Happy Sunday!
I hope this Brief finds you well and ready to tackle the week ahead. In this edition, I have carefully curated a selection of cybersecurity news and insights to help you stay informed, make better decisions, and grow as a cybersecurity leader.
Here is what I am covering:
- Microsoft's acknowledgment of a Windows 10 bug that could undo security patches
- The rise of Application Detection and Response (ADR) in addressing modern threats
- Tenable's launch of AI Aware for detecting and managing AI-related risks
And much more.
Your feedback shapes Mandos Brief and I'd love to hear your thoughts about the content I share.
INDUSTRY NEWS
Malicious Python Packages Target Developers with Fake Coding Tests
-
ReversingLabs researcher Karlo Zanki uncovered new malicious Python packages that target software developers using fake coding assessments, likely linked to the North Korea-backed Lazarus Group.
-
The packages, embedded with malicious code, are published on public repositories or hosted on attacker-controlled GitHub repositories, establishing contact with a C2 server to execute commands.
-
Threat actors create a false sense of urgency in coding tests, impersonating legitimate financial institutions, to ensure the execution of embedded malware on developers' systems without security reviews.
NoName Ransomware Gang Evolves, Possibly Joins RansomHub
-
ESET researchers have been tracking the NoName ransomware gang (aka CosmicBeetle) since 2023, noting their use of the evolving ScRansom malware and attempts to impersonate LockBit.
-
NoName gains access to networks through brute-force methods and by exploiting older vulnerabilities like EternalBlue (CVE-2017-0144) and ZeroLogon (CVE-2020-1472), targeting mainly small and medium-sized businesses.
-
Recent evidence suggests that NoName may have become a RansomHub affiliate, as they were observed deploying RansomHub's EDR killer tool and ransomware after a failed ScRansom attack.
Microsoft Warns of Bug Reversing Updates on Old Windows 10, Patches Critical Flaws
-
Microsoft acknowledged a critical bug in Windows 10 version 1507 that could silently undo previously applied security patches, leaving systems vulnerable to attacks.
-
Rated 9.8 out of 10 in severity (CVE-2024-43491), the issue stems from a coding error triggered by security updates released between March and August 2024, affecting optional components like Internet Explorer 11, Windows Media Player, and MSMQ server core.
-
In the Patch Tuesday update, Microsoft patched 79 bugs, including several critical ones in SQL Server, Microsoft Office SharePoint, Azure Web Apps, Azure Stack, and Dynamics Business Central.
Fortinet Acknowledges Limited Data Breach, Threat Actor Claims Responsibility
-
Fortinet, a prominent cybersecurity company, acknowledged unauthorized access to a third-party cloud-based file drive, impacting a small number of files and customers, primarily in the Asia-Pacific (APAC) region.
-
A threat actor on a hacker forum claimed responsibility for the breach, alleging access to 440 GB of Fortinet's data and making it available through an S3 bucket, though the connection between the actor and the actual breach remains unverified.
-
Fortinet worked closely with affected customers to mitigate risks and stated that there is no indication of any resulting malicious activity affecting customers, with less than 0.3% of their customer base impacted.
Apple Patches Vision Pro Vulnerability Allowing Keystroke Inference via Eye Tracking
-
Researchers from the University of Florida and Texas Tech University demonstrated an attack called GAZEploit that can infer what a Vision Pro user is typing by tracking their avatar's eye movements.
-
The researchers achieved significant accuracy in reconstructing typed messages, passwords, URLs, emails, and PINs by analyzing gaze shifts between keys and fixations on the virtual keyboard.
-
Apple patched the vulnerability (CVE-2024-40865) in visionOS 1.3 by suspending the user's avatar, called Persona, when the virtual keyboard is active.
LEADERSHIP INSIGHTS
Rise of Application Detection and Response (ADR) Amid Growing Threats
-
The latest Verizon DBIR and Mandiant M-Trends reports highlight the growing threat of vulnerability exploitation in applications, underscoring the need for Application Detection and Response (ADR).
-
The application security landscape faces challenges such as the shared-responsibility model, complexity of distributed systems, and increasing velocity of change, making it difficult for traditional security tools to effectively detect and respond to potential attacks.
-
Modern applications are complex, involving various components like IaaS, Kubernetes, containers, and microservices. ADR platforms provide runtime context to identify unexpected and potentially malicious behaviors, enabling quick containment and remediation.
25 Expert Tips to Boost SOC Efficiency and Prevent Burnout
-
Steve Prentice, writing for CISO Series, shares 25 recommendations from 51 cybersecurity experts on how to improve SOC efficiency and avoid team burnout.
-
Key suggestions include automating routine tasks, reducing alert noise, focusing on critical data, and integrating threat intelligence with the SOC.
-
Experts also advise using AI judiciously, maintaining strict privacy standards, and dedicating time for process improvement to build a strong, experienced team.
Transforming Cybersecurity for the Cloud Era: Insights and Challenges
-
Anton Chuvakin, a renowned cybersecurity expert, shares key insights from a new guide on transforming cybersecurity for the cloud era, emphasizing that the focus should be on organizational and operational changes rather than just technology adoption.
-
The guide advocates for a generative culture characterized by high trust, information flow, and shared responsibility, which may be a departure from traditional hierarchical and siloed structures, and proposes distributing security responsibilities to product teams.
-
Chuvakin highlights the unexpected challenges of moving away from legacy processes and controls, noting that teams may be resistant to change even if it leads to greater efficiency and security, and stresses the importance of intentional culture development.
CAREER DEVELOPMENT
Evolving CISO Role Requires Multidisciplinary Skills and Insurance Protection
-
Jerry Bessette, Chief Operating Officer for Cyber Defense Labs, discusses the evolving role of the chief information security officer (CISO) in 2024, which has expanded from a security and technology leadership role to executive-level management of broad business risk.
-
When hiring a CISO, organizations should look for a combination of leadership skills, strategic thinking, risk management expertise, technical knowledge, communication abilities, collaboration and relationship building, broad business acumen, creative problem-solving, adaptability, and strong ethics.
-
To attract and retain top CISO talent, companies must provide adequate protection through comprehensive directors and officers (D&O) insurance that includes coverage for CISO personal liability, as well as a robust cyber insurance policy to support the CISO's cybersecurity efforts and serve as a risk transfer mechanism.
Free Video Training Program Teaches How to Secure AI and Machine Learning with MLSecOps
-
Protect AI Inc., an AI and machine learning cybersecurity company, has launched a free four-part video training and certification program called MLSecOps Foundations to teach organizations how to build security into AI and ML lifecycles using an MLSecOps Framework.
-
The program is designed for AI users, developers, and security teams, and consists of 20 bite-sized modules covering AI security issues, prevention strategies, and how to implement them using the MLSecOps framework. Participants earn a certificate upon completion.
-
The program is led by Protect AI's CISO Diana Kelley, who highlights the importance of the training, citing a recent attack targeting a vulnerability in Ray, a widely used open-source AI framework, which affected thousands of companies and servers running AI infrastructure.
Microsoft Releases AI Security Fundamentals Learning Path
-
Microsoft has introduced a new learning path focused on AI security fundamentals, consisting of 3 modules totaling 1 hour and 28 minutes of content.
-
The modules cover key topics such as understanding basic concepts of AI security, types of security controls applicable to AI systems, and security testing procedures to enhance the security posture of AI environments.
-
Learners can earn a total of 1100 XP by completing the learning path, with the "Fundamentals of AI security" module offering 1000 XP, "AI security controls" providing 600 XP, and "Introduction to AI security testing" awarding 600 XP.
AI & SECURITY
Tenable Launches AI Aware to Expose and Close AI Risk
-
Tenable, the exposure management company, announced the release of AI Aware, advanced detection capabilities designed to surface AI solutions, vulnerabilities, and weaknesses in Tenable Vulnerability Management.
-
According to Tenable Research, more than one-third of security teams are finding usage of AI applications that might not have been provisioned via formal processes, and over 9 million instances of AI applications were found on more than 1 million hosts during a 75-day period.
-
AI Aware leverages agents, passive network monitoring, dynamic application security testing, and distributed scan engines to detect approved and unapproved AI software, libraries, and browser plugins, along with associated vulnerabilities, mitigating risks of exploitation, data leakage, and unauthorized resource consumption.
LinkedIn Enhances Security Posture with AI-Powered Security Knowledge Graph
-
LinkedIn's Security Posture Platform (SPP), developed by Sagar Shah and Amir Jalali, leverages AI to streamline vulnerability management and enhance the company's security posture.
-
The SPP's centralized Security Knowledge Graph provides a comprehensive view of LinkedIn's digital assets, enabling continuous risk assessments, automated security decisions, and targeted defense strategies.
-
SPP AI, powered by advanced language models, offers near real-time insights and reduces the learning curve for users, making data-driven security decisions feasible at scale.
OpenAI Releases o1 and o1-mini, New AI Models Focused on Reasoning
-
OpenAI has released o1 and o1-mini, new AI models that are better at solving complex problems, such as coding and math, compared to previous models like GPT-4o.
-
The models use a new training methodology involving reinforcement learning and a "chain of thought" process to solve problems step-by-step, resulting in improved accuracy and less hallucination.
-
o1 outperforms humans in certain tasks, such as AP math tests and Codeforces competitions, but lacks GPT-4o's capabilities in factual knowledge, web browsing, and file/image processing, and is more expensive for developers to use.
MARKET ANALYSIS
Mastercard to Acquire Recorded Future for $2.65 Billion to Expand Cybersecurity Capabilities
-
Mastercard has agreed to buy threat intelligence company Recorded Future from private equity firm Insight Partners for $2.65 billion to bring expanded cybersecurity capabilities to the payments firm.
-
The acquisition comes as companies face increased risk of cyber threats like hacking or ransomware attacks due to rapid adoption of new technologies, with Mastercard already collaborating with Recorded Future on a service that alerts financial institutions when a card is likely compromised.
-
Recorded Future, which serves over 1,900 clients across 75 countries including 45 governments, uses AI-powered analytics to identify potential threats, and the deal is expected to close by the first quarter of 2025.
Wiz Code Unifies Developer and Cloud Security from Code to Runtime
-
Wiz, a cloud security platform, announces the general availability of Wiz Code, which extends coverage from the first line of code to runtime, helping customers transform their AppSec and DevSecOps programs.
-
Wiz Code addresses growing risks by securing every stage of the lifecycle, correlating critical attack paths and cloud risks back to their source code and the developer, offering remediation directly within the code.
-
Wiz Code enables new use cases, including code-to-cloud and cloud-to-code mapping, a unified policy engine across code, cloud, and runtime, accelerated remediation of misconfigurations and vulnerabilities, real-time security feedback in the IDE, and extending security posture management to the CI/CD pipeline.
Datricks Raises $15M to Scale AI-Powered Financial Integrity Platform
-
Datricks, a Tel Aviv-based AI-powered financial integrity and compliance software startup, has raised $15 million in a Series A funding round led by Team8, with participation from SAP and existing investor Jerusalem Venture Partners (JVP).
-
The Datricks Financial Integrity Platform uses "risk mining" to autonomously analyze financial workflows across business systems, uncovering financial anomalies, fraud patterns, and compliance issues in real-time.
-
Datricks' platform has already helped large enterprises prevent multi-million dollar losses by detecting issues such as non-compliant payments, double billing, and other critical mistakes, analyzing over a trillion dollars in transactions to date.
TOOLS
Paros
A Java based HTTP/HTTPS proxy for assessing web application vulnerability with various useful features.
Fuzzapi
Fuzzapi is a Rails application with a user-friendly UI for API_Fuzzer gem and Docker setup.
Panther Detections
A collection of detections for Panther SIEM with detailed setup instructions.
Before you go
If you found this newsletter useful, I'd really appreciate if you could forward it to your community and share your feedback below!
For more frequent cybersecurity leadership insights and tips, follow me on LinkedIn, BlueSky and Mastodon.
Best,
Nikoloz
