Welcome to the Security in Color Newsletter, a weekly guide on news, events and resources in the cybersecurity community. Curated and written by Dominique West.
The TL;DR:
Checking in: ya girl just wants some extra sunshine
News: Data breaches, Update Your Chrome Browser, Nothing is on super fire this week
New Job listings, courtesy of The Remote Interns
Scholarships, Free Bootcamps, Networking Groups to Join
Checking In
Happy Friday Security in Color family! Checking back in with another weekly newsletter full of cybersecurity resources.
I don’t know about you but Daylight Savings Time is kicking my butt (I want my extra hour of sunshine back!). I typically like to wake up early, but with it being dark and the heat on because it’s getting colder productive Domo is in a battle right now. Don’t worry, I am giving myself grace. I hope you are too.
Continue to stay safe, sane and healthy.
Enjoy today’s newsletter. Leave a comment and share! Thanks in advanced ^_^
~ Dominique ~
This Week’s Cybersecurity News
Here’s the cyber tea for this week. Want your news in audio format? Check out our latest podcast episode. Also available on Apple Podcast, Spotify, Google Podcasts and more.
Microsoft Teams Users Under Attack in ‘FakeUpdates’ Malware Campaign
Microsoft warns that cybercriminals are using Cobalt Strike to infect entire networks beyond the infection point, according to a report. Attackers are using ads for fake Microsoft Teams updates to deploy backdoors, which use Cobalt Strike to infect companies’ networks with malware.
Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak
A cloud misconfiguration affecting users of a popular reservation platform threatens travelers with identity theft, scams, credit-card fraud and vacation-stealing. A widely used hotel reservation platform has exposed 10 million files related to guests at various hotels around the world, thanks to a misconfigured Amazon Web Services S3 bucket. The records include sensitive data, including credit-card details.
Google is asking Chrome desktop users to prepare to update their browsers once again as two more zero-day vulnerabilities have been identified in the software. Both allow an unauthenticated, remote attacker to compromise an affected system via the web. And both are being actively exploited in the wild, according to Goo
New research into the security behavior of employees in the United States has found that most Americans reuse passwords on work devices. A September 2020 survey of 500 full-time US employees by portfolio website Visual Objects found that 63% increased their vulnerability to cyber-attacks by recycling the same passwords for multiple accounts on work devices.
Cybersecurity Events Happening Around The Globe
Check out the full calendar line-up here and add directly to your Google Calendar. Have an event you want to be added? Leave a comment or reply directly to this newsletter.
11/16 - 11/20: SANS Institute Presents: Pen Test HackFest 2020
11/16 - 11/19: Hack The Building CTF
11/19: Analyzing Malicious Word and Excel Documents Workshop
11/25: Hack The Box Walk-through by Hack The Box Meetup: Ottawa
Cyber / Tech Job Postings
Go secure that bag! The jobs posted here I have either been directly contacted to post or have come across them in my network. Either way, apply anyway even if you don’t check every box.
Role: Software Engineer Intern (2021) | Company: Figma | Apply here
Role: Technical Product & Program Internship | Company: HBO | Apply here
Role: Virtual Software Engineer Internships | Company: HBO | Apply here
Role: Data & Analytics Internship | Company: Discovery | Apply here
Role: Security Analyst | Company: Github | Apply here
*Shoutout to Alianza from The Remote Interns for today’s internship positions. Subscribe to her newsletter for more remote internship positions!
Support This Newsletter
A very big thank you to every single one of you who has subscribed to this email list and reads this newsletter! If you can spare a couple of $$, please consider contributing to our Patreon (there are perks included!). It helps maintain this newsletter and platform.
You can also send a one-time donation by Buying us a Coffee or via Paypal or Venmo.
Scholarships
Diversity Cyber Workforce Academy Scholarship: SANS and the Bay Area Chapter of the International Consortium of Minority Cybersecurity Professionals (ICMCP) are excited to announce applications for the ICMCP Diversity Cyber Academy - California (DCWA-CA) will open on October 1, 2020. The Academy is open to all California residents.
Full Stack Cyber Bootcamp Scholarship: Although building one’s career is a big enough incentive to participate, we’re further “sweetening the pot” by giving an automatic $2,000 scholarship to all prospective full-time students who answer the prompt via the form below and apply to the bootcamp by November 23, 2020.
Free Study Resources
Amazon Web Services (AWS) - Zero to Hero Udemy Course: A high paced hands on course on AWS. Complete with in depth professional course notes.
Learn Amazon Web Services (AWS): The complete introduction Udemy Course: Start your journey with AWS, get hands on, and cover every AWS service available today
Cyber Security Course for Beginners - Level 01 Udemy Course: Learn the Security Fundamentals required for your everyday online presence.
SANS Cyber Aces Online: SANS Cyber Aces Online is an online course that teaches the core concepts needed to assess, and protect information security systems.
Cyber Security for Beginners Bootcamp: Learn how to secure your online world in just 5 weeks of FREE cyber security training!
Community Groups to Network
Suggestions?
Have something you want to contribute to the next newsletter? Know of a way to improve this newsletter for our audience? Feel free to provide us some feedback here or leave a comment below.