Brief

Brief #67: 62% of CISOs Would Pay Ransom - Is Your Organization at Risk?

Airport security flaw allows cockpit access, Iranian APT develops new backdoor, CISOs grapple with ransomware ethics, and AI tools raise security concerns. Stay informed with Mandos Brief.

6 min read
mandos brief newsletter covering week 35 of 2024 by Nikoloz Kokhreidze

Happy Sunday!

Some of you have mentioned that the newsletter has grown in size, and you'd prefer a more condensed version. As someone deeply involved in cybersecurity, I understand how precious your time is. I'm considering condensing Mandos Brief format to help you stay informed even more efficiently.

Below, you'll find this week's newsletter in the new condensed format. Please let me know the version of the newsletter you prefer through this anonymous feedback.

Thank you for helping me deliver even more value to you.


Mandos Brief - Industry News
Mandos Brief - Industry News

Linux Malware Hides Credit Card Skimmer Using Unconventional Persistence Technique

Aon's Stroz Friedberg researchers uncovered a stealthy Linux malware named "sedexp" that uses udev rules to achieve persistence and conceal credit card skimmer code on infected systems, demonstrating the evolving sophistication of financially motivated threat actors beyond ransomware.


Researchers Discover Vulnerability in Airport Security System Allowing Unauthorized Cockpit Access

Security researchers Ian Carroll and Sam Curry found a SQL injection vulnerability in FlyCASS, a third-party service used by some airlines to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS), potentially allowing unauthorized individuals to bypass airport security screenings and gain access to aircraft cockpits.


Iranian APT 33 Hackers Develop New "Tickler" Backdoor Malware

Microsoft reports that the Iranian government-backed hacking group APT 33, also known as Peach Sandstorm, has developed a new multistage backdoor called "Tickler" to establish remote access into victim networks, targeting sectors such as satellite, communications equipment, oil and gas, and government entities in the US and UAE.


BlackByte Ransomware Evolves Tactics with New Vulnerabilities and Techniques

Cisco Talos identified that BlackByte ransomware group continues to leverage established tactics while also exploiting newly disclosed vulnerabilities like CVE-2024-37085 in VMware ESXi and using victims' remote access tools to support ongoing attacks.


Microsoft Sway Abused in Surge of QR Code Phishing Attacks

Netskope Threat Labs researcher Jan Michael Alcantara reports that attackers are leveraging Microsoft Sway, a cloud-based tool for creating newsletters and presentations, to host fake pages in a new QR code phishing (quishing) campaign primarily targeting users in Asia and North America.


Mandos Brief - Leadership Insights
Mandos Brief - Leadership Insights

Former Splunk CEO Doug Merritt Shares Insights on Scaling to $3B ARR

Doug Merritt, former CEO of Splunk, discusses his journey growing the company from $200M to $3B ARR in 6 years on the Inside The Network podcast. He shares lessons learned on prescriptive selling, focusing on specific use cases, and the challenges of centralizing security data that seem obvious in hindsight.


Third-Party Risk Management: Focusing on What Matters Most

David Spark and Steve Zalewski discuss how to improve third-party risk management with guest Nick Muy, CISO at Scrut Automation. The key is to focus assessments on the most critical risks and vendors, rather than using a one-size-fits-all approach.


Enterprises Grapple with Ethical Dilemma of Paying Ransomware

Proofpoint's "2024 Voice of the CISO" report reveals that 62% of CISOs worldwide believe their enterprise would likely pay a ransom to restore access to systems. CISOs weigh the financial impact, legal and regulatory liabilities, and ethical considerations when deciding whether to pay ransomware, but ultimately may have limited influence on the final decision.


Mandos Brief - Career Development
Mandos Brief - Career Development

Cybersecurity Recruiter Shares Insights on Landing the Best Job

David Sforza, a cybersecurity recruiter for Fortra, shares valuable insights on how applicants can find the best cybersecurity job that suits their skillset and meets employer expectations.


Burp Suite Tutorial: Getting Started with Web Application Security Testing

Portswigger has released an interactive tutorial to quickly get started with the core features of Burp Suite, a comprehensive web application security testing toolkit. The tutorial uses deliberately vulnerable labs from the Web Security Academy to provide practical, hands-on experience.


Cybersecurity Roles Vary Widely in Daily Responsibilities

A Reddit thread discusses the diverse daily experiences of cybersecurity professionals, highlighting how roles like pen testers, incident responders, auditors, CISOs, and network security specialists have vastly different responsibilities. One commenter shares a typical leadership schedule involving meetings, ticket reviews, and skills development, while another contrasts military cybersecurity work with civilian roles.


Mandos Brief - AI & Security
Mandos Brief - AI & Security

Black Basta Shifts Tactics as State Actors Leverage AI for Cyber Threats

In this podcast, Microsoft security researchers discuss the latest trends in ransomware, including Black Basta's evolving tactics and the use of AI by state-sponsored actors like Forest Blizzard, Emerald Sleet, and Crimson Sandstorm for malicious activities.


Securing Generative AI: Lessons from Cloud Adoption Missteps

Sridhar Muppidi, IBM Fellow and CTO of IBM Security, says that as enterprises rapidly adopt generative AI, they must prioritize security from the start to protect against financial losses, operational disruptions, and reputational damage.


Enterprise AI Search Tools Offer Productivity Benefits but Raise Security Concerns

Kane Narraway explains that enterprise AI search tools like Glean, Atlassian Rovo, and Guru provide a single interface to search across a company's entire data corpus, but centralizing access to all data stores is a major concern for security engineers. Narraway provides a guide for threat modeling these tools, covering how to make risk-based decisions, actions to mitigate risk, and hidden caveats to consider during evaluation.


Mandos Brief - Market Analysis
Mandos Brief - Market Analysis

Cribl Raises $319 Million in Series E Funding, Valued at $3.5 Billion

Cribl, an IT and security data firm, announced raising $319 million in a Series E round, bringing the total raised to over $600 million and valuing the company at $3.5 billion.


Check Point to Acquire Threat Intelligence Firm Cyberint for $200M

Check Point Software Technologies announces it will acquire threat intelligence firm Cyberint, marking its third startup acquisition in a year, with the deal valued around $200 million according to Israeli tech news outlets.


Cisco Acquires AI Security Startup Robust Intelligence

Cisco Systems Inc. is acquiring Robust Intelligence Inc., an AI-focused security startup, to enhance its security offerings and help customers securely build and deploy AI applications.


Mandos Brief - Cybersecurity Tools
Mandos Brief - Cybersecurity Tools

Checkov

Static code analysis tool for infrastructure as code (IaC) and software composition analysis (SCA) with over 1000 built-in policies for AWS, Azure, and Google Cloud.


THOR Lite

A free, fast, and flexible multi-platform IOC and YARA scanner for Windows, Linux, and macOS.


PoshC2

A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.


Before you go

If you found this newsletter useful, I'd really appreciate if you could forward it to your friends and share your feedback below!

For more frequent cybersecurity leadership insights and tips, follow me on LinkedIn, BlueSky and Mastodon.

Best, 
Nikoloz

Share This Post

Check out these related posts

Brief #83: TP-Link Ban, LastPass Breach Impact, SOC Analyst Crisis

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read

Brief #82: Apple iCloud Vulnerability, Cloud Security Skills Gap, SolarWinds ARM Flaw

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read

Brief #81: OpenAI Container Risks, Cloudflare Tunnel Attacks, AWS IR Service Launch

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read