Newsletter #14 - June 11, 2024

SecureMyInsights

Author

Aseem Shrey
June 11, 2024

SecureMyInsights

Hello Everyone! 👋 
How’ve you been doing in your quest for CyberSecurity?

Ever feel lost in the sea of cybersecurity news? We've got you covered! Whether you're exploring the exciting world of cybersecurity or a seasoned pro, staying in the know is key. One of the best ways to do that is to check out Cybersecurity media channels or attend CyberSecurity gatherings and meet other CyberSecurity professionals.

These resources provide a wealth of information on the latest threats, trends, and best practices. And hey, these are the go-to sources our team relies on to stay sharp, so you know they're good!

🧑‍🏭 Jobs & Internships

  1. The Walt Disney Company is searching for a Cyber Security Engineer who will ensure enterprise-wide security, manage solutions, and incidents, and collaborate across teams.

  2. Wix seeks a SOC Analyst (1+ yrs exp) to monitor security alerts, investigate threats, and respond to incidents (SIEM, big data & automation a plus). US work authorization & on-site work required (hybrid schedule).

  3. Visa seeks a Risk Management Analyst to support IT compliance, audits, and cybersecurity, requiring 2+ years' experience and relevant qualifications.

  4. City and County of San Francisco seeks Cybersecurity Risk Assessment Analyst for DT, hybrid role, assessing cyber risks, with competitive salary and career growth.

  5. Akamai seeks a Sr. Security Analyst (4-6 yrs exp) to monitor security events, investigate threats, & collaborate on security reviews (SIEM, EDR & security best practices a plus). Flex work available (remote-friendly).

🔏 Last Week in Cyber Security

Join our Discord to get more news in the Security Domain. 🛡️

FBI Discovers LockBit Decryption Keys, Encourages Ransomware Victims to Recover Data
The FBI has recovered over 7,000 decryption keys for LockBit ransomware attacks. They're urging past victims to come forward and use these keys to unlock their encrypted data for free. This follows the takedown of LockBit's infrastructure in February, though the group remains active.

XSL Flaw Could Leak Local Files via Malicious Website (Even Without JavaScript)
A researcher discovered a way to exploit XSL (a formatting language for XML) to leak local files from a website, even if JavaScript is disabled. The attack uses a combination of XSL's "unparsed-entity-uri" function and XML External Entities (XXE). By cleverly crafting an XSL file, attackers could potentially steal sensitive information from visitors' devices. This vulnerability highlights the importance of secure coding practices for XML-based languages.

Insecure AI Chatbot Exposed Entire Database and Filesystem
A security researcher discovered a critical vulnerability in an AI chatbot that allowed full access to the underlying database and filesystem. The flaw resided in the chatbot's weak authentication and lack of restrictions on user queries. The researcher was able to run arbitrary SQL queries, including dumping tables and listing directories. This highlights the importance of securing AI chatbots with proper authentication and query validation.

Essential Cyber Security Channels to broaden your knowledge ( that even our team follows! 😉)

CyberSecurity News Outlets, Blogs & Thought Leadership:

  1. Cybersecurity News Outlets: Stay informed about the latest cybersecurity developments by following reputable news outlets.

◾️The Hacker News covers cybersecurity threats including phishing attacks, malware, and vulnerabilities.

◾️CSO Online discusses cybersecurity threats such as ransomware attacks, data breaches, and vulnerabilities in cloud platforms, and offers insights for CISOs.

◾️Dark Reading provides cybersecurity news on recent attacks, vulnerabilities, and best practices.

◾️Bleeping Computer offers cybersecurity news and updates on security vulnerabilities and data breaches.

◾️SecurityWeek delivers cybersecurity news and insights on cyberattacks, data breaches, and vulnerabilities.

  1. Blogs and Thought Leadership: Subscribe to cybersecurity blogs and thought leadership platforms like Krebs on Security, Schneier on Security, and The Hacker News for insightful analysis and commentary on current trends and events.

◾️Schneier on Security offers insights and analysis on cybersecurity issues from security expert Bruce Schneier.

◾️Graham Cluley provides cybersecurity news and advice with a focus on user education and awareness.

◾️Krebs on Security focuses on cybercrime and online scams, with investigative reporting by Brian Krebs.

  1. Vendor Blogs: Many cybersecurity vendors and solution providers maintain blogs and resources on their websites, offering valuable insights into industry trends, threat intelligence, and best practices.

◾️Palo Alto Networks Blog discusses cybersecurity threats and Palo Alto Networks’ solutions, including XDR, Prisma SASE, and Cortex XDR.

◾️McAfee Blog offers cybersecurity news and insights on staying safe online with a variety of products and services from McAfee.

◾️Cisco Blog covers Cisco innovations in AI, security, and networking, including Cisco AI Assistant and Cisco Secure Access Service Edge (SASE).

Attending Industry Conferences and Events:

  1. Cybersecurity Conferences: Attend industry conferences and events to stay updated on the latest research, trends, and innovations in cybersecurity. Many conferences offer both in-person and virtual attendance options.

◾️RSA Conference is a leading cybersecurity conference series offering educational sessions, keynotes, and networking opportunities for security professionals.

◾️Black Hat is a security conference known for its technical presentations, workshops, and hacking demonstrations.

◾️DefCon is a hacker conference known for its unique talks, villages (focused areas on specific topics), and a large community gathering.

  1. Webinars and Virtual Events: Participate in webinars and virtual events hosted by cybersecurity organizations, industry associations, and vendors to gain knowledge and insights from experts in the field without the need for travel.

Virtual Cybersecurity Events 2024: Security Summit online conferences

SecurityWeek’s Security Summit virtual events allow attendees to interact in a online environment to discuss cybersecurity trends and emerging cyber threats

  1. Local Meetups and Chapter Meetings: Join local cybersecurity meetups or chapter meetings of professional organizations to connect with peers, share knowledge, and discuss relevant topics in a more intimate setting.

◾️ISC² is a nonprofit that offers widely recognized cybersecurity certifications, including the CISSP.

◾️ISACA is a nonprofit providing certifications and resources for information security, IT governance, risk management, and audit professionals.

◾️OWASP stands for Open Web Application Security Project. It's a nonprofit community providing free resources and tools for developers to build secure web applications.

Networking with Other Cybersecurity Professionals:

  1. Professional Networking Platforms: Connect with other cybersecurity professionals on professional networking platforms such as LinkedIn and participate in relevant groups and discussions to exchange ideas, share resources, and build relationships.

  2. Online Communities: Engage with online communities and forums dedicated to cybersecurity, such as Reddit's r/netsec and Information Security Stack Exchange, to seek advice, collaborate on projects, and stay updated on industry trends.

  3. Mentorship and Peer Learning: Seek mentorship opportunities or informal peer learning groups within your organization or professional network to learn from experienced professionals and expand your knowledge and skills.

We'd love to hear from you too!

Share your favorite cybersecurity resources or any interesting trends you've come across in the survey below. Until next time, stay safe and secure! This concludes our Tuesday session, but the learning never stops!

See you again soon.

Reply

or to participate.