Happy Sunday!
I hope this Brief finds you well and ready to tackle the week ahead.
In this edition, I am covering:
- A newly discovered CUPS vulnerability affecting Linux systems
- The increasing frequency and sophistication of adversarial attacks on AI models
- Free practice exams for the (ISC)² Certified in Cybersecurity certification
And much more.
🎧 You can now listen to Mandos Brief in a form of a podcast, currently led by AI characters.
How do you like the podcast format? Shall I keep it?
Your feedback shapes Mandos Brief and I'd love to hear your thoughts about the content I share.
INDUSTRY NEWS
CUPS Vulnerability Allows Remote Code Execution on Linux Systems
-
Simone Margaritelli discovered a vulnerability in the cups-browsed service, part of the CUPS printing system, that allows remote code execution on Linux systems by sending a malicious UDP packet to port 631.
-
The vulnerability stems from unsafe parsing of packet data, potential buffer overflows and race conditions, and the ability to leverage the foomatic-rip filter to execute arbitrary commands via the *FoomaticRIPCommandLine directive in printer PPD files.
-
While the researcher responsibly disclosed the findings, the disclosure process was challenging, with initial dismissals and prolonged debates about the severity of the issues, despite their widespread impact across Linux distributions.
Storm-0501 Ransomware Targets Hybrid Cloud Environments
-
Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics to target hybrid cloud environments, expanding its strategy to compromise all victim assets.
-
Storm-0501 gains initial access by exploiting vulnerabilities like CVE-2022-47966 (Zoho ManageEngine), CVE-2023-4966 (Citrix NetScaler), and possibly CVE-2023-29300 or CVE-2023-38203 (ColdFusion 2016), or using stolen credentials to move laterally and steal data.
-
The threat actor plants a persistent backdoor by creating a new federated domain within the Microsoft Entra tenant, allowing them to authenticate as any user, and deploys Embargo ransomware or maintains access for later.
North Korean Hackers Use Poisoned Python Packages to Deliver PondRAT Malware
-
Palo Alto Networks Unit 42 researchers observed threat actors tied to North Korea using poisoned Python packages to deliver a new malware called PondRAT, a lighter version of the known POOLRAT macOS backdoor.
-
The attackers uploaded several malicious Python packages to PyPI, a popular repository, as part of Operation Dream Job, luring targets with fake job offers to trick them into downloading the malware.
-
The goal of the attacks, attributed to the Lazarus Group sub-cluster Gleaming Pisces, is believed to be gaining access to supply chain vendors' customers' endpoints through compromised developers' systems.
LEADERSHIP INSIGHTS
Lack of Clarity During Cyber Crises Leads to Leadership Mistakes
-
Breaches persist despite organizations' efforts to limit risk and exposure, and leaders continue to make mistakes during cyber crises due to lack of clarity on roles, responsibilities, and authority.
-
The biggest challenge facing crisis response teams is the limited time to gather, verify, and analyze information to make the best decisions, causing executives to fixate on shortening remediation time while overlooking risk reduction.
-
To minimize business and reputational impact, leaders must rely on guiding principles to define communication strategy, establish a secure crisis war room, categorize the event, define roles, and maintain constant communication with each line of business.
APAC CISOs Face Challenges in Becoming True Business Leaders
-
Forrester analysts Chiara Bragato and Jinan Budge analyzed the representation, career paths, and tenure of CISOs in top APAC companies. They found that despite extensive experience, many CISOs struggle to secure a spot in the executive suite.
-
The majority of APAC CISOs (69%) hold STEM degrees, but only 35% of master's degrees are MBAs. Many CISOs acquire certifications more suited to practitioners than senior executives.
-
Women face significant challenges in attaining and retaining CISO roles in APAC, accounting for only 9% of CISOs. The average male CISO has been in their role 34% longer than their female counterparts.
Legacy Security Tools and Practices Contribute to Technical Debt and Increased Risk
-
Srikumar Ramanathan, chief solutions officer at Mphasis, says common forms of security technical debt include overreliance on outdated security tools, inadequate security by design, and poor software development practices.
-
Solution debt arises when the security stack lacks the controls or functional capabilities to keep up with managing risk in a modern IT environment and detecting the newest attacker behaviors, according to Maxime Lamothe-Brassard, CEO of LimaCharlie.
-
Tool sprawl and integration debt occur when security departments suffer from both solution debt causing coverage gaps and rampant tool sprawl eating up budget, making it difficult to effectively use tools, as experienced by Andrew Kim, managing director and cyber strategy lead for Accenture Federal Services.
CAREER DEVELOPMENT
CertPreps Offers Free Practice Exams for (ISC)² Certified in Cybersecurity Certification
-
CertPreps, is offering free practice exams for their Certified in Cybersecurity certification.
-
The practice exams, while not containing actual exam questions, are designed to closely simulate the real test and significantly increase candidates' readiness and preparedness.
-
(ISC)² recommends that candidates who can comfortably score 70% or higher on these practice exams will be well-prepared to pass the official Certified in Cybersecurity certification exam.
10 Tips for Cybersecurity Professionals to Get Published Regularly
-
Josh Sokol, the author, says writing well on a regular basis takes a lot of effort and there are no shortcuts - aspiring writers need to set aside dedicated time.
-
Finding creative angles to approach security topics and taking inspiration from the world around you can help generate fresh material to write about regularly.
-
Writers should know their audience, speak their language, provide practical and actionable takeaways, stay focused despite distractions, and follow through to create finished pieces that deliver value to readers.
Cybersecurity Professional Shares Salary and Career Advice on Reddit
-
Redditor, a 29-year-old cybersecurity professional, shares their $220k salary and recommends the field to others.
-
Emphasizes the importance of having a strong foundation in IT and networking fundamentals, along with hands-on experience through homelabs or in the field.
-
Suggests pursuing a Computer Science degree with a minor in cybersecurity, and highlights the value of certifications like Security+, Network+, CEH, and Pentest+, while cautioning against attempting advanced certs like CISSP or OSCP without sufficient experience.
AI & SECURITY
Adversarial Attacks on AI Models Becoming More Frequent and Sophisticated
-
A recent Gartner survey found that 73% of enterprises have hundreds or thousands of AI models deployed, and 41% reported experiencing an AI security incident, including adversarial attacks targeting ML models.
-
Adversarial attacks exploit weaknesses in data integrity and ML model robustness, with types including data poisoning, evasion attacks, model inversion, and model stealing, posing risks to sectors like finance, healthcare, and autonomous vehicles.
-
The growing complexity of network environments demands more sophisticated ML techniques, creating new vulnerabilities for attackers to exploit, with adversarial ML attacks on network security reaching epidemic levels according to researchers.
AI in Cybersecurity: Navigating the Hype and Reality
-
Alon Shwartz, the author, suggests that the recent downturn in tech stocks, particularly those heavily invested in AI, underscores the mounting pressure on CISOs to demonstrate that AI can deliver measurable results in cybersecurity.
-
CISOs must ask critical questions before integrating AI into their cybersecurity strategies, such as determining where AI can have the greatest impact, relying on proven use cases like UEBA, and ensuring access to high-quality data.
-
AI may not yet be the best solution for immature or emerging attack surfaces like APIs, where fundamental security practices may still be evolving, and the lack of reliable data can hinder AI's effectiveness.
AWS Releases Methodology for Incident Response on Generative AI Workloads
-
The AWS Customer Incident Response Team (CIRT) has developed a methodology for investigating security incidents involving generative AI applications, building on their existing Security Incident Response Guide.
-
Generative AI workloads include components like foundation models, custom models, guardrails, agents, knowledge bases, training data, and plugins, which require additional considerations during incident response.
-
The new methodology consists of seven elements to consider when triaging and responding: access, infrastructure changes, AI changes, data store changes, invocation, private data, and agency.
MARKET ANALYSIS
Torq Raises $70M to Accelerate Adoption of AI-Powered Security Automation
-
Torq, a New York-based startup, has raised $70 million in a Series C funding round led by Evolution Equity Partners, bringing the total raised to $192 million.
-
The company's flagship product, Torq HyperSOC, uses AI and natural language processing to automate threat investigation, triage, and remediation for enterprise security teams.
-
Torq has found traction with high-profile enterprise clients, including Procter & Gamble, PepsiCo, and Siemens, aiming to alleviate alert fatigue and resource constraints in security operations.
Wiz Discusses Share Sale at $15-20 Billion Valuation
-
According to people with knowledge of the matter, cybersecurity startup Wiz Inc. is in discussions to sell existing shares at a valuation ranging from $15 billion to $20 billion.
-
The potential transaction would allow existing shareholders to tender $500 million to $700 million of their holdings, and Wiz may also raise money directly from investors.
-
In July, Wiz turned down a $23 billion acquisition offer from Google, deciding it could ultimately be worth more as a public company and expressing concerns about a lengthy regulatory approval process.
Tamnoon Secures $12M Series A Funding for Managed Cloud Security Remediation
-
Tamnoon, a leader in Managed Cloud Security Remediation, has secured $12 million in Series A funding led by Bright Pixel Capital, with participation from new investors Blu Ventures and Mindset Ventures, as well as existing backers.
-
Tamnoon's unique hybrid human-AI managed service is specifically designed for cloud security remediation, integrating artificial intelligence with human intelligence to provide a scalable, expert-guided remediation process without disrupting business operations.
-
The funding will be used to accelerate Tamnoon's product roadmap, expand its partnership ecosystem, and drive innovation in managed cloud security remediation, with the company aiming to reduce critical cloud exposures by 90% within 90 days of deployment.
TOOLS
Rudder
Rudder is an IT infrastructure automation platform that simplifies the management of hybrid infrastructure through configuration, patch, and security management.
CrossC2
CrossC2 is a tool used to generate CobaltStrike's cross-platform payloads, facilitating operations across different operating systems.
Honeyd Tools
There are several tools that can be used in conjunction with Honeyd, for data analysis or for other purposes.
Before you go
If you found this newsletter useful, I'd really appreciate if you could forward it to your community and share your feedback below!
For more frequent cybersecurity leadership insights and tips, follow me on LinkedIn, BlueSky and Mastodon.
Best,
Nikoloz
