Newsletter #9 - May 7, 2024

Author

Aseem Shrey
May 07, 2024

CyberSecurity 101

Welcome back to our cybersecurity series! πŸ‘‹ 

By now, you've gained a solid foundation in the importance of cybersecurity and the ever-present threats lurking in the digital world.

This week, we're taking a deep dive into the practical world of cybersecurity engineers. We'll explore their essential processes to safeguard systems and data: security monitoring and incident response, powerful tools like SIEM systems, and what is vulnerability scanning and penetration testing. πŸ€” 

Get ready to equip yourself with the knowledge of how cybersecurity professionals actively protect our digital world!

πŸ§‘β€πŸ­ Jobs & Internships

  1. Blackroot Technologies seeks a Cybersecurity Intern for 3-6 months to assist with security tasks like monitoring alerts, vulnerability assessments, and incident response.

  2. Security Architect with Splunk SIEM experience needed to design and implement cloud security architecture.

  3. Versai seeks a part-time, remote Cybersecurity Expert to secure iOS apps & APIs (experience with SaaS security, CRM integrations & security certifications a plus).

  4. Horangi, a company by Bitdefender, seeks a Cybersecurity Consultant Team Lead (Red Teaming) in Singapore to manage red team engagements, develop team members, and support sales.

  5. Curai Health seeks a Senior Security Engineer to maintain security controls, design security tools, and manage compliance.

  6. Turo seeks a Senior Security Engineer, Application Security to lead their bug bounty program, advocate secure coding practices, and develop tools to build secure applications.

πŸ” Last Week in Cyber Security

Join our Discord to get more news in the Security Domain. πŸ›‘οΈ

Millions of Fake Docker Containers Found to be Malware Landing Pages
Millions of seemingly legitimate containers on Docker Hub were actually malicious. These "imageless" containers contained no usable code, but instead tricked users into visiting phishing or malware sites. This campaign highlights the dangers of supply chain attacks in open-source registries.

Zloader Malware Back With a Vengeance: Stronger Encryption and Evasion Techniques
Zloader, a nasty malware that steals passwords and financial information, has reemerged after almost two years. This time it's got a tougher shell - it uses encryption to scramble its communications and has new tricks to avoid being caught by security software. Be cautious when clicking links in emails and keep your software up to date!

Iranian Spies Use Phishing and New Backdoors to Target Governments and NGOs
Iranian cyberespionage group APT42 is targeting NGOs and governments with phishing emails disguised as news articles, event invites, and legitimate documents. They use stolen credentials to access cloud storage and steal data. APT42 has also deployed new custom backdoors called Nicecurl and Tamecat to maintain control over infiltrated systems.

Security Monitoring and Incident Response

Security monitoring involves the continuous observation of an organization's network, systems, and applications to detect and respond to security threats in real time. Incident response is the process of addressing and mitigating the impact of security incidents when they occur.

Key components include:

  1. Threat Detection: Utilizing tools and techniques to identify suspicious activities, unauthorized access attempts, malware infections, and other security breaches.

  2. Incident Triage: Assessing the severity and scope of security incidents to determine the appropriate response actions.

  3. Containment and Eradication: Isolating affected systems, removing malware, and implementing corrective measures to prevent further damage.

  4. Forensic Analysis: Investigating the root cause of security incidents, gathering evidence, and documenting findings for future prevention and remediation.

Dive deeper into the complete guide for Incident Response through TechTarget πŸ‘‡οΈπŸ‘‡οΈπŸ‘‡οΈ

What is Incident Response? Definition and Complete Guide | TechTarget

This comprehensive cybersecurity incident response guide explains how to create an incident response plan and team to keep your organization's data safe.

βœ‰οΈ πŸ› πŸ› πŸ› 

Security Information and Event Management (SIEM) Systems

SIEM systems are essential tools for centralized log management, security event correlation, and threat detection. They aggregate data from various sources, such as network devices, servers, and security appliances, to provide comprehensive visibility into security events.

Key functionalities include:

  1. Log Collection: Gathering and normalizing log data from disparate sources for analysis and correlation.

  2. Event Correlation: Identifying patterns and anomalies across multiple security events to detect potential threats.

  3. Alerting and Reporting: Generating alerts and reports based on predefined rules and thresholds to notify security teams of suspicious activities.

  4. Incident Investigation: Providing tools and workflows for investigating security incidents and conducting forensic analysis.

Here’s a good article explaining SIEM from IBM:

What is SIEM? | IBM

SIEM is security software that helps organizations recognize and address potential security threats and vulnerabilities before they disrupt business operations.

Vulnerability Scanning
& Penetration Testing

Vulnerability scanning involves assessing systems and applications for known security vulnerabilities, misconfigurations, and weaknesses. Penetration testing, on the other hand, simulates real-world attacks to identify exploitable vulnerabilities and assess the effectiveness of defensive measures.

Key activities include:

  1. Vulnerability Assessment: Conducting automated or manual scans to identify vulnerabilities in networks, systems, and applications.

  2. Risk Prioritization: Prioritizing vulnerabilities based on their severity, potential impact, and likelihood of exploitation.

  3. Penetration Testing: Performing controlled attacks to exploit identified vulnerabilities and assess the security posture of an organization's infrastructure.

  4. Remediation: Implementing patches, configuration changes, and other corrective actions to mitigate identified vulnerabilities and reduce risk.

Vulnerability Testing VS Penetration Testing

Vulnerability Assessment & Penetration Testing | Veracode

Discover what is a vulnerability assessment and penetration testing (VAPT) and how Veracode's platform help you reduce application security risks.

πŸ’‘ Did you know? πŸ’‘ 

Not all VAPTs involve breaking in! While penetration testing, the "pen" part of VAPT, focuses on actively exploiting vulnerabilities, the vulnerability assessment (VA) uses automated tools and scans to identify weaknesses. So, depending on the scope of the VAPT, it might not always involve the thrilling image of a hacker breaching a system!

And that’s it for this week! Key takeaway, establishing robust security monitoring and incident response processes, leveraging SIEM systems effectively, and conducting regular vulnerability scanning and penetration testing, we continue to enhance our security posture in the ever-evolving digital world.

See you next week for more CyberSecurity Knowledge! 🫑 

Reply

or to participate.