Newsletter #8 - April 30, 2024

Author

Aseem Shrey
April 30, 2024

CyberSecurity 101

We are now at week 8 of our Cyber Security 101 Series. 👋🥳 

By now, you've likely encountered the growing importance of cybersecurity in our digital world. We're halfway through this series, and I'm curious – what security topics are you most interested in? Is there a specific threat you'd like to learn more about? Do you have questions on protecting your online identity? 🙎 

Let me know! Your feedback and suggestions will help shape next week's newsletter, ensuring we cover the cybersecurity issues that matter most to you.

Just drop me a message or share your thoughts in the feedback link below!

For this week, we’ll talk about Authentication RBACs and IDMs. Don’t know what that is?
Without further ado, let’s get into it!

🧑‍🏭 Jobs & Internships

  1. Xerox seeks a Senior Director of Security Engineering & Product Security to lead security strategy, engineering, and product security across the company.

  2. MicroStrategy seeks an Information Security Engineer to support security across applications, databases, and cloud environments (experience with SIEM, cloud security, and compliance a plus).

  3. Google seeks a Tier 2 Security Operations Center Analyst with a Top Secret clearance to analyze security alerts, investigate incidents, and support response efforts.

  4. Groww seeks a Cyber Defence Analyst Intern to help develop security strategies, monitor security alerts, and assist with incident response

  5. Persistent Systems seeks a Cyber Security professional with 10+ years of experience to manage security patches, network intrusion detection, and data gateways.

🔏 Last Week in Cyber Security

Join our Discord to get more news in the Security Domain. 🛡️

eScan Antivirus Flaw Exploited by Hackers to Spread Malware
Hackers are using a flaw in eScan antivirus software to spread malicious miners and backdoors. They replaced eScan updates with fake ones that install these programs on computers. This campaign has been around for a while (since 2018) and may be linked to a North Korean hacking group.

Bitcoin Mixers: Offering Anonymity But With Risks
Bitcoin mixers anonymize transactions by mixing users' funds, but they come with downsides. These services can be illegal in some areas and might not be as anonymous as advertised. Users should understand the legal and technical risks before using them.

ICICI Bank App Glitch Leaks Customer Credit Card Details!
A glitch in the ICICI Bank iMobile app. It discusses several security concerns that arose when users were able to view other users’ credit card details. ICICI Bank has acknowledged the glitch and blocked the affected credit cards. They are issuing new cards to those affected. Customers can report any fraudulent activity to the bank.

User Authentication
&
Authorization Methods

User authentication verifies the identity of individuals accessing a system or application. Common methods include:

  1. Passwords: Traditional but still widely used, passwords require users to input a unique combination of characters to gain access.

  2. Multi-factor Authentication (MFA): Enhancing security beyond passwords, MFA requires users to provide additional evidence of identity, such as a code sent to their mobile device or a biometric scan.

  3. Biometric Authentication: Utilizing physical characteristics like fingerprints, facial recognition, or iris scans for identity verification.

Here is a blog post by Frontegg about Authentication and Authorization Methods:

Authentication vs. Authorization: Methods & Key Differences

Authentication and authorization are two distinct security processes in identity and access management (IAM). Authentication verifies a user's identity, while authorization verifies what a user has access to. Common authentication technologies include OTPs, fingerprint recognition, and smart cards.

👩🔐🧑‍🦱 

Access Controls and Role-Based Access Control (RBAC): 

Access controls govern what resources users can access and actions they can perform. RBAC is a widely adopted access control model that assigns permissions based on predefined roles within an organization. The key components include these factors:

  1. Roles: Defined sets of permissions associated with specific job functions or responsibilities.

  2. Permissions: Granular rules dictating what actions users can perform on resources.

  3. Access Policies: Guidelines for granting or denying access based on user roles, permissions, and other contextual factors.

Here is a blog post by Digital Guardian that explains more about RBACs:

What is Role-Based Access Control (RBAC)? Examples, Benefits, and More

Learn about role-based access control (RBAC) in Data Protection 101, our series on the fundamentals of information security.

Identity Management Systems: 

Identity management systems centralize the management of user identities and access rights. They streamline user provisioning, authentication, and authorization processes. Common systems include:

  1. Active Directory (AD): Developed by Microsoft, AD is a directory service that manages user identities and permissions within a networked environment, facilitating single sign-on (SSO) and centralized access control.

  2. LDAP (Lightweight Directory Access Protocol): An open and cross-platform protocol used for accessing and maintaining directory services, including user authentication and authorization.

  3. Identity as a Service (IDaaS): Cloud-based identity management solutions that offer scalable and flexible IAM capabilities, often including features like SSO, MFA, and user lifecycle management.

As organizations continue to embrace digital transformation, implementing robust IAM strategies becomes increasingly vital. By leveraging authentication methods, access controls, and identity management systems effectively, businesses can mitigate security risks and ensure regulatory compliance while enabling seamless access to resources for authorized users.

For more information, visit this article from VMware—a well-known software developer for Security Management Systems.

What is Identity Management? | VMware Glossary

Identity management (IdM), also known as identity and access management (IAM) ensures that authorized people – and only authorized people – have access to the technology resources they need to perform their job functions.

💡 Did you know? 💡 

The first documented case of identity theft actually predates the internet! In 1879, a man named William Russell became the victim of identity theft when someone used his good reputation and credit to impersonate him and rack up a massive bill at a luxury hotel in New York City. This shows that identity theft has been a concern for much longer than the digital age, although the ease of stealing data online has certainly made it more prevalent today.

And that’s it for this week! Next week, we’ll look into more CyberSecurity Topics to help you in your Security journey. Stay alert! 👋 

Reply

or to participate.