Newsletter #1 - March 12, 2024

Author

Aseem Shrey
March 12, 2024

What’s in it for you?

Hello Everyone 👋

This is the first edition of SecureMyOrg newsletter.

With this newsletter, you will find good security articles, insights, tips and tricks, and job posts from around the globe every week in one place so that it helps out anyone who’s looking out for jobs and internships.

⚓️ Who Am I?


Myself, Aseem, I've been a Security Engineer for almost 5 years working with companies like Yahoo, Rippling, Gojek, and Blinkit, building security programs from scratch to building automated security systems, pentesting and red teaming. Been there done that 😎 .

I’ve been teaching people about cybersecurity through my channel HackingSimplified.

So, let's dive right in and explore some of this week's security insights!

🧑‍🏭 Jobs & Internships

  1. Futurism Technologies is searching for a Cybersecurity Intern to monitor security tools and report events to analysts.

  2. Stecktra Technologies is hiring fresh B.Tech/BE graduates for a Microsoft SOC Analyst (L1) role. Prior cybersecurity certifications are preferred but not required.

  3. Immediate joiners are preferred for a SOC Analyst L1 role requiring experience in ‘Wazuh’ at a company in New Delhi.

  4. An Information Security Analyst role is available in Bangalore with a basic understanding of various security frameworks and data privacy.

  5. NTT is looking for a Security Platform Engineer to join their Global CSIRT team and handle security incident response and monitoring.

  6. A highly experienced DevSecOps Tech Team Lead role is needed to manage and secure their software development processes.

  7. SecurityLit, a cybersecurity firm, seeks an experienced Cybersecurity Sales Specialist to generate leads and close deals.

🌎️ International Jobs & Internships

  1. Meta is looking for an Offensive Security Engineer to perform security assessments and improve the overall security posture of the company.

  2. Meta is hiring a Security Engineer to design and build solutions to automate security tasks, improve response to security requests, and increase the maturity of security capabilities.

  3. Wells Fargo is seeking a Senior Information Security Engineer to design, implement, and maintain security systems, investigate security incidents, and provide security consulting.

🔐 Last Week in Cyber Security

Join our Discord to get more news in the Security Domain. 🛡️ 

Russian hackers linked to the SVR breached Microsoft's systems again after gaining access through a legacy account. They stole some source code and are using the information to target other accounts. Microsoft is working with law enforcement and hardening their defenses.

A new version of GhostLocker ransomware is being used in attacks across several continents. It encrypts data and threatens to leak stolen information. The attackers are offering the ransomware as a service and developing new tools.

Source: Dark Reading

Over 225,000 compromised login credentials for OpenAI's ChatGPT were found for sale on the dark web. This highlights the growing trend of attackers targeting access to large language models like ChatGPT.

Facebook Beware: "Snake" Malware Slithers in Through Messages

Here's the scoop on a nasty new trick making the rounds on Facebook. Malicious actors are using messages to spread a Python-based information stealer called "Snake." This snake isn't here to charm you - it's designed to snatch your login details and other sensitive data.

The scam works like this: you receive a message, likely containing a seemingly harmless RAR or ZIP archive. If you open it, you trigger a download sequence that infects your device with Snake. The malware then scrapes your web browsers for goodies, including passwords and cookies.

Researchers believe this attack may be Vietnamese-linked, as the malware targets the Vietnamese Cốc Cốc browser and code snippets contain Vietnamese references. Stolen information is then zipped up and sent off to the bad guys, potentially via Telegram. Facebook cookies are a prime target, suggesting hijacking accounts might be the ultimate goal.

This isn't the first Facebook info-stealing rodeo. The past year has seen similar malware like S1deload Stealer and VietCredCare wreak havoc. This news comes amidst criticism of Meta (Facebook's parent company) for not doing enough to help hacked users.

Be sure to stay vigilant on Facebook! Don't open suspicious attachments, and be cautious of messages from unknown senders.

New Python-Based Snake Info Stealer Spreading Through Facebook Messages

New Python-based info stealer dubbed 'Snake' is leveraging Facebook messages to capture sensitive data, targeting credentials & cookies for malicious

🪲🖥️ 🪲 

Did you know? 🤔 

The first known computer virus, called the Creeper Virus, wasn't malicious. Created in 1971 by Robert Thomas, it was a harmless program designed to spread itself across a network of interconnected computers, simply printing a message that said "I'm a creeper, catch me if you can." This early prank, however, highlighted the potential for viruses to spread and disrupt computer systems, paving the way for the development of cybersecurity measures.

Thanks for Reading! See you next week 👋 

Reply

or to participate.