Next up from The Fletch Expert Series
Last week, we introduced the Fletch Expert Series that brings together top minds in cybersecurity to shine a light on the most pressing issues facing our industry.
This week’s segment: Cybersecurity is in desperate need of change. Complexity has exploded in the industry while the talent gap has expanded, and individuals, teams, companies, and even governments just can’t keep up. Listen to this insightful conversation with:
Erik Swan - Co-Founder of Splunk, Fletch Board Member
Rich Mason - President & CSO of Critical Infrastructure, Former CSO of Honeywell
Conor Sherman - VP of Security and Technology at ezCater
Grant Wernick - Co-Founder & CEO of Fletch
As they share perspectives on questions like:
- What is the connection between technology and the cybersecurity talent gap?
- Is the talent gap a generational, process, or technology gap?
- Can we close down the 3.5M talent gap that exists?
- How can we widen the talent pool?
- How does data elitism play a role in the cybersecurity talent gap?
- How are privacy laws impacting cybersecurity efforts?
- If we had 3.5M people overnight, where would we allocate them?
Check out the full conversation here.
Last Week’s Top Trending Threats
Below are the top 5 trending cyber threats in the news last week. Was your organization impacted?
- Zoho: Patch new ManageEngine bug exploited in attacks ASAP
- Vulnerability Spotlight: Use-after-free condition in Google Chrome could lead to code execution
- 'Sabbath' Ransomware Operators Target Critical Infrastructure
- Critical Wormable Security Flaw Found in Several HP Printer Models
- Project Zero Flags High-Risk Zoom Security Flaw
This is why we built the Fletch Trending Threats app. To surface threats before they become a major issue for you.
Learn more about the Trending Threats app in this short video and see how Fletch can help you save hours every day by automatically evaluating the impact of new cyber threats on your business.
Join the dozens of other organizations using Fletch’s Trending Threats app today, starting at zero cost. Here is a link to skip our waitlist.
Insider Risk App
In case you missed it, the much anticipated Fletch Insider Risk App is now live!
This app answers the burning question: Is anyone’s behavior at my company a security risk?
In minutes, connect your Google Workspace or MS 365, enhance it with Okta if you have it, and Fletch’s natural language engine goes to work for you.
This app starts at zero cost. Being a newsletter subscriber you can skip the waitlist and get started with the new Fletch Insider app using this link.
If you have any questions or would like to learn more, send us an email at info@fletch.ai.
Below learn more about the top trending cyber threats in the news last week.
Zoho: Patch new ManageEngine bug exploited in attacks ASAP
If impacted, the company recommends disconnecting and backing up all critical business data on affected systems from the network, formatting the compromised servers, restoring Desktop Central, and updating it to the latest build once the installation ends. ... The warning comes after the company patched a critical vulnerability (tracked as CVE-2021-44515 ) which could allow attackers to bypass authentication and execute arbitrary code on unpatched ManageEngine Desktop Central servers (Desktop Central Cloud is not affected).
CVEs: CVE-2021-44515
Vulnerability Spotlight: Use-after-free condition in Google Chrome could lead to code execution
Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome. ... (CVE-2021-30625) is a use-after-free vulnerability that triggers if the user opens a specially crafted web page in Chrome.
CVEs: CVE-2021-30625
'Sabbath' Ransomware Operators Target Critical Infrastructure
In October 2021, the group created the public naming-and-shaming site 54BB47h (Sabbath), one month after a post was discovered where the malware group announced it was looking for partners to launch a new ransomware affiliate program, Mandiant reports . ... Another characteristic that makes Sabbath stand out in the crowd is the fact that the ransomware operators were observed on two occasions providing pre-configured Cobalt Strike payloads to their affiliates.
Malware: ROLLCOAST
Critical Wormable Security Flaw Found in Several HP Printer Models
"The website would, automatically, remotely print a document containing a maliciously-crafted font on the vulnerable MFP, giving the attacker code execution rights on the device," the researchers said. ... Cybersecurity researchers on Tuesday disclosed multiple security flaws affecting 150 different multifunction printers (MFPs) from HP Inc that could be potentially abused by an adversary to take control of vulnerable devices, pilfer sensitive information, and infiltrate enterprise networks to mount other attacks.
CVEs: CVE-2021-39237, CVE-2021-39238
Project Zero Flags High-Risk Zoom Security Flaw
Video conferencing software giant Zoom has shipped patches for a pair of security defects that expose Windows, macOS, Linux, iOS and Android users to malicious hacker attacks. ... Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4
CVEs: CVE-2021-34423, CVE-2021-34424
