Security in Color Newsletter: Issue 42

Merry Early Christmas and Happy New Year

Welcome to the Security in Color Newsletter, a weekly guide on news, events and resources in the cybersecurity community. Curated and written by Dominique West.


The TL;DR:

  • Checking in: Early Happy Holidays and see you in 2021

  • News: Fireeye hack, Instagram Click Farm, Cybercrime loss and more

  • Events, Jobs and more.


Checking In

What’s upppp *Keke Palmer Voice*,

Hope you’re having a great Friday thus far. Christmas is 2 weeks from today and in 3 weeks, we will officially be out of the longest year in the history of years (well in my lifetime). I feel like the closer we get to the holidays, the less productive I get and the more my body is like, okay it’s rest time because I know you going to go ham on Jan 1. For once, I am listening and taking it easy so I will be back (and better) with the newsletter in the New Year. If you are feeling the same, don’t feel bad and get your rest.

Have a great Christmas and Happy New Year. See you in 2021!

P.S. - If you miss me that much (he,he) and you are trying to study for AWS Solutions Architect, I am still doing study lives on Mondays (Twitter/Twitch/Periscope/Youtube)

~ Dominique ~

This Week’s Cybersecurity News

Here’s the cyber tea for this week. Want your news in audio format? Check out our latest podcast episode. Also available on Apple Podcast, Spotify, Google Podcasts and more.

  • FireEye Cyberattack Compromises Red-Team Security Tools: Cybersecurity firm FireEye has been hit in what CEO Kevin Mandia described as a highly targeted cyberattack. The attacker targeted and was able to access certain Red Team assessment tools that the company uses to test its customers’ security

  • Leaky Elasticsearch Server Reveals Massive Instagram Click Farm: Security researchers have uncovered a massive Instagram click farm in central Asia, operating tens of thousands of fake profiles. A team at vpnMentor found the operation thanks to a completely unsecured Elasticsearch database it was using, connected to the public-facing internet.

  • Valve's Steam Server Bugs Could've Let Hackers Hijack Online Games: Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected third-party game servers

  • Global Cybercrime Losses Cross $1 Trillion Mark: A shift from attackers targeting individual systems to entire organizations is pushing up cost of cyberattacks sharply, McAfee says. Security industry estimates of global cybercrime losses tend to vary quite widely, and sometimes the projections can be startling in terms of magnitude. But the data still helps lend some broad perspective to the mushrooming nature of cybercrime

  • Misery of Ransomware Hits Hospitals the Hardest: Ransomware attacks targeting hospitals have exacted a human cost as well as financial. Despite hospitals being on the front lines during the pandemic, bad actors have continued to target them with ransomware. In addition to wreaking havoc on operational processes in medical facilities at the worst possible time, the attacks have evolved to threaten patient safety.

Cybersecurity Events Happening Around The Globe

Check out the full calendar line-up here and add directly to your Google Calendar. Have an event you want to be added? Leave a comment or reply directly to this newsletter.

Cyber / Tech Job Postings

Go secure that bag! The jobs posted here I have either been directly contacted to post or have come across them in my network. Either way, apply anyway even if you don’t check every box.

  • Role: Student Trainee (IT Management) GS 1 - 2| Company: Department of Homeland Security | Apply here

  • Role: Student Trainee (IT Management) GS 3 - 4 | Company: Department of Homeland Security | Apply here

  • Role: Student Trainee (IT Management) GS 5 - 7 | Company: Department of Homeland Security | Apply here

  • Role: AWS Cleared Data Center Operations Technicians | Company: Amazon | Apply here

  • Role: Entry Level Security Engineer | Company: Seat Geek | Apply here

  • Role: Information Security Analyst  | Company: Progyny | Apply here

  • Role: Information Security Engineer  | Company: Russell Tobin | Apply here

  • Role: Cloud Security Engineer  | Company: Collibra | Apply here

  • Role: Personnel Security Specialist (Analyst)  | Company: Guidehouse | Apply here

  • Role: Technical Support Engineer  | Company: Carbon Black | Apply here (Multiple locations)

  • Purdue Cyber Apprenticeship Program. Apply here.

  • Paid Internship - Coders, DevOps, Data Entry | Black Hills Information Security | Email Resume and Cover letter to internships@blackhillsinfosec.com


Support This Newsletter

A very big thank you to every single one of you who has subscribed to this email list and reads this newsletter! If you can spare a couple of $$, please consider contributing to our Patreon (there are perks included!). It helps maintain this newsletter and platform.

You can also send a one-time donation by Buying us a Coffee or via Paypal or Venmo.


Scholarships

Free Study Resources

Giveaways


Suggestions?

Have something you want to contribute to the next newsletter? Know of a way to improve this newsletter for our audience? Feel free to provide us some feedback here or leave a comment below.

Leave a comment