Hello,

I hope this message finds you well. I wanted to share an update on my progress this month. As part of my ongoing efforts to achieve the goals I set in July, I've been dedicated to enhancing my skills in the realm of cybersecurity. One of my main endeavors has been the preparation for the CompTIA Security+ certification. I've taken the initiative to delve into the required topics for the exam, and I'm truly excited about the challenges and learning opportunities that lie ahead.

In addition, I am thrilled to inform you that I will be compiling a selection of valuable resources to aid those who are also preparing for the Security+ exam. These resources will be featured in an upcoming issue of our newsletter.

Furthermore, I've begun reading the book titled "Cybersecurity Career Guide," which I am incredibly grateful to have at my disposal. As I progress through the book I am convinced that it holds immense value for individuals seeking to enter the field of cybersecurity. Beyond that, I believe it will serve as an indispensable tool for those looking to navigate their career path within the cybersecurity domain.

I am considering the possibility of crafting an article to share my insights and impressions about this book, and I look forward to the potential to shed light on its significance.

🛡️Security & Privacy

• Jeff Johnson disclosed an unfixed security vulnerability for App Management protection system on macOS Ventura. A complete illustration available here.
• Google, in in partnership with the ETH Zürich, release the first quantum resilient FIDO2 security key implementation as part of OpenSK. Link.
• Google leverages the LLMs generative power to improve OSS-Fuzz, the tool used for automated vulnerability detection through fuzzing. Link.
• Trading forums were targeted by malware that uses zero-day vulnerability in WinRAR. It’s highly recommended that all users install the latest version of WinRAR. Link.
• Are you planning to buy a robotic vacuum cleaner? Hold on and think about your privacy first. A comprehensive list of concerns here. Next level of spying via lidar sensors here.
• Japan’s military network were penetrated in 2020 by Chinese hackers. They had persistent access and get multiple sensitive information like plans and military assessments. Link.
• Google will request 2FA for accessing any sensitive settings of your account. Link.
• There is a new type of acoustic side channel attack on keyboards that uses deep learning to classify laptop keystrokes. The obtained accuracy is 93% over Zoom audio. Link.
• Black Hat USA 2023 summary here.

⚒️ Tools

• Meta introduces Code Llama, an AI model for generating and discussion code. More.
• OSS-Fuzz → use modern fuzzing techniques to uncover security vulnerability in open source projects.
• OSINT Framework → gather information from free tools or resources
• lazygit → simple terminal UI for git, developed in Go

📖 Misc

Recently I discovered a new book, “The Good Enough Job”, written by Simone Stolzoff.

After tuning into Cal Newport's podcast episode discussing this book, I can confidently affirm that the author delves into pertinent and substantial themes surrounding our perspectives on work. Stolzoff addresses various aspects such as navigating new job roles, determining the right time for a career change, and effectively managing significant shifts in one's professional journey.

💡Quote

To say that cybersecurity is just an industry ultimately is far too limiting. It is a crucial element in the way we approach day-to-day life and not something that is easily separated anymore.

Alyssa Miller - Cybersecurity Career Guide

📩 Please feel free to share this article with colleagues and friends who will find it valuable.

Thanks for reading!

Have a great day!
Bogdan