~this week in security~

a free cybersecurity newsletter by @zackwhittaker, delivered weekly.

500: We've Run Into An Issue | Mailchimp

CSPAN on Twitter

“NOTE: C-SPAN cameras are no longer in the House chamber. We have resumed using the feed from House/government-operated cameras.”

Synology fixes maximum severity vulnerability in VPN routers

Taiwan-based NAS maker Synology has addressed a maximum (10/10) severity vulnerability affecting routers configured to run as VPN servers.

Jr. Security Engineer

We’re looking for a passionate Junior Security Engineer to join our growing team and help us deliver intuitive and delightful experiences to our customers. We are considering remote applications globally.   Job Description The Junior Security Engineer is an opportunity that introduces aspiring cybersecurity professionals to the day-to-day operations of security within the company. Junior Engineers are primarily exposed to frontline duties associated with cybersecurity practices and are introduced to the processes of event assessment and escalation (when warranted) to senior members of the cybersecurity team. This entry-level position is a fantastic opportunity to learn firsthand how cybersecurity controls are implemented, managed, and enhanced across the business.  Working alongside one or more mentors, Junior Security Engineers perform data collection, ticket processing, analysis and remediation tasks. Junior Engineers also work with cybersecurity team members to understand architectural designs, best practices, and event and incident response (IR) obligations. Junior Engineers provide support to the security operations center (SOC), IR and security networking teams. To be effective, Junior Engineers must have a general understanding of cybersecurity principles and concepts, as well as solid practical hands-on experience with computers.     What you’ll contribute in this role…  Respond to security questionnaires and RFPs from potential customers and interested parties. Follow and execute directives issued by cybersecurity management and senior employees. Support day-to-day activities performed by the cybersecurity team. Learn to manage tools and solutions implemented throughout the organization. Work with senior members of the team to learn basic first-line threat assessment and response tasks and progress toward independence after proving competence.  Execute tasks requested by cybersecurity team members, such as analysis, investigation, reporting and maintenance of general cybersecurity upkeep.  Assist in supporting SOC, IR and security networking teams.  Monitor dashboards and event logs with escalation to members of the cybersecurity team.  Attain proven proficiency with cybersecurity tools and perform front-end troubleshooting and general triage. Read daily cybersecurity resources to stay current on security threats and vulnerabilities.  Actively participate with the team in mock threat exercises to strengthen skills. Perform other duties as assigned.  Progress towards a Security Engineer position.   What experience you’ll bring to Spiff…   Undergraduate hands-on and general knowledge coursework in cybersecurity or information technology  –and/or– Demonstrated hands-on lab experience collecting, investigating and documenting threats and incidents  –and/or— Ability to speak to cybersecurity projects completed during education and training. Fundamental knowledge of cybersecurity principles and best practices. General knowledge and hands-on coursework (lab) experience with cybersecurity endpoint, network, vulnerability, forensic and log management tools. Basic understanding, knowledge of and hands-on capabilities with operating system configuration (Windows, Unix, Linux) and networking (DNS, DHCP, routing protocols). Ability to analyze event and incident logs, and work with SOC and IR teams to assess security events related to malware, vulnerabilities, exploits and kill chain methodology. Introductory knowledge of cloud-based infrastructure and operations. Basic exposure to one or more scripting languages (e.g., Python, PowerShell, and/or Bash) preferred. Basic knowledge of adversary tactics.   Bonus Points  Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively. Solid written and verbal communication skills. Capable of working with diverse teams. Organized and punctual. Confident, but humble and willing to learn and take initiative. Recommendations from previous instructors, employers, or internship sponsors or Certificates obtained during coursework are a plus, but not required   Compensation… At Spiff Inc. we are committed to equal pay and opportunities. In order to provide full transparency, the salary range for this position is USD $50k - $70k per annum for all candidates based in the US.This position is eligible for equity. If you are located outside of the US and would like to have visibility on the salary range valid in your location, it can be disclosed by your recruiter upon request. Spiff Inc. will consider internal equity, external market information and each candidate's prior experience, education, location, skills and aptitudes for the role they are applying for.   What types of perks and benefits we offer…  What types of perks and benefits we offer… Competitive Salary and Equity Remote First & Friendly Company 100% Premium Coverage for High-Deductible Medical, Dental, & Vision Insurance Up to $1200 a year towards your Health Savings Account Additional Comprehensive FSA, Life, AD&D, Critical Illness, Group Accident, Hospital Indemnity, Legal, Commuter Coverages available for you & your dependents Company-sponsored Short-Term & Long-Term Disability Insurance Company-sponsored Mental Health Insurance & access to online counseling Flexible Time Off Flexible work hours Parental leave 401(k)

Rackspace Blames Zero-Day Exploit for Ransomware Hit Success

Rackspace says the ransomware-wielding attackers who disrupted its hosted Microsoft Exchange Server environment last month wielded a zero-day exploit, described by