Happy Sunday!
I hope this Brief finds you well and ready to tackle the week ahead.
In this edition, I am covering:
- French ISP 'Free' faces massive data breach affecting 19M customers
- Google reveals AI now generates 25% of their new code
- New survey shows concerning CISO burnout trends with 25% considering career changes
And much more.
Fabric by BlackStork
Fabric Platform streamlines cybersecurity reporting processes, offering a comprehensive solution for teams seeking efficiency and consistency.
INDUSTRY NEWS
French ISP 'Free' Hit by Data Breach Exposing 19M Customer Records
-
Threat actor "drussellx" accessed Free's internal management tool and attempted to sell two databases on Dark Web forums containing over 19M customer accounts and 5M international bank account details
-
Free confirmed no passwords, payment cards, emails, SMS, or voicemails were compromised in the breach, though personal data was accessed. The company's services remain unaffected by the intrusion
-
This incident follows a pattern of increasing APT attacks targeting ISPs, with groups like Salt Typhoon and Evasive Panda exploiting these networks to gather customer data and establish persistence for further campaigns
Multiple Critical Vulnerabilities Found in NetIQ iManager Enable Remote Code Execution
-
Yahoo's Paranoid team discovered 11 vulnerabilities in OpenText's NetIQ iManager, including authentication bypass (CVE-2024-3487), command injection (CVE-2024-3483), and arbitrary file upload (CVE-2024-3488) flaws.
-
When chained together, these vulnerabilities allow unauthenticated attackers to compromise iManager instances remotely by tricking users into visiting malicious websites, potentially gaining administrator credentials.
-
The flaws were patched in April 2024, but are particularly concerning as iManager holds a privileged position in managing directory services that maintain user account information and serve as a source of truth for downstream applications.
Critical Authentication Flaws in Mitsubishi and Rockwell Factory Systems Enable RCE
-
CVE-2023-6943 in Mitsubishi Electric automation software allows attackers to bypass authentication and achieve remote code execution through malicious library exploitation, carrying a critical CVSS score of 9.8
-
Rockwell Automation's ThinManager platform contains authentication bypass vulnerability (CVE-2024-10386) enabling database manipulation through crafted network messages
-
Multiple affected ICS products require immediate patching as CISA warns of increased nation-state targeting of smart factories by Russian and Chinese APTs
LEADERSHIP INSIGHTS
CISO Burnout Crisis: 25% Consider Leaving Roles Due to Stress
-
Survey reveals 93% of CISOs and IT Security Decision Makers cite overwhelming stress as primary reason for considering career changes, with most working an additional 9 hours beyond contracted time weekly.
-
Rising concerns about AI-enabled attacks (42%) and ransomware (37%) are key stressors, compounded by insufficient budgets and resources reported by 41% of security leaders.
-
Concerning coping mechanisms emerge with 45% of respondents using substances to manage work pressure, while organizations attempt to address burnout through flexible hours (64%) and remote work options.
NIS2 Directive Consuming 80% of IT Budgets While Effectiveness Questioned
-
Companies are reallocating funds from critical areas including risk management and crisis management to meet NIS2 compliance, with 95% of affected organizations diverting resources from other business functions.
-
Survey reveals 80% of IT budgets in EMEA region now dedicated to cybersecurity and compliance, despite 68% of companies already reducing their IT budgets over the past two years.
-
While 90% of organizations experienced security incidents that NIS2 could have prevented, only 43% believe the directive will significantly improve EU cybersecurity, highlighting a disconnect between implementation costs and perceived effectiveness.
CrowdStrike Outage Response: Key Considerations for Enterprise Security Leaders
-
Despite July's outage impact of over $5B to Fortune 500 companies, CrowdStrike maintains strong reliability metrics with less than 3% of clients experiencing material cyber-insurance claims, suggesting hasty vendor changes may introduce unnecessary risks.
-
Organizations should carefully evaluate update processes, as delaying security patches to implement additional testing could leave systems vulnerable to emerging threats, requiring a balance between thorough testing and timely protection.
-
Companies should prioritize comprehensive resilience planning, including proper cyber hygiene, insurance coverage, and detailed incident response procedures, rather than making reactive decisions that could compromise security posture.
CAREER DEVELOPMENT
Cybersecurity Training Gap Leaves Organizations Vulnerable Due to Developer-Centric Focus
-
Nearly half of cybersecurity leaders don't consider security awareness training essential, with only 41% implementing training to address supply chain risks.
-
Organizations prioritize developer-focused training over comprehensive employee education, driven by customer satisfaction and financial metrics rather than security needs.
-
Research emphasizes the importance of role-specific customized training for all employees to improve organizational resilience against cyber threats and reduce breach incidents.
Key Strategies for Hiring an Effective CISO in Today's Market
-
Position the role strategically by having the CISO report directly to the CIO or CEO, ensuring proper authority and organizational structure to attract leadership-oriented candidates rather than pure technologists.
-
Focus on candidates who can balance both defensive security and offensive business growth, with strong change management capabilities to drive organization-wide security culture and behavior adoption.
-
Demonstrate board-level commitment by involving directors in the interview process and ensuring they understand cyber governance beyond just technical tools, as the best CISOs seek organizations with tech-savvy leadership that prioritizes security investments.
Global Cybersecurity Workforce Growth Stalls Despite 90% Having Unfilled Positions
-
For the first time in six years, the cybersecurity workforce remained flat at 5.5 million people, with only 0.1% growth in 2024. Budget constraints have replaced talent shortage as the primary reason for unfilled positions, cited by 67% of organizations.
-
Job satisfaction among cybersecurity professionals has declined from 74% to 66% since 2022, while organizations with significant skills gaps are almost twice as likely to experience a material breach compared to those without gaps.
-
AI adoption is viewed as a potential solution, with 45% of teams already using AI tools for cybersecurity tasks, though 58% believe current skill shortages put their organizations at significant risk. The top AI use case is augmenting common operational tasks, implemented by 56% of respondents.
Your feedback shapes Mandos Brief and I'd love to hear your thoughts about the content I share.
AI & SECURITY
Google Reports 25% of New Code Generated by AI, Driving Strong Financial Growth
-
Over 25% of Google's new code is now AI-generated and subsequently reviewed by engineers, marking a significant shift in their development practices while supporting various AI product initiatives.
-
Google's financial performance shows strong growth with Cloud revenue reaching $11.4 billion (up 35% YoY) and Google Services revenue hitting $76.5 billion (up 13% YoY), demonstrating successful AI integration across products.
-
Despite ongoing antitrust challenges and potential remedies phase following the August monopoly ruling, Google continues to expand AI features across Search, Cloud, and YouTube, with Gemini-powered chatbots and AI tools driving product adoption.
AI Tool Detects Zero-Day Exploits Targeting IoT Security Cameras
-
GreyNoise Intelligence's honeypot system detected active exploitation attempts of two critical vulnerabilities (CVE-2024-8956 and CVE-2024-8957) in NDI-enabled PTZ cameras, with the most severe having a CVSS score of 9.1.
-
The vulnerabilities affect cameras used in healthcare, industrial, and government facilities, allowing attackers to potentially access sensitive information, manipulate video feeds, and incorporate devices into botnets.
-
Affected devices include PTZOptics, Multicam Systems SAS, and SMTAV Corporation cameras running VHD PTZ firmware versions below 6.3.40, with patches now available to address these security flaws.
AI Integration in Energy Infrastructure Requires Early-Stage Cybersecurity Planning
-
Data centers driving energy demand growth are prompting new infrastructure development, with major tech companies investing in power production including nuclear facilities to meet increasing needs.
-
AI presents dual implications: enhancing energy sector efficiency through improved monitoring and automation, while creating new vulnerabilities that malicious actors could exploit through sophisticated phishing and infrastructure mapping.
-
The Department of Energy is establishing AI testbeds to safely evaluate capabilities and threats, while industry coalitions are developing guidelines to strengthen supply chain security and establish standards for implementing AI in energy systems.
MARKET UPDATES
Delta Airlines Files $500M Lawsuit Against CrowdStrike Over Software Glitch
-
A faulty update in CrowdStrike's Falcon security tool caused massive disruptions affecting 1.3 million Delta passengers across 7,000 flights on July 19, leading to the lawsuit filed in Georgia's Fulton County Superior Court.
-
The incident's impact extended beyond aviation, affecting multiple sectors including banking, healthcare, media, and hospitality, with Delta claiming the disruption caused over $500 million in damages.
-
CrowdStrike disputes the allegations, stating they stem from Delta's misunderstanding of cybersecurity and poor infrastructure modernization, setting the stage for a contentious legal battle between the companies.
Armis Secures $200M Funding Round at $4.2B Valuation, Signals IPO Plans
-
Device security company reaches $200M in Annual Recurring Revenue, doubling growth in under 18 months while preparing for potential public offering.
-
Platform provides agentless security monitoring for managed and unmanaged devices, including IoT, industrial, and medical devices, with recent acquisition of Silk Security for $150M.
-
Funding led by General Catalyst and Alkeon Capital will support organic product development and potential acquisitions, building on previous rounds that have seen valuation grow from $1.1B in 2020 to current $4.2B.
Proofpoint Acquires Normalyze to Enhance Data Security Posture Management
-
Proofpoint signs agreement to acquire DSPM provider Normalyze, with deal expected to close in November, integrating Normalyze's agentless scanner technology for data discovery and classification into their security platform.
-
Normalyze's technology enables organizations to identify sensitive data across cloud environments, assess risk impact, and remediate security issues through an automated approach that addresses visibility challenges in modern IT environments.
-
The acquisition follows Proofpoint's strategic expansion after their $12.3 billion privatization by Thoma Bravo, adding to their portfolio of email security, DLP, and compliance solutions, marking their third recent acquisition in the data security sector.
TOOLS
Hacksplaining
Hacksplaining is a comprehensive security training platform for web developers, offering hands-on experience with real, vulnerable applications and concrete advice for securing code.
Covenant
Covenant is a collaborative .NET command and control framework designed for red team operations, providing robust infrastructure for managing offensive security engagements.
Deception-as-Detection
Deception based detection techniques mapped to the MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK): Windows Technique Matrix Linux Technique Matrix Mac Technique Matrix.
Before you go
If you found this newsletter useful, I'd really appreciate if you could forward it to your community and share your feedback below!
For more frequent cybersecurity leadership insights and tips, follow me on LinkedIn, BlueSky and Mastodon.
Best,
Nikoloz
