Happy Sunday!
Some of you have mentioned that the newsletter has grown in size, and you'd prefer a more condensed version. As someone deeply involved in cybersecurity, I understand how precious your time is. I'm considering condensing Mandos Brief format to help you stay informed even more efficiently.
Below, you'll find this week's newsletter in the new condensed format. Please let me know the version of the newsletter you prefer through this anonymous feedback.
- 👍 Prefer condensed version.
- 💬 I have a suggestion (provide more detailed feedback)
- 👎 Prefer extended version.
Thank you for helping me deliver even more value to you.
Linux Malware Hides Credit Card Skimmer Using Unconventional Persistence Technique
Aon's Stroz Friedberg researchers uncovered a stealthy Linux malware named "sedexp" that uses udev rules to achieve persistence and conceal credit card skimmer code on infected systems, demonstrating the evolving sophistication of financially motivated threat actors beyond ransomware.
Researchers Discover Vulnerability in Airport Security System Allowing Unauthorized Cockpit Access
Security researchers Ian Carroll and Sam Curry found a SQL injection vulnerability in FlyCASS, a third-party service used by some airlines to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS), potentially allowing unauthorized individuals to bypass airport security screenings and gain access to aircraft cockpits.
Iranian APT 33 Hackers Develop New "Tickler" Backdoor Malware
Microsoft reports that the Iranian government-backed hacking group APT 33, also known as Peach Sandstorm, has developed a new multistage backdoor called "Tickler" to establish remote access into victim networks, targeting sectors such as satellite, communications equipment, oil and gas, and government entities in the US and UAE.
BlackByte Ransomware Evolves Tactics with New Vulnerabilities and Techniques
Cisco Talos identified that BlackByte ransomware group continues to leverage established tactics while also exploiting newly disclosed vulnerabilities like CVE-2024-37085 in VMware ESXi and using victims' remote access tools to support ongoing attacks.
Microsoft Sway Abused in Surge of QR Code Phishing Attacks
Netskope Threat Labs researcher Jan Michael Alcantara reports that attackers are leveraging Microsoft Sway, a cloud-based tool for creating newsletters and presentations, to host fake pages in a new QR code phishing (quishing) campaign primarily targeting users in Asia and North America.
Former Splunk CEO Doug Merritt Shares Insights on Scaling to $3B ARR
Doug Merritt, former CEO of Splunk, discusses his journey growing the company from $200M to $3B ARR in 6 years on the Inside The Network podcast. He shares lessons learned on prescriptive selling, focusing on specific use cases, and the challenges of centralizing security data that seem obvious in hindsight.
Third-Party Risk Management: Focusing on What Matters Most
David Spark and Steve Zalewski discuss how to improve third-party risk management with guest Nick Muy, CISO at Scrut Automation. The key is to focus assessments on the most critical risks and vendors, rather than using a one-size-fits-all approach.
Enterprises Grapple with Ethical Dilemma of Paying Ransomware
Proofpoint's "2024 Voice of the CISO" report reveals that 62% of CISOs worldwide believe their enterprise would likely pay a ransom to restore access to systems. CISOs weigh the financial impact, legal and regulatory liabilities, and ethical considerations when deciding whether to pay ransomware, but ultimately may have limited influence on the final decision.
Cybersecurity Recruiter Shares Insights on Landing the Best Job
David Sforza, a cybersecurity recruiter for Fortra, shares valuable insights on how applicants can find the best cybersecurity job that suits their skillset and meets employer expectations.
Burp Suite Tutorial: Getting Started with Web Application Security Testing
Portswigger has released an interactive tutorial to quickly get started with the core features of Burp Suite, a comprehensive web application security testing toolkit. The tutorial uses deliberately vulnerable labs from the Web Security Academy to provide practical, hands-on experience.
Cybersecurity Roles Vary Widely in Daily Responsibilities
A Reddit thread discusses the diverse daily experiences of cybersecurity professionals, highlighting how roles like pen testers, incident responders, auditors, CISOs, and network security specialists have vastly different responsibilities. One commenter shares a typical leadership schedule involving meetings, ticket reviews, and skills development, while another contrasts military cybersecurity work with civilian roles.
Black Basta Shifts Tactics as State Actors Leverage AI for Cyber Threats
In this podcast, Microsoft security researchers discuss the latest trends in ransomware, including Black Basta's evolving tactics and the use of AI by state-sponsored actors like Forest Blizzard, Emerald Sleet, and Crimson Sandstorm for malicious activities.
Securing Generative AI: Lessons from Cloud Adoption Missteps
Sridhar Muppidi, IBM Fellow and CTO of IBM Security, says that as enterprises rapidly adopt generative AI, they must prioritize security from the start to protect against financial losses, operational disruptions, and reputational damage.
Enterprise AI Search Tools Offer Productivity Benefits but Raise Security Concerns
Kane Narraway explains that enterprise AI search tools like Glean, Atlassian Rovo, and Guru provide a single interface to search across a company's entire data corpus, but centralizing access to all data stores is a major concern for security engineers. Narraway provides a guide for threat modeling these tools, covering how to make risk-based decisions, actions to mitigate risk, and hidden caveats to consider during evaluation.
Cribl Raises $319 Million in Series E Funding, Valued at $3.5 Billion
Cribl, an IT and security data firm, announced raising $319 million in a Series E round, bringing the total raised to over $600 million and valuing the company at $3.5 billion.
Check Point to Acquire Threat Intelligence Firm Cyberint for $200M
Check Point Software Technologies announces it will acquire threat intelligence firm Cyberint, marking its third startup acquisition in a year, with the deal valued around $200 million according to Israeli tech news outlets.
Cisco Acquires AI Security Startup Robust Intelligence
Cisco Systems Inc. is acquiring Robust Intelligence Inc., an AI-focused security startup, to enhance its security offerings and help customers securely build and deploy AI applications.
Checkov
Static code analysis tool for infrastructure as code (IaC) and software composition analysis (SCA) with over 1000 built-in policies for AWS, Azure, and Google Cloud.
THOR Lite
A free, fast, and flexible multi-platform IOC and YARA scanner for Windows, Linux, and macOS.
PoshC2
A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.
Before you go
If you found this newsletter useful, I'd really appreciate if you could forward it to your friends and share your feedback below!
For more frequent cybersecurity leadership insights and tips, follow me on LinkedIn, BlueSky and Mastodon.
Best,
Nikoloz
