Happy New Year!
Hope you're having a great start to 2025! While we were all busy with holiday celebrations and new year resolutions, the cyber world didn't take a break (does it ever? ). I've rounded up some interesting stories that caught my eye, and I thought you might want to know about them too.
- Volkswagen's subsidiary exposed location data of 460,000 EVs (yikes!) through cloud storage
- Security leaders are finding clever ways to save up to 30% on their security budgets
- AI application security blueprint outlines six-layer defense framework
Plus plenty more insights on AI security, market moves, and practical tools to make your security work easier. Let's dive in!
Your feedback shapes Mandos Brief and I'd love to hear your thoughts about the content I share.
INDUSTRY NEWS
Volkswagen Subsidiary Cariad Exposes Location Data of 460,000 EV Vehicles
-
Data leak through Amazon cloud storage exposed movement data and contact information of 800,000 EV owners, affecting vehicles from VW, Seat, and Audi, remaining accessible for months before discovery.
-
Leak was discovered by Chaos Computer Club on November 26, with Volkswagen claiming no malicious actors accessed the exposed data during the vulnerability period. The breach did not compromise passwords or payment information.
-
The vulnerability required complex, multi-stage process to access pseudonymized data, with Volkswagen stating that connecting data to specific customers would require significant technical expertise and time investment.
Tenable Nessus Agent Outage Caused by Faulty Plugin Updates
-
Offline agents affected Nessus users worldwide after buggy differential plugin updates on December 31st, impacting systems running versions 10.8.0 and 10.8.1 across multiple continents.
-
Tenable has released version 10.8.2 as a fix and disabled plugin feed updates for affected versions. Manual upgrades required - customers must either upgrade to 10.8.2 or downgrade to 10.7.3 to restore functionality.
-
Recovery process requires installing new package and performing plugin reset using provided script or nessuscli command. Tenable plans to resume plugin feed by end of day to restore normal operations.
Critical Windows LDAP Vulnerabilities Enable DoS and RCE on Domain Controllers
-
Newly released LDAPNightmare PoC exploit targets CVE-2024-49113 (CVSS 7.5), causing LSASS crashes and forced reboots on unpatched Windows Domain Controllers through malicious CLDAP referral responses.
-
The same attack chain can be modified to achieve remote code execution via CVE-2024-49112 (CVSS 9.8), requiring only that the victim DC's DNS server has Internet connectivity, with no authentication needed.
-
Organizations should immediately apply December 2024 patches or implement detection mechanisms for suspicious DCE/RPC requests and CLDAP referral responses targeting the LDAP service.
LEADERSHIP INSIGHTS
Cost-Saving Strategies for Enterprise Cybersecurity Budgets Revealed
-
Implementing strong governance frameworks helps determine true security costs and accountability, leading to better budget allocation and reduced inefficiencies across teams.
-
Organizations can achieve up to 30% savings through vendor management tactics, including avoiding auto-renewals, consolidating tools, and leveraging included SLA resources instead of external consultants.
-
Deploying automation and AI capabilities in security operations can deliver equivalent work of 1-2 analysts, while creating security champions programs helps reduce incident response costs through improved organizational security culture.
AWS OIDC Integration Security: Critical Conditions Required to Prevent Unauthorized Access
-
Missing required conditions in AWS IAM trust policies for OIDC integrations can allow unauthorized third-party access, with researchers identifying vulnerabilities in GitHub Actions, Terraform Cloud, Microsoft Defender, and GitLab implementations.
-
Each vendor integration requires specific trust policy conditions - while "sub" and "aud" conditions are common, some providers like Microsoft Defender use unique conditions like sts:RoleSessionName or custom tags for authentication.
-
AWS has implemented safeguards including Access Analyzer policy checks and built-in identity providers with mandatory validation requirements, though legacy configurations may still be vulnerable if missing proper conditional elements.
Mastercard Report Shows Small Businesses Score Low on Cybersecurity Readiness
-
Average cybersecurity assessment score of 38% reveals significant vulnerabilities among small businesses, with nearly 50% of all cyberattacks targeting SMBs, potentially leading to business closure.
-
Key impact areas identified include business interruption, sensitive data loss, and financial damages, with 87% of consumers willing to abandon businesses they don't trust with data handling.
-
Report emphasizes critical need for basic security measures including access management, antivirus protection, and phishing awareness training to strengthen small business cyber defenses.
Discover my collection of industry reports, guides and cheat sheets in Cyber Strategy OS.
CAREER DEVELOPMENT
Cybersecurity Leadership Compensation and Organization Trends for 2024
-
Average total compensation for key cybersecurity leadership roles is $280,000, with financial services, tech, and consumer goods sectors leading in pay scales. Deputy CISOs and product security heads command highest salaries.
-
Organization size significantly impacts compensation - security leaders at companies with $10B+ revenue earn 44% more than those at smaller firms, with top-quartile packages reaching $421,000 at large enterprises.
-
Security team structures evolve with company size: Fortune-size organizations ($6B+ revenue) typically employ 50+ security staff, while midsize companies ($50M-$400M) maintain smaller teams of under 15 personnel, with budgets ranging from $1.4M to $40M.
Security Professional Returns to SOC Role Due to Executive-Level Burnout
-
Experienced Information Security Officer cites overwhelming stakeholder management and compliance waiver requests as primary factors for leaving leadership position, with work regularly spilling into evenings and weekends
-
Professional describes constant battle with executive resistance to security measures and lack of understanding from C-suite, leading to ineffective communication and implementation of security initiatives
-
Decision to return to hands-on incident response work (L1-L3) prioritizes technical expertise over career advancement, highlighting growing trend of security professionals choosing operational roles over management positions due to burnout
Entry-Level Cybersecurity Certifications Guide: Top 12 Options for Career Launch
-
The most valuable certifications combine low barriers to entry with high market recognition, including CompTIA Security+ and AWS Certified Security, with cloud security being the most in-demand skill according to ISC2.
-
Many certifications advertised as entry-level have flexible prerequisites, such as the Certified Cloud Security Professional (CCSP), which allows candidates to bypass the 5-year experience requirement through education or earn Associate status while gaining experience.
-
Certifications focusing on practical skills like ethical hacking (CEH) and penetration testing (OSCP) command higher pay premiums, with some advanced certifications offering up to 15% salary premiums over non-certified professionals.
AI & SECURITY
RAND Report Outlines Framework for Securing AI Model Weights Against Theft
-
Report identifies 38 attack vectors that could compromise AI model weights, with varying feasibility levels from opportunistic criminals to nation-state actors.
-
Proposes five security levels with benchmark systems to protect against increasingly capable threat actors, emphasizing that current defenses may be insufficient against sophisticated state-level attacks.
-
Recommends urgent priorities including centralizing weight copies, implementing insider threat programs, and investing in confidential computing - noting these measures should start immediately as advanced security could take 5+ years to develop.
AI Factory Security Requires API Protection as Foundation
-
AI applications are fundamentally dependent on APIs for model training, inference, and deployment, making these interfaces critical attack vectors that require robust security controls and visibility from the design phase.
-
Modern AI factories, which transform raw data into intelligence, face heightened security challenges due to their distributed nature and RAG (Retrieval Augmented Generation) systems, extending beyond traditional application security concerns.
-
Organizations must implement comprehensive API security measures including rate limiting and data sanitization early in development to protect against model theft, jailbreaking attempts, and data exfiltration through AI interfaces.
AI Application Security Blueprint Outlines Six-Layer Defense Framework
-
LLM applications require comprehensive security across multiple components, including application services, integration layers, and model interactions, with special focus on protecting both general knowledge and domain-specific capabilities.
-
Organizations must implement security controls at six distinct layers to protect against emerging attack vectors targeting AI systems, particularly focusing on prompt template security and data handling in Retrieval-Augmented Generation (RAG).
-
The framework emphasizes securing the entire AI stack, from user interface to model layer, with specific attention to authentication mechanisms and vector database protection to maintain application integrity and prevent unauthorized access.
MARKET UPDATES
Major Cybersecurity M&A Deals in 2024 Topped by $28B Cisco-Splunk Transaction
-
Cisco completed its largest-ever acquisition by purchasing Splunk for $28 billion, while private equity firm Thoma Bravo acquired UK-based Darktrace for $5.3 billion, showing continued strong investment in cybersecurity despite economic headwinds.
-
Market consolidation was driven by demand for comprehensive security solutions, with focus on MDR services and SOC capabilities. Notable deals included CyberArk's $1.54B Venafi acquisition and Mastercard's $2.65B purchase of Recorded Future.
-
Industry analysts expect increased M&A activity in 2025, particularly targeting companies with AI capabilities and automation technologies that can help address the cyber skills gap and improve operational efficiency.
Digital ID Startup Ver.ID Raises €2M to Support EU eIDAS 2.0 Compliance
-
Amsterdam-based Ver.ID secured funding to help European companies implement cross-border digital identity verification solutions compliant with eIDAS 2.0 framework, focusing on digital wallet integration and authentication services.
-
The company's platform supports multiple payment methods and aims to reduce fraud risks while simplifying user experience, currently piloting with Netherlands' Chamber of Commerce for executive authorization verification.
-
Platform development targets growing digital identity market, estimated to reach $72 billion by 2028, with focus on serving businesses requiring enhanced compliance with EU's new digital identification standards.
Rubrik Gains FedRAMP Approval and Expands Cloud Security Services
-
Received FedRAMP certification through National Nuclear Security Administration endorsement, positioning the company to tap into $27.5B government cybersecurity market by 2025.
-
Company's revenue growth accelerated from 9.6% to 15% in Q3, with major clients including PepsiCo, Allstate, Home Depot, and AMD adopting their data security solutions.
-
Launching new API tools enabling secure data connections to Microsoft Azure and AWS cloud infrastructure, with focus on facilitating AI development security.
TOOLS
Syft
A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.
Grype
Grype is a vulnerability scanner for container images and filesystems that scans for known vulnerabilities and supports various image formats.
Anchore Enterprise
Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.
Before you go
If you found this newsletter useful, I'd really appreciate if you could forward it to your community and share your feedback below!
For more frequent cybersecurity leadership insights and tips, follow me on LinkedIn, BlueSky and Mastodon.
Best,
Nikoloz
