Security in Color Newsletter: At least Nothing is on Fire

Issue #39

Welcome to the Security in Color Newsletter, a weekly guide on news, events and resources in the cybersecurity community. Curated and written by Dominique West.


The TL;DR:

  • Checking in: ya girl just wants some extra sunshine

  • News: Data breaches, Update Your Chrome Browser, Nothing is on super fire this week

  • New Job listings, courtesy of The Remote Interns

  • Scholarships, Free Bootcamps, Networking Groups to Join


Checking In

Happy Friday Security in Color family! Checking back in with another weekly newsletter full of cybersecurity resources.

I don’t know about you but Daylight Savings Time is kicking my butt (I want my extra hour of sunshine back!). I typically like to wake up early, but with it being dark and the heat on because it’s getting colder productive Domo is in a battle right now. Don’t worry, I am giving myself grace. I hope you are too.

Continue to stay safe, sane and healthy.

Enjoy today’s newsletter. Leave a comment and share! Thanks in advanced ^_^

~ Dominique ~

This Week’s Cybersecurity News

Here’s the cyber tea for this week. Want your news in audio format? Check out our latest podcast episode. Also available on Apple Podcast, Spotify, Google Podcasts and more.

Microsoft Teams Users Under Attack in ‘FakeUpdates’ Malware Campaign

Microsoft warns that cybercriminals are using Cobalt Strike to infect entire networks beyond the infection point, according to a report. Attackers are using ads for fake Microsoft Teams updates to deploy backdoors, which use Cobalt Strike to infect companies’ networks with malware.

Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak

A cloud misconfiguration affecting users of a popular reservation platform threatens travelers with identity theft, scams, credit-card fraud and vacation-stealing. A widely used hotel reservation platform has exposed 10 million files related to guests at various hotels around the world, thanks to a misconfigured Amazon Web Services S3 bucket. The records include sensitive data, including credit-card details.

Update Your Browsers….Again

Google is asking Chrome desktop users to prepare to update their browsers once again as two more zero-day vulnerabilities have been identified in the software. Both allow an unauthenticated, remote attacker to compromise an affected system via the web. And both are being actively exploited in the wild, according to Goo

Are You Among These Re-Users?

New research into the security behavior of employees in the United States has found that most Americans reuse passwords on work devices. A September 2020 survey of 500 full-time US employees by portfolio website Visual Objects found that 63% increased their vulnerability to cyber-attacks by recycling the same passwords for multiple accounts on work devices.

Cybersecurity Events Happening Around The Globe

Check out the full calendar line-up here and add directly to your Google Calendar. Have an event you want to be added? Leave a comment or reply directly to this newsletter.

Cyber / Tech Job Postings

Go secure that bag! The jobs posted here I have either been directly contacted to post or have come across them in my network. Either way, apply anyway even if you don’t check every box.

  • Role: Software Engineer Intern (2021) | Company: Figma | Apply here

  • Role: Technical Product & Program Internship | Company: HBO | Apply here

  • Role: Virtual Software Engineer Internships | Company: HBO | Apply here

  • Role: Data & Analytics Internship | Company: Discovery | Apply here

  • Role: Security Analyst | Company: Github | Apply here

*Shoutout to Alianza from The Remote Interns for today’s internship positions. Subscribe to her newsletter for more remote internship positions!

Support This Newsletter

A very big thank you to every single one of you who has subscribed to this email list and reads this newsletter! If you can spare a couple of $$, please consider contributing to our Patreon (there are perks included!). It helps maintain this newsletter and platform.

You can also send a one-time donation by Buying us a Coffee or via Paypal or Venmo.


Scholarships

  • Diversity Cyber Workforce Academy Scholarship: SANS and the Bay Area Chapter of the International Consortium of Minority Cybersecurity Professionals (ICMCP) are excited to announce applications for the ICMCP Diversity Cyber Academy - California (DCWA-CA) will open on October 1, 2020. The Academy is open to all California residents.

  • Full Stack Cyber Bootcamp Scholarship: Although building one’s career is a big enough incentive to participate, we’re further “sweetening the pot” by giving an automatic $2,000 scholarship to all prospective full-time students who answer the prompt via the form below and apply to the bootcamp by November 23, 2020.

Free Study Resources

Community Groups to Network


Suggestions?

Have something you want to contribute to the next newsletter? Know of a way to improve this newsletter for our audience? Feel free to provide us some feedback here or leave a comment below.

Leave a comment