Welcome to the Security in Color Newsletter, a weekly guide on news, events and resources in the cybersecurity community. Curated and written by Dominique West.
The TL;DR:
Checking in: Early Happy Holidays and see you in 2021
News: Fireeye hack, Instagram Click Farm, Cybercrime loss and more
Events, Jobs and more.
Checking In
What’s upppp *Keke Palmer Voice*,
Hope you’re having a great Friday thus far. Christmas is 2 weeks from today and in 3 weeks, we will officially be out of the longest year in the history of years (well in my lifetime). I feel like the closer we get to the holidays, the less productive I get and the more my body is like, okay it’s rest time because I know you going to go ham on Jan 1. For once, I am listening and taking it easy so I will be back (and better) with the newsletter in the New Year. If you are feeling the same, don’t feel bad and get your rest.
Have a great Christmas and Happy New Year. See you in 2021!
P.S. - If you miss me that much (he,he) and you are trying to study for AWS Solutions Architect, I am still doing study lives on Mondays (Twitter/Twitch/Periscope/Youtube)
~ Dominique ~
This Week’s Cybersecurity News
Here’s the cyber tea for this week. Want your news in audio format? Check out our latest podcast episode. Also available on Apple Podcast, Spotify, Google Podcasts and more.
FireEye Cyberattack Compromises Red-Team Security Tools: Cybersecurity firm FireEye has been hit in what CEO Kevin Mandia described as a highly targeted cyberattack. The attacker targeted and was able to access certain Red Team assessment tools that the company uses to test its customers’ security
Leaky Elasticsearch Server Reveals Massive Instagram Click Farm: Security researchers have uncovered a massive Instagram click farm in central Asia, operating tens of thousands of fake profiles. A team at vpnMentor found the operation thanks to a completely unsecured Elasticsearch database it was using, connected to the public-facing internet.
Valve's Steam Server Bugs Could've Let Hackers Hijack Online Games: Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected third-party game servers
Global Cybercrime Losses Cross $1 Trillion Mark: A shift from attackers targeting individual systems to entire organizations is pushing up cost of cyberattacks sharply, McAfee says. Security industry estimates of global cybercrime losses tend to vary quite widely, and sometimes the projections can be startling in terms of magnitude. But the data still helps lend some broad perspective to the mushrooming nature of cybercrime
Misery of Ransomware Hits Hospitals the Hardest: Ransomware attacks targeting hospitals have exacted a human cost as well as financial. Despite hospitals being on the front lines during the pandemic, bad actors have continued to target them with ransomware. In addition to wreaking havoc on operational processes in medical facilities at the worst possible time, the attacks have evolved to threaten patient safety.
Cybersecurity Events Happening Around The Globe
Check out the full calendar line-up here and add directly to your Google Calendar. Have an event you want to be added? Leave a comment or reply directly to this newsletter.
12/13: Automating Application Security Testing, hosted by OWASP Devslop
12/13: Hacking (Beginner to Intermediate), hosted by Ethical Hackers
12/16: "No Excuses" PostgreSQL Security, hosted by Free Tech Webinars
12/17: Creating a Show-stopping Resume w/ Resume Review, hosted by WSC
12/18: Introducing Threats Manager Studio, hosted by OWASP Devslop
Ongoing until 1/4: SANS Holiday Hack Challenge
Cyber / Tech Job Postings
Go secure that bag! The jobs posted here I have either been directly contacted to post or have come across them in my network. Either way, apply anyway even if you don’t check every box.
Role: Student Trainee (IT Management) GS 1 - 2| Company: Department of Homeland Security | Apply here
Role: Student Trainee (IT Management) GS 3 - 4 | Company: Department of Homeland Security | Apply here
Role: Student Trainee (IT Management) GS 5 - 7 | Company: Department of Homeland Security | Apply here
Role: AWS Cleared Data Center Operations Technicians | Company: Amazon | Apply here
Role: Entry Level Security Engineer | Company: Seat Geek | Apply here
Role: Information Security Analyst | Company: Progyny | Apply here
Role: Information Security Engineer | Company: Russell Tobin | Apply here
Role: Cloud Security Engineer | Company: Collibra | Apply here
Role: Personnel Security Specialist (Analyst) | Company: Guidehouse | Apply here
Role: Technical Support Engineer | Company: Carbon Black | Apply here (Multiple locations)
Purdue Cyber Apprenticeship Program. Apply here.
Paid Internship - Coders, DevOps, Data Entry | Black Hills Information Security | Email Resume and Cover letter to internships@blackhillsinfosec.com
Support This Newsletter
A very big thank you to every single one of you who has subscribed to this email list and reads this newsletter! If you can spare a couple of $$, please consider contributing to our Patreon (there are perks included!). It helps maintain this newsletter and platform.
You can also send a one-time donation by Buying us a Coffee or via Paypal or Venmo.
Scholarships
(ISC)² Women’s Cybersecurity Scholarship, Apply here
(ISC)² Undergraduate Scholarship, Apply here
SAIC CyberWarrior Veteran Scholarship, Apply here
Free Study Resources
Free OSINT Resources (Discord Group)
Free Microsoft Fundamentals Training Days (Free exam voucher after attendance)
Free Course - Understand the Basics of MongoDB
Free Tutorial - Big Data and Hadoop Essentials
Free Tutorial - Getting Started with Elasticsearch
A curated collection of cybersecurity resources by Cybersecurity Council of Arizona
Giveaways
Suggestions?
Have something you want to contribute to the next newsletter? Know of a way to improve this newsletter for our audience? Feel free to provide us some feedback here or leave a comment below.