control (RBAC)
➼Privileged Access Management (PAM)
➼Adaptive Authentication
➼User Activity Monitoring

𝐄𝐧𝐝𝐩𝐨𝐢𝐧𝐭 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲
➼Antivirus and Anti-Malware Protection
➼Endpoint Detection and Response (EDR)
➼Device Compliance Management
➼Mobile Device Management (MDM)
➼Patch Management
➼Disk Encryption

𝐍𝐞𝐭𝐰𝐨𝐫𝐤 𝐌𝐢𝐜𝐫𝐨-𝐒𝐞𝐠𝐦𝐞𝐧𝐭𝐚𝐭𝐢𝐨𝐧
➼Virtual LAN (VLAN) Segmentation
➼Software-Defined Perimeter (SDP)
➼Firewall Policies for Micro-Segmentation
➼Zero Trust Network Access (ZTNA)
➼Virtual Private Cloud (VPC) Segmentation
➼Micro-Segmented Zones for IoT Devices

𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲
➼Web Application Firewalls (WAFs)
➼API Security
➼Runtime Application Self-Protection (RASP)
➼Application Vulnerability Scanning
➼DevSecOps Integration
➼Container Security

𝐃𝐚𝐭𝐚 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐚𝐧𝐝 𝐄𝐧𝐜𝐫𝐲𝐩𝐭𝐢𝐨𝐧
➼Data Encryption at Rest and in Transit
➼Data Loss Prevention (DLP)
➼Access Control Policies for Sensitive Data
➼Data Masking
➼Cloud Data Security Solutions
➼File-Level Encryption

𝐓𝐡𝐫𝐞𝐚𝐭 𝐈𝐧𝐭𝐞𝐥𝐥𝐢𝐠𝐞𝐧𝐜𝐞 𝐚𝐧𝐝 𝐀𝐧𝐚𝐥𝐲𝐭𝐢𝐜𝐬
➼Security Information and Event Management (SIEM)
➼User and Entity Behavior Analytics (UEBA)
➼Threat Intelligence Platforms
➼Intrusion Detection and Prevention Systems (IDPS)
➼AI-Powered Threat Detection
➼Automated Incident Response
➼Identity Governance
➼Directory Services
➼User Lifecycle Management
➼Behavioral Analytics







Now, I understand a little more as to why IAM in a part of the new SecurityX cert exam objectives!!!

Is this a legitimate Certmaster site?


I was looking for Spanish language A+ material for some of my ESL students & this popped up. There is no info in their About Us page, & their mission describes "...Indochina ICT's CertMaster programs..." . The web site certificate looks valid, but I'm used to using Certmaster products on a Comptia.org site. Don't know if this is a spin off from the buy out? If it's not legit can anyone point me to any Spanish, French, Arabic, Ukranian, Russian materials that I can use to supplement TestOut PC Pro for adult A+ ESL students?

Hello CINners,

Based on what you know about the new SecurityX exam, out of 100 persons, having nothing more than user-level knowledge, how many do you feel would be lucky enough to attain a passing score on that exam?

Now, keep in mind that these persons have almost zero knowledge in the area of cybersecurity. In fact, to put their knowledge in some meaningful context, let's say that they are folks who bring home their new router from Xfinity (or whomever), and don't know that it's a GREAT idea to change the default password for the admin account. Yeah, at that level

Anyway, give me a number. There's no right or wrong - just your number. I'm going somewhere with this, but not in this post!

Thanks CINners

Hello CINners!! This is a Public CINner Announcement (PCA)! Login detour ahead!! Next Wednesday, December 18th, when you log into CIN, you will be required to reset your password! This will be a one-time request.

Why?

I am super excited about what is coming in 2025 with the CIN community! CompTIA has noticed how great you CINners are and wants to expand the community and services! We will be making major changes to our community, making it easier to connect with your CompTIA contacts, get access to tech support, find answers to your questions about products, provide more resources and more. We will even see changes coming to the look and feel for our community, new forums, and a lot of new badging and engagement opportunities!

However, as we know, with progress comes a lot of construction. Our first step is moving off our existing authentication platform. This move will come next Wednesday. We will move your CIN data, however, passwords do not move. That is why you will be asked to reset your password when you log in.

IMPORTANT NOTE! This will NOT affect your CompTIA SSO or access to other CompTIA Services! This is just for CIN access. CIN authentication will stand-alone event for the duration of the construction.

CompTIA's IT Industry Outlook 2025 presents educators and IT professionals with both exciting prospects and difficulties. Highlights are as follows:

1. AI Costs vs. Potential: While AI increases productivity, it also presents issues with cost, cybersecurity, and privacy. Give students the tools they need to control AI risks and ROI.

2. Workforce Upskilling: 66% of businesses want to provide cybersecurity, software, and data analytics training to their staff. compared to 59% in 2024. To close the skills gap, practical training is essential.

3. Growing Cyberthreats: Stronger frameworks and stricter MSP controls are essential. Utilize realistic simulations in the Security+ and Pentest+ labs.

4. Flexibility in IT: Greater work-life balance and prospects for career advancement are brought about by the high demand for IT talents.

5. Collaborations Are Important: 90% of businesses collaborate to handle complexity. Emphasize teamwork and how it fosters creativity.

Read More: CompTIA IT Industry Outlook 2025

What trends resonate with you, and how are you preparing students for the future of IT?

Hey CIN-ners,

I took the A+ Core 1 220-1101 exam yesterday and wanted to "share" a question which I thought I was interesting. The problem based question showed an WAP and the back of a patch panel and the question was to select what cable you would use to connect the two. Looking at this question, I immediately thought to myself, "Who would connect an WAP directly to the back of the patch panel?" I saw my cable choices and went with an RJ-45 straight through to a stripped Cat 5e to punchdown in the back of the patch panel. Just wondering if the SMEs in here can shed a little light on this interesting question because if I'm teaching in my A+ class - you connect an AP to a switch and A+ is telling me otherwise..... this question could be the difference between someone passsing and failing.

Appreciate your insights, comments, etc.....

-Jason Perretta
IT Instructor (A+/Net+) Dunbar High School
Fort Myers, FL

Hello CINners,

My guess is that the majority of web browser users make use of one of the
following browsers on a regular basis:
- Chrome
- Firefox
- Internet Explorer

Question? Whatever browser you use, why is it your preference?

Thank you CINners!!!

Hello CINners,

Is the MITRE ATT&CK Framework a part of the objectives of any CompTIA exam?

Cybercriminals no longer need to be tech geniuses to bypass your MFA—they just need $200.

A new phishing kit is making waves in the cybercrime world, offering attackers everything they
need to intercept MFA tokens, steal session cookies, and gain unauthorized access to your systems.
The worst part? Many organizations still rely on phishable factors, like SMS codes or OTPs.

Here’s what you need to know:

• These kits mimic legitimate login portals, intercept MFA tokens in real-time, and hijack sessions without detection.
• Weak MFA like SMS are easily phishable—giving attackers access to interconnected systems through a single breach.
• Organizations should act now to classify, strengthen, and enforce phishing-resistant MFA solutions.

Just when you thought MFA provided a piece to the secure assurance puzzle - now this!

Okay folks, I'm not attempting to cause a global panic. As usual, I'm just a messenger!!!
You've been informed!