In this week’s digest, we will mainly focus on the importance of using Community IDs to correlate traffic monitored by security information and event management (SIEM) tools. We will also touch on a vulnerable WordPress plugin that we think requires attention.
Cybersecurity Career Awareness Week: Explore. Experience. Share.
Cybersecurity professionals continue to be in high demand across all industries. We celebrate this growing field by sharing resources with you, whether you’re a student or a seasoned professional. We encourage everyone to explore new career opportunities and share them with people that have the needed skills.
We have hired several determined students and professionals early in their careers for our Security Engineer Internship program. Our interns do real security work, from auditing systems to adding new capabilities to our existing infrastructure. A number of our former interns have become full-time Security Engineers at Linode.
Others have decided to continue their successful career journeys at different companies. Our employees have volunteered to mentor these interns to help them succeed in their careers at Linode and beyond. We encourage all companies to focus on internships and training programs to build a more knowledgeable, healthier, and stronger security community.
You can check out National Initiative for Cybersecurity Education (NICE)’s resources for more information on cybersecurity careers and what skills these roles require.
Community IDs and Correlation
SIEM platforms provide the ability to aggregate logs and events from an infrastructure. These logs could be network traffic logs, syslogs, Windows event logs, and more.
Community IDs are hashes based on your network flow data, making it possible to correlate events based on the fields of network logs. As your intrusion detection systems log events from your network, you can use these IDs to correlate different types of activities across your infrastructure. Logs that contain the same fields for source and destination IP addresses, ports, and network protocols generate the same community ID hashes. If you’re using community IDs, searching for these values can let you quickly identify different types of logs that correlate to the same event.
Brizy WordPress Plugin Vulnerabilities (CVE-2021-38344, CVE-2021-38345, CVE-2021-38346)
Brizy is a WordPress plugin that makes it easier to build websites. As of this writing, it has over 90,000 active installs in the official WordPress plugins webpage. Versions of this plugin prior to 2.3.11 contain multiple medium- and high-severity vulnerabilities that can lead to cross-site scripting, arbitrary file uploads, and unauthorized content modification. The latest version of this plugin mitigates these vulnerabilities, and you should update this plugin as soon as possible.
We love sharing these articles with our community to spread awareness of current threats and security best practices. Stay tuned for more updates from us, and please share your opinions below so that we can tailor these digests better for our readers.