Happy Sunday!
I hope this Brief finds you well and ready to tackle the week ahead.
In this edition, I am covering:
- Windows Task Scheduler Zero-Day vulnerability being actively exploited in the wild
- NVIDIA's new Morpheus framework bringing AI automation to Security Operations Centers
- The reality of today's cybersecurity job market, with insights from industry recruiters and leaders
And much more.
INDUSTRY NEWS
Windows Task Scheduler Zero-Day Vulnerability Actively Exploited
-
Critical privilege escalation vulnerability (CVE-2024-49039) discovered in Windows Task Scheduler, with CVSS score of 8.8, allowing attackers to execute code from low-privilege AppContainers at higher integrity levels.
-
Google's TAG team identified the exploit, which enables attackers to execute restricted RPC functions typically limited to privileged accounts. Microsoft has not provided IOCs for detection.
-
Second zero-day (CVE-2024-43451) enables NTLMv2 hash disclosure through minimal user interaction, while critical vulnerabilities in .NET (CVE-2024-43498) received patches with CVSS 9.8 severity rating.
iOS 18.1 Update Adds Inactivity Reboot Feature to Enhance iPhone Security
-
Apple has introduced a new "inactivity reboot" feature in iOS 18.1 to ensure that iPhones automatically restart after long idle periods, making it harder for law enforcement or malicious actors to extract data using forensic phone unlocking tools.
-
The feature switches idle devices from an After First Unlock (AFU) state to a Before First Unlock (BFU) state, where the devices are more challenging to break into, as even the operating system can no longer access stored data using encryption keys in memory.
-
When an iPhone is rebooted, it goes into an "at rest" state, wiping the encryption keys from memory and preventing unauthorized access to the phone's data, even if the lock screen is bypassed using exploits.
Critical Zero-Click Vulnerability Affects Millions of Synology NAS Devices
-
Security researcher Rick de Jager demonstrated a critical zero-day vulnerability, dubbed RISK:STATION, affecting Synology DiskStation and BeeStation NAS devices at the Pwn2Own Ireland 2024 hacking contest.
-
The unauthenticated and zero-click nature of the flaw allows attackers to gain root-level code execution on the affected devices without requiring any user interaction, potentially exposing sensitive data to theft and enabling further malware infections.
-
Synology has released patches for the impacted versions of BeePhotos for BeeStation OS and Synology Photos for DSM, while QNAP has also addressed three critical vulnerabilities (CVE-2024-50389, CVE-2024-50387, and CVE-2024-50388) in QuRouter, SMB Service, and HBS 3 Hybrid Backup Sync.
LEADERSHIP INSIGHTS
Google Cybersecurity Forecast 2025 Highlights AI Threats, Big Four Activity, and Rising Challenges
-
The Cybersecurity Forecast 2025 report from Google Cloud predicts malicious actors will rapidly adopt AI-based tools to enhance attacks, while defenders leverage AI for semi-autonomous security operations.
-
Activity from the "Big Four" (Russia, China, Iran, and North Korea) will continue to be driven by geopolitical conflicts and economic motivations, with a focus on cyber espionage, disruptive attacks, and information operations.
-
Organizations will face rising threats from infostealer malware, compromised identities in hybrid environments, and the democratization of cyber capabilities lowering barriers to entry for less-skilled actors.
AWS Vulnerability Management Best Practices for Secure Cloud Infrastructure
-
Wiz provides a cheat sheet for AWS vulnerability management best practices, emphasizing the importance of continuous assessment using agentless, cloud-native API deployment to maintain an up-to-date asset inventory.
-
To ensure comprehensive coverage, it's critical to set up scans for various AWS asset types, such as EC2 instance disk scanning, ECS/EKS container image analysis, Lambda function package inspection, and ECR registry scanning.
-
After discovering assets and identifying vulnerabilities, contextual risk-based prioritization helps focus resources on the most critical issues by considering factors like vulnerability severity, asset criticality, exposure, and exploitability.
Both industry reports are now included in my Cyber Strategy OS among other industry reports, guides and cheat sheets.
CISO Role Faces Mounting Pressures Amid Skills Shortage and Increased Liability
-
Burnout is severely impacting CISOs, with 94% reporting work stress and 74% leaving their positions in 2022, while Gartner predicts 50% of security leaders will change jobs by 2025.
-
Growing challenges include 4 million unfilled security positions, evolving regulatory requirements, and landmark legal cases establishing new precedents for CISO liability (Uber, SolarWinds).
-
Transformational leadership approach emphasizes cross-functional alignment, automation implementation, and strategic upskilling of teams through certification programs to combat organizational gaps.
CAREER DEVELOPMENT
Cybersecurity Job Market Challenges Despite Talent Shortage
-
Ernestas Naprys, a senior journalist, reports that despite a global shortfall of 4 million cybersecurity professionals, many job seekers are struggling to land roles, describing the market as "brutal".
-
Matt Collingwood, Managing Director of VIQU IT Recruitment agency, observes that while the pandemic increased demand for cybersecurity expertise, businesses are now hesitant to spend due to recessions and elections, and have high requirements for professionals, including a certain number of years of experience.
-
Brandon Dock, Managing Director of TGC Search, sees more demand for highly specialized skills in cloud security, threat hunting, and compliance expertise, and argues that while the market may have challenges, the need for cybersecurity talent is real.
Remote Work Key to Attracting and Retaining Cybersecurity Talent
-
Reddit discussion highlights that offering 100% remote positions is crucial for attracting and retaining cybersecurity professionals, according to a Security Engineer with 5 years of experience.
-
Companies often struggle to find security talent, yet many still require in-office or hybrid work arrangements, even when teams are distributed across multiple locations.
-
Hiring managers who clearly state that positions are remote, offer mid-market pay rates, and extend trust to employees by allowing them to work unsupervised have had success in hiring senior engineers and architects with little difficulty.
ISC2 Accused of Misrepresenting Cybersecurity Job Market Data
-
Ira Winkler, a cybersecurity professional, claims that ISC2 acting CEO Debra Taylor misrepresented data about the demand for cybersecurity professionals in her keynote at the ISC2 Security Congress.
-
Winkler argues that ISC2 conflates the terms "demand" and "need" when discussing the cybersecurity workforce gap, misleading entry-level professionals about the true state of the job market, which has seen flat growth and even job losses in some regions.
-
He recommends that ISC2 focus on promoting the benefits of proper cybersecurity programs and hiring certified professionals, while also supporting long-term unemployed members, to maintain its credibility as a non-profit serving the professional community and avoid potential legal action.
Your feedback shapes Mandos Brief and I'd love to hear your thoughts about the content I share.
AI & SECURITY
NVIDIA Morpheus Enhances SOC Efficiency with AI-Powered Alert Triage and LLM Agents
-
Katherine Huang and Dhruv Nandakumar from NVIDIA demonstrate how the NVIDIA Morpheus cybersecurity AI framework can augment security operations centers (SOCs) by automating alert triage and providing an AI-powered security co-pilot to assist SOC analysts.
-
The digital fingerprinting AI workflow in Morpheus enables large-scale anomaly detection on networks by learning normal behavior profiles and generating z-scores when behavior deviates. Generative AI is then used to transform these outputs into actionable insights in the form of readable reports.
-
The security co-pilot, powered by an LLM agent and various NVIDIA NIM microservices, can engage in natural language interactions with SOC analysts, performing iterative reasoning through retrieval-augmented generation (RAG) to gather relevant evidence and streamline investigations, ultimately increasing SOC productivity and reducing response times to potential security breaches.
Researcher Demonstrates Agentic Code Execution in Anthropic's Computer Use Demo
-
Security researcher exploits prompt injection techniques and phishing to gain control over Anthropic's Computer Use demo, coining the term "Agentic Code Execution" (ACE).
-
By providing a malicious PDF with instructions to open the calculator app, the researcher successfully manipulated the AI agent to perform unintended actions, highlighting potential security risks in agentic systems.
-
Despite clear warnings from Anthropic about the dangers of malicious web content hijacking AI behavior, the researcher emphasizes the need for adequate security guardrails as organizations adopt this early-stage technology.
AI Risk Management: Thinking Beyond Regulatory Boundaries
-
The Cloud Security Alliance (CSA) AI Governance and Compliance Working Group provides a holistic overview and methodology for impartially assessing intelligent systems across their entire lifecycle.
-
The approach emphasizes privacy, security, and trustworthiness by proposing a risk-based assessment focused on critical thinking, curiosity, and the auditor's ability to assess systems for unintended behavior.
-
The paper outlines areas an auditor needs to be aware of and provides sample audit questions in the appendices to promote outside-the-box thinking and assessments beyond just compliance.
MARKET UPDATES
Silicon Valley Bank Provides $50M Growth Capital to Bugcrowd
-
Silicon Valley Bank (SVB), a division of First Citizens Bank, has provided a $50 million growth capital facility to Bugcrowd, a leading provider of crowdsourced cybersecurity solutions.
-
The new financing will further scale Bugcrowd's AI-powered platform globally, fund continued innovation into the Bugcrowd Platform, and leverage opportunities for strategic M&A.
-
For over a decade, Bugcrowd's unique "skills-as-a-service" approach has uncovered more high-impact vulnerabilities than traditional methods for more than 1,200 customers.
Bitsight Acquires Cybersixgill for $115M to Enhance Cyber Risk Management
-
Bitsight, a cybersecurity startup valued at $2.4 billion, is acquiring Cybersixgill for $115 million to enhance its cyber risk management capabilities.
-
Cybersixgill analyzes dark web activity to proactively identify data leaks, potential breaches, and new techniques, complementing Bitsight's focus on assessing enterprise risk profiles.
-
The acquisition will see more investment in Cybersixgill's products, with Bitsight committed to driving innovation and bringing greater value to customers.
SurePath AI Raises $5.2M for Secure Enterprise Generative AI Governance
-
SurePath AI, founded in 2023 and launched at AWS re:Inforce 2024, has raised $5.2 million in seed funding led by Uncork Capital and Operator Collective, bringing their total funding to $6.3 million.
-
The SurePath AI platform provides visibility and control over gen-AI usage across public and private models, with role-based access controls to manage data access and end-user permissions.
-
The platform enables organizations to capture, monitor, secure and route gen-AI traffic, centrally manage access control policies, and inject enterprise data and prompt engineering into gen-AI use.
TOOLS
OpenEDR
OpenEDR is an open-source endpoint detection and response platform that offers real-time analytic detection and event correlation, providing visibility into adversarial cyber threats and behaviors to enhance cybersecurity defenses for organizations of all sizes.
Amazon Detective
Analyze and visualize security data to investigate potential security issues. Determine potential security issues through a unified view of user and resource interactions. Save time and effort with graph models that automatically summarize security-related relationships.
@fastify/csrf-protection
This plugin helps developers protect their Fastify server against CSRF attacks. In order to fully protect against CSRF, developers should study Cross-Site Request Forgery Prevention Cheat Sheet in depth.
Before you go
If you found this newsletter useful, I'd really appreciate if you could forward it to your community and share your feedback below!
For more frequent cybersecurity leadership insights and tips, follow me on LinkedIn, BlueSky and Mastodon.
Best,
Nikoloz
