Brief

Brief #77: PAN-OS Vulnerability, Google's AI Finds SQLite Bug, AWS Cert Tops Pay List

Criminals exploiting DocuSign APIs for fraud. Apple offers $1M for PCC vulnerabilities. Latest security acquisitions.

9 min read
mandos brief week 45 of 2024 cybersecurity

Happy Sunday!

I hope this Brief finds you well and ready to tackle the week ahead.

In this edition, I am covering:

And much more.


Sponsored

Fabric by BlackStork

Fabric Platform streamlines cybersecurity reporting processes, offering a comprehensive solution for teams seeking efficiency and consistency.

Learn More →

INDUSTRY NEWS

Palo Alto Networks Warns of Potential RCE Vulnerability in PAN-OS Management Interface

Cybercriminals Exploit DocuSign APIs to Send Authentic-Looking Fake Invoices

AWS CDK Vulnerability Allowed Account Takeover via Missing S3 Bucket

LEADERSHIP INSIGHTS

Alert Fatigue Persists in Cybersecurity Despite Decades of Efforts

NIST Launches Human-Centric Cybersecurity Initiative to Improve Security Design

AI-Assisted Investigation Tools Alone Do Not Constitute an AI SOC

CAREER DEVELOPMENT

AWS Certified Security Specialty Tops Highest-Paying IT Certifications for 2025

Redditors Share Tips for Making the Most of a Goldman Sachs Cybersecurity Internship

CISO Job Exodus: 24% Actively Seeking New Positions, 50% Open to Offers

Your feedback shapes Mandos Brief and I'd love to hear your thoughts about the content I share.

AI & SECURITY

Google Project Zero Discovers Exploitable Stack Buffer Underflow in SQLite Using AI

Developing Secure Software Course Teaches Fundamentals for Countering Attacks

Apple Launches $1M Bug Bounty Program for Private Cloud Compute Security

MARKET UPDATES

Fortinet Launches AI-Powered FortiDLP for Automated Data Protection

Noma Security Emerges from Stealth with $32M to Secure AI Lifecycle

CrowdStrike to Acquire Adaptive Shield for Comprehensive SaaS Security

TOOLS

Nuke My LUKS

A simple network-based panic button designed to overwrite the LUKS header with random data and shutdown the computer in case of an emergency situation. This tool can be useful for activists, human right workers and others that face an adversary, such as law enforcement, that can coerce the subject to disclose the encryption passwords for the computer's hard drives.

DorkSearch

AI-powered Google Dorking Assistant: This tool helps users create effective Dork queries for searching sensitive information on the internet.

CloudGoat

CloudGoat is Rhino Security Labs' 'Vulnerable by Design' AWS deployment tool that allows users to hone their cloud cybersecurity skills through 'capture-the-flag' style scenarios.


Before you go

If you found this newsletter useful, I'd really appreciate if you could forward it to your community and share your feedback below!

For more frequent cybersecurity leadership insights and tips, follow me on LinkedInBlueSky and Mastodon.

Best, 
Nikoloz

Share This Post

Check out these related posts

Brief #80: Cloudflare Data Loss, Godot Malware, Claude AI Vulnerability

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read

Brief #79: Apple Zero-Days, North Korean Threats, OWASP LLM Risks

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read

Brief #78: Windows Zero-Day, NVIDIA's AI SOC Analyst, Google's 2025 Cyber Forecast

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read