Newsletter #18 - July 16, 2024

SecureMyInsights

Author

Aseem Shrey
July 16, 2024

CyberSecurity 101

Hello everyone! 👋 
We appreciate your continued interest in our newsletter.

To further broaden your knowledge in cybersecurity, we want to share some essential readings with you. The right resources can significantly enhance your knowledge and skills. Here’s a curated list of some of the best books on cybersecurity and hacking that are must-reads for anyone serious about protecting digital assets and understanding the mindset of hackers.

🧑‍🏭 Jobs & Internships

  1. CertiK seeks security research interns to develop analysis tools and publish findings. Pursuing a Master's or PhD in Computer Science or Cybersecurity is required.

  2. Randstad Digital seeks a Junior Security Analyst in San Antonio, Texas. Responsibilities include IAM tools, ServiceNow, and Excel proficiency.

  3. blueStone Recruiting seeks a Cyber Security Operations Analyst for a government client. Responsibilities include vulnerability scanning, web app security, and adherence to federal standards like FedRamp and NIST.

  4. Burton seeks a temporary Cyber Security professional in Burlington, VT, focusing on endpoint security monitoring and threat response. Ideal for those pursuing degrees in Computer Science or Information Security.

  5. TEKsystems seeks a remote Security Engineer (EST preferred) for a 3-6 month contract, likely extending. Responsibilities include automating phishing programs, improving MS Defender Email security, and enhancing team communication.

🔏 Last Week in Cyber Security

Join our Discord to get more news in the Security Domain. 🛡️

Security Research Unveils Critical ServiceNow Vulnerabilities
Security research on ServiceNow revealed severe vulnerabilities due to cloud-based instances' external accessibility, sensitive data hosting, and proxy server (MID Server) configurations. Exploiting these flaws allows full database access and command execution on MID servers. CVEs assigned: CVE-2024-4879, CVE-2024-5178, CVE-2024-5217

Executing Code Universally through Message Chaining in Browser Extensions
The article explores chaining messaging APIs in browser extensions to achieve universal code execution, bypassing Same Origin Policy and browser sandbox. It details vulnerabilities in extension content scripts and background scripts, demonstrating potential exploits via postMessage and native messaging, affecting millions of users. Automated detection methods are proposed for scalability.

GitHub Actions Vulnerabilities: Risks of Untrusted Inputs
In our recent deep dive into GitHub Actions, we dissected the mechanics and security vulnerabilities of its workflows. We detailed three critical misconfigurations, each illustrated by real exploits found in popular projects like Microsoft, AutoGPT, and Apache. These flaws can grant attackers write access or extract sensitive secrets, emphasizing the need for robust security measures.

Top Cybersecurity and Hacking Books You Should Read

1. "The Web Application Hacker's Handbook" by Dafydd Stuttard and Marcus Pinto

Essential for understanding web application security. Covers the latest techniques for attacking and defending web applications with practical examples and case studies.

2. "Hacking: The Art of Exploitation" by Jon Erickson

Provides a solid foundation in hacking, covering programming, shellcode, debugging, and cryptography. Includes a LiveCD for hands-on learning.

3. "Metasploit: The Penetration Tester's Guide" by David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni

An in-depth introduction to the Metasploit Framework. Guides you through real-world penetration testing scenarios, from information gathering to post-exploitation.

4. "Social Engineering: The Science of Human Hacking" by Christopher Hadnagy

Explores the psychological aspects of hacking. Teaches techniques used by social engineers and strategies to counter these attacks.

5. "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software" by Michael Sikorski and Andrew Honig

Covers tools and techniques for malware analysis. Includes hands-on labs and real-world examples for practical learning.

6. "Black Hat Python: Python Programming for Hackers and Pentesters" by Justin Seitz

Focuses on using Python in hacking and penetration testing. Covers writing network sniffers, manipulating packets, and creating trojans.

7. "Cybersecurity and Cyberwar: What Everyone Needs to Know" by P.W. Singer and Allan Friedman

Provides a broad understanding of cybersecurity and cyber warfare. Explains how cyber attacks happen, who conducts them, and their implications on national security.

Best Cyber Security and Ethical Hacking Books You Must Read

Discover the 18 best Cyber Security & Ethical Hacking Books which can help you get started in the field of cybersecurity. Read on!

A lot of research and thought comes into making these books that are filled with great information and knowledge and can certainly level up your game. Now, these books can be pricey and we can’t blame them. They’re filled with value and have been proven with time.

But here’s a few more ebooks on cybersecurity that won’t cost you anything:

Download Cyber Security eBooks | Simplilearn

Get access to our Cyber Security free eBooks created by industry thought leaders and get started with your certification journey.

My Book on Cybersecurity and AI is Now Free

Steve with the hard copy on the RSA show floor I was excited to share my book Cybersecurity and Artificial Intelligence: Threats and Opportunities with everyone at the RSA Conference this past week. We quickly used up the first print run, but I've had many more people ask how they can still get a co

Here is our very own comprehensive guide on building your own secured cloud while using open source tools saving you thousands of dollars in the bank.

Securing Your Cloud

The open source advantage. Learn how to secure your cloud without breaking the bank. Unlock accessible cloud security and discover open-source tools,cost analysis,and other ways to strengthen cloud security.

💡 Did you know? 💡 

In 2017, a ransomware attack known as WannaCry affected more than 200,000 computers across 150 countries. The attack exploited a vulnerability in the Windows operating system, known as EternalBlue, which was developed by the U.S. National Security Agency (NSA) and leaked by a hacker group called the Shadow Brokers. WannaCry encrypted files on infected machines and demanded ransom payments in Bitcoin for their release.

This incident highlighted the importance of regularly updating software and applying security patches to protect against vulnerabilities.

Reading these books will enhance your technical skills and broaden your understanding of cybersecurity. Whether defending against threats or understanding hackers, these resources offer valuable insights and practical knowledge. Happy reading, and stay secure!

Reply

or to participate.