Happy Sunday!
I hope this Brief finds you well and ready to tackle the week ahead.
In this edition, I am covering:
- A vulnerability in Kubernetes Image Builder and its implications
- How AI is being used by both cybersecurity professionals and threat actors
- The growing demand for cloud security engineers and their average salaries
And much more.
Your feedback shapes Mandos Brief and I'd love to hear your thoughts about the content I share.
If you think others in your network would benefit from my newsletter, I'd be grateful if you'd share it with them. 🤝
Sponsor
Fabric by BlackStork
Fabric Platform streamlines cybersecurity reporting processes, offering a comprehensive solution for teams seeking efficiency and consistency.
The platform combines automation, collaboration features, and customizable templates to address various security use cases, including security operations, threat intelligence analysis, and penetration testing.
INDUSTRY NEWS
Critical Flaw in Kubernetes Image Builder Enables Root Access
-
Red Hat's Joel Smith disclosed a critical security flaw (CVE-2024-9486, CVSS score: 9.8) in the Kubernetes Image Builder that could allow attackers to gain root access to nodes using VM images built with the Proxmox provider.
-
The vulnerability stems from default credentials being enabled during the image build process and not disabled in the resulting VM images, potentially allowing access via these credentials.
-
Temporary mitigations include disabling the builder account on affected VMs and rebuilding images using Kubernetes Image Builder version 0.1.38, which addresses the issue by using randomly-generated passwords and disabling the builder account post-build.
Microsoft Warns of Month-Long Bug Causing Loss of Critical Security Logs
-
Microsoft has notified enterprise customers of a bug that caused critical security logs to be lost between September 2nd and October 3rd, potentially impacting the ability to detect unauthorized activity.
-
The logging failure affected various Microsoft services, including Microsoft Entra, Azure Logic Apps, Azure Healthcare APIs, Microsoft Sentinel, Azure Monitor, Azure Trusted Signing, Azure Virtual Desktop, and Power Platform.
-
The bug was introduced while fixing another issue in Microsoft's log collection service, causing a deadlock condition that prevented the agent from uploading telemetry data, with some data being overwritten due to cache size limits.
MacOS Safari Exploit Bypasses Security to Access Camera, Mic, and Data
-
CVE-2024-44133 vulnerability in Safari allows attackers to bypass macOS TCC security and access sensitive user data without permission.
-
Microsoft researchers created "HM Surf" exploit, manipulating Safari's special permissions and configuration files to grant malicious sites camera/mic access.
-
Evidence suggests adware program may have already exploited this or a similar vulnerability in the wild to harvest user data.
LEADERSHIP INSIGHTS
Transforming Cybersecurity for the Cloud Era: A Guide to Organizational and Operational Change
-
Anton Chuvakin, in a new paper, addresses the challenges of transforming cybersecurity for the cloud era, emphasizing the importance of organizational and operational changes over solely focusing on technology adoption.
-
The guide proposes an OOT (Organization, Operations, Technology) approach, prioritizing organizational and operational changes before finalizing technology decisions, and stresses the critical role of a generative culture in achieving successful transformation.
-
The paper advocates for a shift away from centralized security functions towards a model where product teams assume greater ownership of security throughout the development lifecycle, while acknowledging the difficulty of letting go of legacy processes and controls.
Cybersecurity Awareness Month Highlights Human Element in Breaches
-
The Verizon "2024 Data Breach Investigations Report" reveals that 68% of all breaches involve the human element, through error, stolen credentials, or social engineering.
-
Security is a core business function that shapes an organization's reputation and perceived trustworthiness, directly impacting customer reviews and stock prices.
-
IT team leaders should prioritize communicating the value of their security programs to leadership, using existing vendor resources and focusing on metrics that encourage proactive reporting of suspicious activity.
Gartner Raises Need for Privileged Access Management to Secure Non-Human Identities
-
Gartner's 2024 Magic Quadrant for Privileged Access Management (PAM) emphasizes the growing need to secure both human and non-human identities, which now outnumber human users in many organizations.
-
Traditional PAM tools struggle to keep up with the dynamic and ephemeral nature of modern workloads, which require granular, context-aware controls for real-time, just-in-time authentication.
-
As organizations scale and rely on automation, containerized environments, and multi-cloud strategies, managing privileged access for workloads and other non-human identities becomes a key security challenge not fully addressed by current PAM solutions.
CAREER DEVELOPMENT
Cloud Security Engineers in High Demand, Earning $136K on Average
-
Cloud security engineers focus on securing cloud-based systems, applications, and data, with projected job growth of 9% over next decade.
-
Key responsibilities include implementing security policies, conducting risk assessments, and responding to incidents in cloud environments.
-
Popular certifications like AWS Security Specialty and Azure Security Engineer can help accelerate career growth and boost compensation.
Cybersecurity Professionals Share Frustrations with Management, Politics, and Lack of Resources
-
In a recent Reddit discussion, cybersecurity professionals shared their biggest job frustrations, with many citing issues with upper management as the worst part of their roles.
-
Other common complaints included dealing with internal politics, handling auditors who lack practical knowledge, and working with people who don't understand the full scope of cybersecurity.
-
A lack of adequate funding for cybersecurity initiatives was also highlighted as a significant challenge faced by many in the industry.
Cybersecurity Salaries Reach Up to $420K in 2024, Demand Remains High
-
Top cybersecurity positions like CISO can earn salaries up to $420,000, with factors like location, experience, and industry significantly impacting pay.
-
Highest paying states include California ($125,621 avg), New York ($121,819), and Massachusetts ($120,184). Top cities offer even higher salaries, like San Francisco at $149,801.
-
Job outlook is strong, with 3.5 million cybersecurity job openings predicted by 2025 and 33% growth for information security analysts from 2020-2030.
AI & SECURITY
AI Models in Cybersecurity: Defenders and Attackers Leverage AI
-
Three main AI models (Generative AI, Supervised and Unsupervised Machine Learning) are being used by defenders to enhance threat detection, generate reports, and predict attacks.
-
Cybercriminals are misusing AI for targeted phishing, creating polymorphic malware, vulnerability scanning, and generating deepfakes for social engineering attacks.
-
Threat actors are exploiting AI systems through various methods, including prompt injection, targeting responses, model manipulation, and infrastructure attacks on AI hosting platforms.
AI Zero-Day Vulnerabilities Pose Unique Challenges for Cybersecurity
-
AI/ML systems introduce new types of zero-day vulnerabilities, such as prompt injection and training data leakage, which differ from traditional software flaws.
-
The rapid adoption of AI often prioritizes innovation over security, leading to an ecosystem where AI applications lack robust security measures from the ground up.
-
To address these challenges, security teams should adopt MLSecOps practices, perform proactive security audits, and adapt their strategies to incorporate AI-specific considerations.
3 Key Considerations for Evaluating GenAI Cybersecurity Solutions
-
Usage Confidence: Assess reliability of outputs, as vendors often include caveats about verifying results. Determine which outputs can be confidently relied upon to avoid delays from false positives/negatives.
-
Usage Friction: Evaluate ease of use, including prompt writing and integration with log sources. Address factors that may discourage adoption, such as utility-based charging models that make staff hesitant to use the system.
-
Usage Governance: Implement proper access controls and accounting to prevent misuse and wastage, especially for solutions with activation-based charging. Ensure maturity of governance structures.
MARKET ANALYSIS
Netskope Acquires Dasera to Integrate DSPM Capabilities into Netskope One Platform
-
Netskope, a SASE provider, has acquired Dasera to integrate data security posture management (DSPM) capabilities into its Netskope One platform.
-
The integration will enable Netskope to deliver advanced security across various use cases, including structured, semi-structured, and unstructured data stores and data lakes.
-
Netskope aims to provide a holistic approach to modern data security by offering the broadest and deepest data protection using a single platform, with DSPM capabilities being a part of the overall solution.
Cyera Acquires AI-Enhanced DLP Startup Trail Security for $162 Million
-
Cyera, a data security company, has acquired Trail Security, an Israeli DLP startup, for $162 million in cash and stock.
-
Trail Security has developed AI-enhanced DLP technology, which Cyera is integrating into its Data Security Posture Management (DSPM) platform to create a unified data security solution.
-
With the acquisition, Cyera will onboard 40 Trail employees to establish its DLP division, and the company expects to reach over 1,000 employees within the next two years.
SentinelOne Extends AWS Collaboration to Deliver Generative AI-Powered Cybersecurity
-
SentinelOne announced an extension of its strategic collaboration agreement with AWS to deliver generative AI benefits, with SentinelOne's Purple AI cybersecurity analyst powered by Amazon Bedrock.
-
The expanded agreement will increase investments in SentinelOne's AI-powered Singularity Platform within AWS Marketplace, enabling enterprises to quickly access end-to-end protection from a unified, AI-powered platform.
-
SentinelOne will allow customers to choose specific large language models via Amazon Bedrock to power Purple AI, and will also use Amazon Bedrock Custom Model Import and customization capabilities to create tailored solutions.
TOOLS
AppLocker Guidance
Application whitelisting is one of Information Assurance top 10 mitigation strategies. This project contains scripts and configuration files for aiding administrators in implementing Microsoft AppLocker as outlined in the Application Whitelisting using Microsoft AppLocker paper.
NotifySecurity
NotifySecurity is an Outlook add-in designed to assist users in reporting suspicious emails to security teams. It integrates with Swordphish to update reported statistics and provides relevant information like full SMTP headers for accurate reporting.
IAM Floyd
IAM Floyd is a tool for generating AWS IAM policy statements with a fluent interface, supporting 393 Services, 16621 Actions, 1783 Resource Types, and 1731 Condition keys. It offers two package variants: iam-floyd for general use and cdk-iam-floyd for integration with AWS CDK.
Before you go
If you found this newsletter useful, I'd really appreciate if you could forward it to your community and share your feedback below!
Have ideas, questions or comments? Just hit reply - I read every message!
For more frequent cybersecurity leadership insights and tips, follow me on LinkedIn, BlueSky and Mastodon.
Best,
Nikoloz
