- SecureMyOrg - Security From Around The Globe
- Posts
- Newsletter #3 - March 26, 2024
Newsletter #3 - March 26, 2024

CyberSecurity 101
This week, we'll lay the groundwork for your cybersecurity journey by exploring core IT concepts that underpin the field. Think of it as building a strong house ποΈ β you need a solid foundation before adding the exciting features!
π§βπ Jobs & Internships
Bugcrowd is looking for a Junior Security Engineer to assist with various security tasks including penetration testing and incident response.
Microsoft Edge is seeking passionate security engineers to find vulnerabilities and build fuzzers to improve browser security.
Aexonic needs a remote Information Security Manager to develop, implement, and manage their information security program.
Synclature is hiring a Penetration Tester with experience in network, web application, and mobile app security assessments.
This company is looking for a Vulnerability Management Service Delivery Manager to manage the vulnerability management lifecycle and lead penetration testing projects.
π Last Week in Cyber Security
Join our Discord to get more news in the Security Domain. π‘οΈ
Lucky Break! Sentry Logs Lead to Potential SSRF Vulnerability
A security researcher stumbles upon a potential SSRF vulnerability in their project after reviewing Sentry logs captured in their proxy. The identified configuration issue could grant attackers a chance to exploit the system. The article details the discovery process and a responsible disclosure to the security team.
TRACE to the Rescue! Exploiting an HTTP Desync Vulnerability
A researcher bypassed limitations in a standard HTTP/2 desync exploit by using the TRACE method. TRACE, an old and often-ignored method, reflected headers that could be used to poison the application cache. This clever technique highlights the importance of considering unconventional methods in security testing.
New "Loop DoS" Attack Turns Servers Against Each Other in Endless Data War
A new denial-of-service attack, "Loop DoS," exploits flaws in UDP-based protocols to create an infinite loop of messages between servers. By spoofing IP addresses, attackers can trick servers into bombarding each other with data, causing outages. Researchers warn that hundreds of thousands of devices are vulnerable, urging users to update software and filter spoofed traffic.
Building a Cybersecurity Foundation ποΈ
Core IT concepts are the fundamental building blocks of information technology (IT). Understanding these concepts is essential for anyone who wants to work in cybersecurity, or simply navigate the digital world more confidently.
π½
π’ Networking: How devices talk & share info on a network. Think routers, switches & secret languages for communication. Cybersecurity needs strong networking knowledge to protect data flow and fight threats.
Routers, Switches: Think of them as traffic directors, guiding data on networks.
Protocols: The secret languages devices use to talk to each other.
π½
π’ Operating System (OS): The software that acts as the maestro of your computer, orchestrating all its resources. The OS controls how everything works together, from managing memory and storage to running applications and interacting with devices. It's the essential middle layer between you and the computer's hardware.
Windows, macOS, Linux: Understanding these popular operating systems is helpful for cybersecurity.
π½
π’ Programming Basics: While you don't need to be a coding wizard, understanding programming fundamentals can help you grasp how attackers exploit software vulnerabilities.
Is Programming Language a part of the basics?
No, programming languages aren't inherently part of the absolute basics of cybersecurity. The core focus is understanding how systems work, data flows, and security principles. These can be grasped without deep coding knowledge. While some cybersecurity roles benefit greatly from programming (like malware analysts), others, like those in network security or user education, can excel with a solid grasp of core IT concepts and security fundamentals.
Variables: Like labeled boxes that hold data (numbers, text) for easy use in programs.
If statements: Make choices! Check a condition (true/false) and run different commands based on the answer.
Loops: Repeat tasks! Do something a certain number of times or until a condition is met (like watering plants daily).
Functions: Mini-programs within a program, designed to tackle specific tasks (like checking password strength).
π½
π’ Hardware: The physical parts of your computer (CPU, RAM, storage, etc.) like its body. Not essential for cybersecurity basics, but helpful for troubleshooting.
While not directly related to cybersecurity, hardware knowledge helps with troubleshooting.
π½
π’ Software: The instructions that tell your computer what to do (applications, operating system). Think of it as the brain telling the body (hardware) what to accomplish. Understanding different software types helps you see how they can be targeted by attacks.
π½
π’ Data & Databases: Data is the raw information your computer processes (numbers, text, etc.). Databases are organized filing cabinets for storing this data efficiently. Securing data management principles is crucial for protecting sensitive information.
Data: Examples include personal info (names, addresses) and financial records (bank accounts, credit cards). Protecting this data is key to prevent theft or fraud.
Databases: E-commerce platforms and social media rely on databases to store product info, user details, and more. Strong security protects user privacy.
π½
π’ Security Fundamentals: are the essential building blocks for safeguarding your information and systems from cyber threats. They form the foundation for a strong cybersecurity posture.
Access Control: Who can see/use your information?
Encryption: Scrambling your data to make it unreadable to unauthorized users.
Firewalls: Like security guards, they monitor and filter incoming traffic to your computer.
Cyber Threats: Understanding different types of attacks (viruses, malware, phishing) helps you stay vigilant.
By understanding these core concepts, you'll build a strong foundation for navigating the digital world and protecting yourself online!

The CIA Triad
βοΈ π π π
Risk Management: Your Cybersecurity Shield
Cybersecurity is like navigating a dark forest - you need a plan! Risk management is your shield, helping you identify, analyze, and fight off cyber threats to your data. Here's the gist:
β οΈ Identify Threats: Know your enemies - malware, phishing, data breaches.
ποΈ Analyze Risks: Not all threats are equal. Rank them by likelihood and impact.
π¦Prioritize & Mitigate: Focus on the biggest threats with security controls (firewalls, strong passwords) and user training.
π₯ Monitor & Adapt: The forest keeps changing, so keep your defenses updated!
Effective risk management is crucial for:
Individuals: Protecting your personal data and devices from cyberattacks.
Businesses: Safeguarding sensitive information and ensuring operational continuity.
Next week, we'll dive deeper into specific areas of cybersecurity, building upon the foundation you've established this week.
Reply