Checking in: Happy New Year, Security in Color First Anni Giveaway
News: Attackers bypassing Cloud MFA, More Solarwinds info, Vulnerabilities in IoT
Events, Jobs, Scholarship Programs, Free Study Resources
Happy New Year!
I know, I know - we’re already halfway through the month, but better late than never! It’s been a minute since the last newsletter - ya girl was taking a much-needed break (even though I feel like I already need another one).
Now that 2021 is in full swing, I have so much in store for Security in Color - including upcoming events to practice your #cybersecurity skills, new podcast episodes, and of course, more resources for you via this newsletter. Speaking of podcast episodes…Episode 46 of Security in Color dropped today and I am doing a CompTIA Security+ Voucher giveaway as part of my thank you for reaching 1 year in podcasting. More information is in the episode, see here for the form.
In other news, I am still studying for the AWS Solutions Architect Associate Exam (you can find the youtube study sessions here). The test is scheduled for the end of January, so if you are still studying as well let me know. The next study group will either be GCP Security or Security+, not sure yet, but I will keep you posted.
Anywhoo, enjoy the newsletter!
~ Dominique ~
This Week’s Cybersecurity News
Is Enabling MFA enough in the Cloud? The US Cybersecurity and Infrastructure Security Agency (CISA) said today that threat actors bypassed multi-factor authentication (MFA) authentication protocols to compromise cloud service accounts. "CISA is aware of several recent successful cyberattacks against various organizations’ cloud services," the cybersecurity agency said on Wednesday.
SolarWinds Hack Potentially Linked to Turla APT: Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon. New details on the Sunburst backdoor used in the sprawling SolarWinds supply-chain attack potentially link it to previously known activity by the Turla advanced persistent threat (APT) group.
Understanding TCP/IP Stack Vulnerabilities in the IoT: Internet of Things devices are highly susceptible to attacks, breaches, and flaws emanating from issues within the TCP/IP network communications architecture. Here's an overview of what you need to know to mitigate risks.
Cybersecurity Events Happening Around The Globe
Check out the full calendar line-up here and add it directly to your Google Calendar. Have an event you want to be added to? Leave a comment or reply directly to this newsletter.
1/21: Detect Complex Code Patterns Using Semantic Grep. Hosted by OWASP Atlanta. Register here.
1/24: Software Composition Analysis: Securing Your Software Supply Chain. Hosted by OWASP Devslop. Register here.
2/5: BIC Winter Conference 2021. Hosted by Blacks in Cybersecurity. Register here.
2/13: Women Unite over CTF 3.0
Cyber / Tech Job Postings
Go secure that bag! The jobs posted here I have either been directly contacted to post or have come across them in my network. Either way, apply anyway even if you don’t check every box.
Role: Information Security Analyst (Remote) | Company: Strategic Financial Solutions | Apply here
Role: Security Operations Analyst | Company: Deltek | Apply here
Role: Cyber Security Analyst / Engineer II - Remote | Company: Ingalls Information Security, LLC | Apply here
Role: Senior Security Engineer - Remote | Company: Grubhub | Apply here
Role: Staff Software Engineer, Security | Company: Gatsby | Apply here
Role: Applications Security Engineer (Remote) | Company: RedRiver Systems | Apply here
Role: Information Security Analyst | Company: Yumi Brands | Apply here
Support This Newsletter
A very big thank you to every single one of you who has subscribed to this email list and reads this newsletter! If you can spare a couple of $$, please consider contributing to our Patreon (there are perks included!). It helps maintain this newsletter and platform.
Cyber Security Development Program Associate - Capital One
Freddie Mac Technology Analyst Program for University Students - Freddie Max
Free Study Resources
Have something you want to contribute to the next newsletter? Know of a way to improve this newsletter for our audience? Feel free to provide us some feedback here or leave a comment below.