Brief

Brief #74: Cybersecurity Salaries Soar, Microsoft Loses Security Logs, PAM trends

Critical Kubernetes flaw enables root access. Safari bypass grants camera access. Cloud security engineers earn around $136K. AI introduces new zero-day vulnerabilities.

8 min read
cybersecurity updates on mandos brief for week 42 of 2024

Happy Sunday!

I hope this Brief finds you well and ready to tackle the week ahead.

In this edition, I am covering:

And much more.


Your feedback shapes Mandos Brief and I'd love to hear your thoughts about the content I share.

If you think others in your network would benefit from my newsletter, I'd be grateful if you'd share it with them. 🤝


Sponsor

Fabric by BlackStork

Fabric Platform streamlines cybersecurity reporting processes, offering a comprehensive solution for teams seeking efficiency and consistency.

The platform combines automation, collaboration features, and customizable templates to address various security use cases, including security operations, threat intelligence analysis, and penetration testing.

Learn More

INDUSTRY NEWS

Critical Flaw in Kubernetes Image Builder Enables Root Access

Microsoft Warns of Month-Long Bug Causing Loss of Critical Security Logs

MacOS Safari Exploit Bypasses Security to Access Camera, Mic, and Data

LEADERSHIP INSIGHTS

Transforming Cybersecurity for the Cloud Era: A Guide to Organizational and Operational Change

Cybersecurity Awareness Month Highlights Human Element in Breaches

Gartner Raises Need for Privileged Access Management to Secure Non-Human Identities

CAREER DEVELOPMENT

Cloud Security Engineers in High Demand, Earning $136K on Average

Cybersecurity Professionals Share Frustrations with Management, Politics, and Lack of Resources

Cybersecurity Salaries Reach Up to $420K in 2024, Demand Remains High

AI & SECURITY

AI Models in Cybersecurity: Defenders and Attackers Leverage AI

AI Zero-Day Vulnerabilities Pose Unique Challenges for Cybersecurity

3 Key Considerations for Evaluating GenAI Cybersecurity Solutions

MARKET ANALYSIS

Netskope Acquires Dasera to Integrate DSPM Capabilities into Netskope One Platform

Cyera Acquires AI-Enhanced DLP Startup Trail Security for $162 Million

SentinelOne Extends AWS Collaboration to Deliver Generative AI-Powered Cybersecurity

TOOLS

AppLocker Guidance

Application whitelisting is one of Information Assurance top 10 mitigation strategies. This project contains scripts and configuration files for aiding administrators in implementing Microsoft AppLocker as outlined in the Application Whitelisting using Microsoft AppLocker paper.

NotifySecurity

NotifySecurity is an Outlook add-in designed to assist users in reporting suspicious emails to security teams. It integrates with Swordphish to update reported statistics and provides relevant information like full SMTP headers for accurate reporting.

IAM Floyd

IAM Floyd is a tool for generating AWS IAM policy statements with a fluent interface, supporting 393 Services, 16621 Actions, 1783 Resource Types, and 1731 Condition keys. It offers two package variants: iam-floyd for general use and cdk-iam-floyd for integration with AWS CDK.


Before you go

If you found this newsletter useful, I'd really appreciate if you could forward it to your community and share your feedback below!

Have ideas, questions or comments? Just hit reply - I read every message!

For more frequent cybersecurity leadership insights and tips, follow me on LinkedInBlueSky and Mastodon.

Best, 
Nikoloz

Share This Post

Check out these related posts

Brief #82: Apple iCloud Vulnerability, Cloud Security Skills Gap, SolarWinds ARM Flaw

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read

Brief #81: OpenAI Container Risks, Cloudflare Tunnel Attacks, AWS IR Service Launch

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read

Brief #80: Cloudflare Data Loss, Godot Malware, Claude AI Vulnerability

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read