Newsletter #7 - April 23, 2024

Author

Aseem Shrey
April 23, 2024

CyberSecurity 101

In the ever-evolving world of cybersecurity, encryption stands as a cornerstone of data protection. πŸ›‘οΈ

This week, in our "Cybersecurity 101" series, we delve into the fascinating realm of encryption, exploring different types and their uses. πŸ” We'll unlock the secrets of Public Key Infrastructure (PKI) and digital certificates, and shed light on how data is secured at rest and in transit. πŸ”€πŸŒ

Buckle up as we equip you with the knowledge to safeguard your digital fortress! 🏰 

πŸ§‘β€πŸ­ Jobs & Internships

  1. Cloudflare seeks a Security Research Analyst to support threat intel operations (reviewing miscategorizations, IoCs, data feeds), research threats, and contribute to security models.

  2. Nethermind seeks a Business Development Associate to grow security audit & verification business (web3 experience & sales skills preferred).

  3. Quince seeks a Senior Application Security Engineer with strong security knowledge for assessments & penetration testing (web & mobile security experience a plus).

  4. Atlassian seeks a Security GRC Senior Engineer to manage security risks & governance (experience & communication skills required).

  5. Find your role on SecureLayer7. Check out their Careers page!

πŸ” Last Week in Cyber Security

Join our Discord to get more news in the Security Domain. πŸ›‘οΈ

Wayback Machine Hacking
This article dives into using the Wayback Machine for security purposes. Learn how to analyze historical website data to uncover root directories, parameter names, and file extensions. This intel can then be used to target vulnerabilities with tools like gau, unfurl, and nuclei.

Dappnode Security Audit Exposes Critical Vulnerabilities
A recent security audit uncovered critical vulnerabilities in Dappnode, a popular Ethereum management framework. These vulnerabilities could grant attackers unauthorized access to Dappnode systems. This emphasizes the need for comprehensive security audits in web3.

Cerber Ransomware Exploits Atlassian Confluence Flaw
Cerber ransomware is targeting unpatched Atlassian Confluence servers using the CVE-2023-22518 vulnerability. While the ransomware encrypts files, it doesn't steal data, limiting its impact. This attack highlights the rise of new ransomware families and the ease of creating custom variants from leaked source code.

πŸ” 

Types of Encryption
(Symmetric & Asymmetric)

Imagine a vault filled with your most valuable secrets. Encryption acts as the lock on that vault, scrambling information into an unreadable format. But just like there are different types of locks, there are also different types of encryption. This week, we'll explore two main categories:

Symmetric Encryption:

This method uses a single, shared secret key to both encrypt and decrypt data. It's like a combination lock – anyone with the correct combination can access the vault.

Symmetric encryption is fast and efficient, making it ideal for bulk data encryption and secure communication within closed systems (e.g., encrypting files on your computer). However, securely distributing the key can be challenging.

Check out this article on Cryptomathic where they discuss more on Symmetric Encryption.

Symmetric Key Encryption - why, where, and how it’s used in banking

In this article, we will discuss symmetric encryption in banking, its benefits, and some of the difficulties associated with managing the keys.

Asymmetric Encryption: 

This approach utilizes a pair of mathematically linked keys: a public key and a private key.

The public key, as the name suggests, is widely distributed and can be used by anyone to encrypt information. However, only the private key, held securely by the recipient, can decrypt the message.

Think of it like a high-security mailbox – anyone can put mail in (encrypt with the public key), but only the authorized person with the key (private key) can unlock it and access the contents.

Asymmetric encryption is slower than symmetric encryption but excels in secure key exchange, digital signatures (verifying message authenticity), and open communication channels (e.g., secure online transactions).

Check out this awesome tutorial video on SimpliLearn for a deep dive on Asymmetric Encryption as well.

All You Need to Know About Asymmetric Encryption

Asymmetric encryption algorithms use two different keys for encryption and decryption. Learn about βœ… asymmetric encryption βœ… uses βœ… advantages and more.

πŸŽ–οΈ 

Public Key Infrastructure (PKI)
& Digital Certificates

Public Key Infrastructure (PKI) acts as the linchpin in asymmetric encryption, establishing trust in the digital realm. Imagine a bustling marketplace where everyone interacts but needs a way to verify identities and ensure they're dealing with legitimate individuals or businesses.

PKI functions like a trusted authority, issuing digital certificates that serve as digital IDs. These certificates contain the public key of an entity (person or organization) along with verification information from a reputable PKI provider. When you receive an encrypted message, the certificate associated with the public key used for encryption helps you confirm the sender's authenticity. It's akin to checking the seller's credentials at a marketplace before making a purchase – PKI guarantees the legitimacy of the public key used in the encryption process.

  • Websites (HTTPS): "HTTPS" means you're connected to the real website, not an imposter, thanks to PKI certificates.

  • Email Security: Digital signatures and encryption in email use PKI to verify the sender and scramble messages.

  • Software Downloads: Signing software with PKI certificates ensures you're downloading the real deal.

  • VPNs: PKI helps secure VPN connections by verifying your device's identity.

  • E-Signatures: PKI enables legally binding electronic signatures for documents.

🚌 

Data Encryption at Rest and in Transit

Data is valuable and in need of protection. Encryption safeguards this treasure in two key scenarios:

  • Data Encryption at Rest πŸ”΄ : This refers to encrypting data when it's stored on a device (e.g., your hard drive) or in a database. This prevents unauthorized access even if someone gains physical access to the storage device. Think of it like locking your treasure chest inside a secure room.

  • Data Encryption in Transit 🟒 : This involves encrypting data while it's being transmitted across a network (e.g., sending emails or browsing secure websites). Encryption scrambles the data during travel, making it unreadable even if intercepted by hackers. Imagine a heavily guarded carriage transporting your treasure chest – encryption ensures its safe passage through potentially risky environments.

By understanding these different encryption methods, you can choose the right tools to safeguard your data, both at rest and in transit. Remember, in the digital world, encryption is the key to keeping your information safe and secure.

πŸ’‘ Did you know? πŸ’‘ 

During World War II, the Germans relied on the Enigma machine to encrypt their military communications. However, Allied codebreakers, including the brilliant mathematician Alan Turing, were able to crack the Enigma code. This event significantly boosted the development of modern encryption techniques and highlighted the importance of robust encryption algorithms to safeguard sensitive information.

Time to de-crypt and say goodbye!

We hope you enjoyed this week's deep dive into the fascinating world of encryption. Remember, staying informed is key to keeping your data safe in the digital age.

See you next week for more security insights!

P.S. Don't forget to share this newsletter with your friends – knowledge is power (and the key to unlocking a safer online experience)!

Reply

or to participate.