- SecureMyOrg - Security From Around The Globe
- Posts
- Newsletter #12 - May 28, 2024
SecureMyInsights
Greetings, dear readers! ππ₯°
We trust you're enjoying the valuable insights in our newsletter so far. This week, we're thrilled to launch a brand new segment β SecureMyInsights!
Within SecureMyInsights, we'll be your one-stop shop for all things open-source security. We'll be equipping you with practical tips and tricks, while also showcasing the best open-source security tools and communities. Buckle up β SecureMyInsights is designed to expand your security knowledge and empower you to take your security posture to the next level!
π§βπ Jobs & Internships
Disney+ Hotstar seeks a Senior Security Engineer (4-6 yrs experience) for web/mobile/cloud security assessments & threat modeling
Atlassian seeks a Senior Product Security Engineer (5+ yrs exp) to build security tools, collaborate with engineers on secure software development, and implement cloud security
Barry-Wehmiller seeks a Security Analyst (3+ yrs exp) to monitor their network, resolve/report any incidents, and configure centralized logs and alert management system
Google seeks a Security Analyst (1+ years experience) to monitor security systems, analyze threats, and automate security workflows (experience with programming/data analytics a plus).
HPE seeks an Application Security Engineer (5+ years experience) to conduct security assessments, collaborate with developers on secure coding, and perform security testing.
π Last Week in Cyber Security
Join our Discord to get more news in the Security Domain. π‘οΈ
Google Chrome Hit Again! Update Now to Patch Actively Exploited Zero-Day (CVE-2024-5274)
Google Chrome has a new security update to fix a critical vulnerability (CVE-2024-5274) that hackers are actively exploiting. This is the 8th zero-day vulnerability patched by Google this year and the 3rd one this month. Google recommends updating Chrome to version 125.0.6422.112/.113 (Windows/Mac) or 125.0.6422.112 (Linux) as soon as possible.
Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms
Researchers found a critical memory corruption vulnerability in Fluent Bit, a popular cloud logging tool used by major organizations and cloud providers like AWS, Microsoft, and Google Cloud. Named "Linguistic Lumberjack" by Tenable, the flaw in its HTTP server can cause denial of service, data leakage, or remote code execution, highlighting the need to scrutinize core cloud software components.
GitHub Fixes Maximum Severity Flaw in Enterprise Server
GitHub has patched a critical authentication bypass vulnerability (CVE-2024-4985) in its GitHub Enterprise Server (GHES), scoring a maximum CVSS of 10. Discovered via GitHub's Bug Bounty Program, the flaw affects all GHES versions before 3.13.0, but only those using optionally encrypted assertions and SAML SSO. The patch is available in GHES versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4.
Level Up Your Cybersecurity Defense: Online Courses, Tutorials, and Learning Platforms
The cybersecurity landscape is constantly evolving, and staying ahead of the curve requires continuous learning. Luckily, there's a wealth of online resources available to fortify your knowledge and develop practical skills. Whether you're a seasoned professional or just starting, this section will equip you with the tools to elevate your cybersecurity game.
Free Resources:
YouTube: A treasure trove of free cybersecurity content exists on YouTube. Channels like Cybrary, HackerSploit, IppSec, John Hammond, and NahamSec offer comprehensive video courses on various cybersecurity topics.
Check out our channel too where we share with you the best hacking tips and practices ποΈ
MOOCs (Massive Open Online Courses): Platforms like Coursera and edX provide free introductory courses on cybersecurity fundamentals, network security, and ethical hacking.
Paid Platforms:
Udemy: With a vast library of affordable courses, Udemy caters to all learning styles. Find in-depth video lectures, practical exercises, and certifications to validate your acquired skills.
SANS Institute: A leader in cybersecurity training, SANS offers high-quality, instructor-led courses that delve into advanced security concepts and prepare you for industry-recognized certifications.
Cybrary: Apart from having a YouTube channel, they also have a dedicated platform for cybersecurity training.
Beyond Courses:
Blogs and Articles: Stay updated on the latest threats and trends by following reputable cybersecurity blogs like Krebs on Security or SecurityWeek. You can also check out PentesterLand Writeups for writeups submitted by the cybersecurity community.
Podcasts: Listen to cybersecurity experts discuss industry news, vulnerabilities, and best practices while on the go. Popular choices include The CyberWire and Risky Business.
Remember:
Choose the right fit: Consider your learning style, budget, and career goals when selecting resources.
Hands-on approach: Look for courses that offer practical exercises and labs to solidify your understanding.
Stay updated: The cybersecurity domain is dynamic, so commit to continuous learning to stay on top of emerging threats.
Open-Source Security Tools and Communities:
Open-source security tools and communities empower us by providing free, collaborative resources for learning, testing defenses, and staying informed about the latest threats. This offers a cost-effective alternative to paid tools, fostering a transparent development process that can often lead to faster vulnerability detection and patching.
Some of these are:
OWASP (Open Web Application Security Project): A nonprofit organization dedicated to improving the security of software, OWASP offers free resources, tools, and community-driven projects focused on web application security.
Metasploit Framework: An open-source penetration testing tool that enables security professionals to discover, exploit, and validate vulnerabilities in networks and systems.
Snort: An open-source network intrusion detection and prevention system (IDS/IPS) that can analyze network traffic and detect suspicious activities and threats.
We featured Snort on our blog, be sure to check it out!
Kali Linux: A popular Linux distribution for penetration testing and digital forensics, Kali Linux comes pre-installed with numerous security tools and utilities for ethical hacking and security assessments.
Naabu: Naabu is an open-source port scanner developed by Project Discovery. This is faster than nmap, so can be run prior to running it to increase the scan speed.
π‘ Did You Know ?π‘
During the WannaCry ransomware attack of 2017, a young British cybersecurity researcher named Marcus Hutchins, then working for a small security firm, discovered a "kill switch" accidentally embedded in the malware's code.
This free, publicly available information (the kill switch) helped stop the spread of the attack and potentially saved businesses and organizations billions of dollars.
The event highlights the importance of free and collaborative efforts in cybersecurity defense.
These free cybersecurity resources offer valuable opportunities for learning, skill development, and community engagement. Whether you're a beginner looking to explore the fundamentals or an experienced professional seeking to stay updated on the latest trends and technologies, there's something for everyone in the vast landscape of free cybersecurity resources.
Bonus Tip: Our newsletter will keep showcasing the latest news and articles in the security sector and feature job listings as well as articles that will help you in your pursuit of cybersecurity. See you next Tuesday!
Reply