Brief

Brief #75: Fortinet Zero-Day, Agentic AI Risks, Growring Strategic Influence of CISOs

Critical Fortinet zero-day affecting 50+ victims, SharePoint vulnerability added to CISA catalog, and APT29's sophisticated phishing campaign targeting military sectors.

9 min read
mandos brief cybersecurity newsletter week 43 of 2024

Happy Sunday!

I hope this Brief finds you well and ready to tackle the week ahead.

In this edition, I am covering:

And much more.


Your feedback shapes Mandos Brief and I'd love to hear your thoughts about the content I share.

Sponsor

Fabric by BlackStork

Fabric Platform streamlines cybersecurity reporting processes, offering a comprehensive solution for teams seeking efficiency and consistency.

The platform combines automation, collaboration features, and customizable templates to address various security use cases, including security operations, threat intelligence analysis, and penetration testing.

Learn More

INDUSTRY NEWS

Fortinet Zero-Day Vulnerability Exploited in the Wild Since June 2024

Microsoft SharePoint Flaw Added to CISA's Known Exploited Vulnerabilities Catalog

APT29 Phishing Campaign Targets Militaries, Governments, and Enterprises Worldwide

LEADERSHIP INSIGHTS

Considerations for Evaluating GenAI in Cybersecurity

CISOs Gaining Strategic Influence as Cyber Threats Evolve

CISOs Face Evolving Challenges Amidst Growing Cyber Threats and Talent Shortages

CAREER DEVELOPMENT

Intro to Becoming a SOC Analyst: A New Approach

TCM Security Offers Free Ethical Hacking Courses on YouTube

CISO Job Turnover Drops as Opportunities Dwindle

AI & SECURITY

Google Advocates for Simplifying Security with AI and Consolidated Solutions

AI Jailbreak Method Bypasses Chatbot Guardrails with 65% Success Rate

Agentic AI on the Rise: Harnessing Power While Mitigating Security Risks

MARKET ANALYSIS

Practical SOC Analyst Skills Blog Series Uses LimaCharlie for Hands-On Learning

Socket Raises $40M to Protect Against Open Source Supply Chain Attacks

Securonix and AVANT Partner to Enhance Cybersecurity Offerings

TOOLS

InQuest Labs

An experiment that measures the security efficacy of email providers against real-world emerging malware. It also provides various tools and resources for threat intelligence, including a reputation database, IOC database, and YARA rule generators.

https://cybersectools.com/tools/blauhaunt

Blauhaunt is a tool collection for filtering and visualizing logon events, designed to help answer the 'Cotton Eye Joe' question (Where did you come from where did you go) in Security Incidents and Threat Hunts

Bubblewrap

Bubblewrap is a setuid implementation of a subset of user namespaces. It provides a way to run unprivileged containers without requiring root privileges. It is designed to be a more secure alternative to other container runtimes like systemd-nspawn and Docker.


Before you go

If you found this newsletter useful, I'd really appreciate if you could forward it to your community and share your feedback below!

For more frequent cybersecurity leadership insights and tips, follow me on LinkedInBlueSky and Mastodon.

Best, 
Nikoloz

Share This Post

Check out these related posts

Brief #77: PAN-OS Vulnerability, Google's AI Finds SQLite Bug, AWS Cert Tops Pay List

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read

Brief #76: 19M Records Exposed, AI Generates 25% of Code, CrowdStrike Lawsuit

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read

Brief #74: Cybersecurity Salaries Soar, Microsoft Loses Security Logs, PAM trends

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 8 min read