A last look at Hemang Doshi's advice for AI, auditing, and privacyYou may have outsourced CIAM to the engineering team, but security still gets the call when there’s a breach. It’s time for you to take control, not the blame.Frontegg gives security teams direct control over the policies that safeguard your customer-facing application. No more waiting for developers to implement step-up MFA or manage compliance updates.Start Your Free TrialTake a look at the Security Suite directly#217: Privacy and YouAnother look at CISA and a survey of the landscapeWelcome to another_secpro!In cybersecurity, there's no such thing as standing still. While standing still might mean "going with the flow" in ordinary life, it means the very opposite when it comes to jousting with the adversary - indeed, standing still means "letting the flow go past you"! That's why we in the _secpro team are always pushing ourselves and pushing our readers to pick up ideas, develop skills, and stay above water in the rushing waves of "the flow"!That's why this week we are beginning a four-part series that looks into the deeds and needs of a CISA-trained professional - and, more importantly, how you can get to that plateau too. With the help of Hemang Doshi's fantastic book, we're taking the necessary steps to move from IT generalist or junior secpro into the higher echelons of auditing. Sound good? Check out this week's excerpt: Data Privacy Program and Principles.Check out _secpro premiumIf you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefAdvance your technical career with actionable, practical solutionsAWS re:Invent 2025 Las VegasTransform your skills at AWS re:Invent 2025. Master new AWS services, join immersive workshops, and network with top cloud innovators at AWS re:Invent 2025. As a re:Invent attendee,you'll receive 50% discount code towards any AWS Certification exam.Our 2025 event catalog is now available!Explore the EventHere's a little meme to keep you going...Source: RedditThis week's articleData Privacy Program and PrinciplesAI is revolutionizing various industries, including auditing. Traditionally, auditing has been a manual and time-consuming process, requiring auditors to sift through large volumes of data to identify discrepancies and ensure compliance. However, with the advent of AI, the audit process is becoming more efficient, accurate, and insightful. AI can analyze vast amounts of data quickly, identify patterns, and even predict potential risks, making it an invaluable tool in modern auditing.Read the rest here!News BytesCisco ASA / FTD Zero-Days Under Active Exploitation: On 25 September, Cisco and CISA published security advisories confirming that multiple zero-day vulnerabilities affecting Cisco ASA / FTD (Firewall, VPN) products are being actively exploited. Two of these (CVE-2025-20333, CVE-2025-20362) were confirmed to have been exploited in the wild.Threat actors have leveraged advanced evasion techniques (disabling logs, intercepting CLI commands, modifying boot processes) and deployed bootkits such as RayInitiator combined with malware (e.g., LINE VIPER) to persist across reboots and firmware upgrades. The urgency prompted CISA to issue an Emergency Directive 25-03, mandating U.S. federal agencies to inventory, assess, and mitigate vulnerable Cisco devices.Continued Attack Campaign on Cisco Firewalls (Rommon / Bootkit-level Persistence) (PDF): Following the zero-day disclosures, deeper forensics revealed that the adversaries are not merely exploiting web/VPN logic flaws, but targeting the ROM Monitor (ROMMON) / boot environment of ASA devices. The RayInitiator bootkit persists in the boot chain, and it loads LINE VIPER, a malware module that can intercept commands, bypass VPN AAA, suppress logs, and embed itself into core ASA processes (e.g. lina). Some devices lack Secure Boot / Trust Anchor support, making them more vulnerable. These mechanisms impede forensic detection and complicate patching strategies — for example, even after reboots or upgrades, malicious modules can survive.Scattered Spider: Retail Service Desk Exploits Renewed Focus: Throughout the week, multiple analyses surfaced reaffirming that the hacking collective Scattered Spider (aka UNC3944 / Octo Tempest) is continuing to rely heavily on social engineering of service desks / help desks to gain initial footholds in enterprise networks. A new PDF—Cross-Sector Mitigations: Scattered Spider—jointly produced by sector cyber-information shares, outlines updated TTPs (tactics, techniques, procedures) and countermeasures for financial services, IT/retail, health, etc. In one prominent case, attackers impersonated internal staff, tricked the helpdesk into resetting MFA / disabling controls, and escalated privileges inside M&S / Co-op systems. Forensic Visualization Toolkit: Enhancing Threat Hunting: In a freshly published academic work (11 September 2025), researchers present “Enhancing Cyber Threat Hunting – A Visual Approach with the Forensic Visualization Toolkit”. The toolkit offers interactive visualizations of forensic and telemetry data (network, file access, process graphs) to assist threat hunters in spotting anomalies that may evade automated detection systems. The authors argue that combining human analytical insight with visualization accelerates detection of stealthy threats, especially those embedded in normal-looking activity windows.The paper includes realistic case studies and performance comparisons, making it a timely reference for SOC / IR teams aiming to ramp threat‐hunting maturity.Burnout in Cybersecurity: A Strategic Risk Report: While not a direct breach event, a notable paper published earlier in 2025 — “A Roadmap to Address Burnout in the Cybersecurity Profession” — has gained renewed attention this week in security circles. The work synthesizes findings from a multi-disciplinary workshop involving practitioners, academics, and ex-NSA cyber operators. It outlines the human, organizational, and workflow stresses contributing to attrition and mental fatigue, and presents a roadmap of interventions (training, rotation, psychological support, team-based structures) to mitigate erosion of security capacity. Given current pressure on SOC/IR teams (e.g. responding to high-tempo incidents like the Cisco zero-days), this issue is increasingly treated as a strategic risk in cybersecurity planning.Digital Forensics & Risk Mitigation Strategy for Modern Enterprises: Another academic contribution gaining traction is “Comprehensive Digital Forensics and Risk Mitigation Strategy for Modern Enterprises”, published February 2025. The paper walks through a simulated case of a large identity/data-analytics firm under attack and develops an integrated strategy covering pre-incident readiness (forensic architecture design, monitoring), live response, post-incident lessons, and regulatory compliance.It emphasizes adaptive AI/ML techniques, integration of threat intelligence into forensics workflows, and continuous “forensic readiness” as a discipline. In the context of emerging threats (e.g. boot-level persistence, identity-based service desk attacks), the paper serves as a robust blueprint for mature enterprise response programs.This week's academiaAdversarial Machine Learning: A Taxonomy and Terminology: A comprehensive NIST report that builds a clear taxonomy and standardized terminology for adversarial machine learning (AML). It describes attacker goals and capabilities across ML life-cycles, categorizes AML attack and defense types, and outlines current technical and measurement challenges for trustworthy AI in security-sensitive systems. Highly cited and used as a baseline by both researchers and practitioners.(A. Vassilev et al. NIST Trustworthy & Responsible AI group).On Adversarial Attack Detection in the Artificial Intelligence Era: Survey/analysis of detection techniques for adversarial attacks on ML models, contrasting classic concealment/malware tactics with modern adversarial-example threats. The paper evaluates state-of-the-art detection approaches and points to gaps where attackers are leveraging large models and automation to evade defenses. Useful for defenders designing layered ML security. (N. Al Roken and collaborators).A Defense-Oriented Model for Software Supply Chain Security: Introduces the AStRA graph-based model (Artifacts, Steps, Resources, Principals) to represent software supply chains and reason about security objectives and defenses bottom-up. Applies the model to case studies and maps past supply-chain attacks to show where defenses succeed or fail — a practical roadmap for research and industry focusing on supply-chain mitigations (SBOMs, build integrity, provenance, etc.). (E. A. Ishgair and coauthors).Securing Automotive Software Supply Chains: NDSS paper that examines unique risks in automotive software supply chains (ECUs, OTA updates, third-party components). It evaluates real automotive update pipelines, shows practical attack scenarios, and recommends defenses tailored to the automotive context (signing, reproducible builds, hardened update channels). Very relevant given recent high-profile industrial supply-chain incidents. (Marina Moore, Aditya Sirish A. Yelgundhalli, Justin Cappos).Managing Deepfakes with Artificial Intelligence: Introducing a Business/Privacy Calculus: Academic analysis of deepfake threats and defenses from both technical and socio-economic angles. Proposes an AI-assisted detection/mitigation framework and a privacy/business calculus for organizations to evaluate risks vs. countermeasure costs (useful for enterprises facing deepfake-enabled fraud or reputational attacks). Timely as synthetic media use explodes. (G. Vecchietti and collaborators).*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}
Read more