Ubuntu Security Notice 7092-2 - USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucariès discovered that the fix was incomplete on Ubuntu 20.04 LTS. This update fixes the problem. It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or automated system were tricked into opening a specially crafted mp3 file, a remote attacker could use this issue to cause mpg123 to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-7092-2November 27, 2024mpg123 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:mpg123 could be made to crash or run programs as your login if it opened aspecially crafted file.Software Description:- mpg123: MPEG layer 1/2/3 audio playerDetails:USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucariès discoveredthat the fix was incomplete on Ubuntu 20.04 LTS. This update fixes theproblem.We apologize for the inconvenience.Original advisory details: It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or automated system were tricked into opening a specially crafted mp3 file, a remote attacker could use this issue to cause mpg123 to crash, resulting in a denial of service, or possibly execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  libmpg123-0                     1.25.13-1ubuntu0.2  mpg123                          1.25.13-1ubuntu0.2In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-7092-2  https://ubuntu.com/security/notices/USN-7092-1  CVE-2024-10573, https://launchpad.net/bugs/2089680Package Information:  https://launchpad.net/ubuntu/+source/mpg123/1.25.13-1ubuntu0.2

Ubuntu Security Notice USN-7092-2

Despite advancements in cybersecurity tools, human vulnerability remains the weakest link, with phishing among the most dangerous forms…

Despite advancements in cybersecurity tools, human vulnerability remains the weakest link, with phishing among the most dangerous forms of social engineering. The FBI’s **Internet Crime Complaint Center (IC3)** identifies phishing as the most commonly reported type of cybercrime, with around 300,000 incidents in 2023 alone resulting in financial losses exceeding $18.23 million. 

Even employees are aware of these risks, even if they lag when it comes to actually ensuring the integrity of their data and access credentials. A recent industry survey found that **71% of working adults** have admitted to risky behaviour, which can include reusing or sharing a password, clicking on links from unverified sources, or giving credentials to untrustworthy websites or apps. Virtually all of these people engage in risky behaviour with full knowledge of the dangers involved.

This discrepancy between awareness and action is therefore a significant challenge. It is essential to **train employees to recognize** and properly deal with phishing attempts. One of the most effective ways to address this is through phishing simulations, which provide a practical and measurable approach to enhancing how employees identify and act on phishing attacks. 

By simulating real-world scenarios, organizations can establish a culture in which each team member can be an active participant in improving cybersecurity.

****Phishing Simulation’s Role and How It Works****

Simulated phishing attacks replicate real-world threats to test employee responses. Unlike passive training methods such as online educational modules or presentations, **phishing simulation can immerse users** in practical scenarios. Going beyond simple emails, simulations now offer advanced algorithms to tailor phishing emails based on organizational context, user behaviour, and other scenarios, which increases the effectiveness of training.

Platforms that provide this service also offer detailed analytics on employee performance, identifying high-risk individuals or departments. These insights allow organizations to implement targeted training, addressing gaps in knowledge or behaviour. Moreover, when simulation tests take place throughout people’s ongoing work, it can reinforce genuine cybersecurity awareness, fostering a culture of vigilance across the team.

Attack scenarios are executed with varying degrees of complexity. For instance, emails are crafted to resemble legitimate communications, often using common phishing tactics like spoofed domains, urgent requests, or enticing offers. These emails prompt employees to interact, asking them to **click on unknown links** or to provide credentials to unauthorized parties. Failing to identify the simulated phishing email, such as when a user clicks a link or logs in to a spoofed site, then triggers educational feedback, serving up micro-lessons explaining the red flags and consequences of such actions.

Organizations can customize simulations to address industry-specific threats. For example, finance teams might encounter simulated spear-phishing attempts targeting financial data, while HR teams might face phishing emails related to payroll fraud. Sophisticated platforms can also integrate threat intelligence, ensuring simulations evolve alongside real-world attack trends.

****The Benefits of Simulation-Based Training****

One of the most significant advantages of phishing simulations is behavioural conditioning. Regular exposure to simulated phishing attempts trains employees to recognize and respond appropriately to phishing threats. 

This repeated practice not only reinforces awareness but also develops instincts for identifying malicious attempts. For instance, it is reported that industries with higher engagement in phishing simulations, such as financial services, achieved reporting rates of up to 29%, indicating **increased employee awareness** and proactive reporting behaviours.

Phishing simulations also play a crucial role in compliance and reporting. Industries bound by stringent regulations, such as GDPR or HIPAA, require organizations to maintain robust cybersecurity training programs. Simulations provide tangible evidence of these efforts, demonstrating compliance during audits. 

By incorporating simulations into their training regimes, companies can fulfil legal obligations while simultaneously building a more security-conscious workforce.

Another key benefit is cost efficiency. Cyberattacks can lead to significant financial losses. IBM’s 2024 **Cost of a Data Breach Repor**t reveals that the global average cost of a data breach is $4.88 million. Thus, preventing just one successful breach can potentially save organizations millions in losses, regulatory penalties, lawsuits, and other costs.

Lastly, an enhanced security posture helps reduce downtime caused by cyberattacks. A successful phishing attempt can lead to operational disruptions that might require extensive recovery efforts. By training employees to identify and report phishing attempts, organizations can minimize disruptions, ensuring business continuity and protecting their bottom line.

****Strategies for Achieving Maximum Impact****

Despite their advantages, phishing simulations face challenges. Employees may feel tricked or resentful, perceiving simulations as punitive rather than educational. To address this, organizations should focus on transparency and communication, framing simulations as a learning opportunity rather than a test to foster cooperation.

Additionally, simulations must strike a balance between realism and ethical boundaries. Overly deceptive tactics can harm trust within the organization. Clear policies and ethical guidelines ensure simulations remain constructive. Organizations also need to establish protocols, such as debriefing, to ensure a collaborative environment and to incorporate lessons learned into further simulation activities.

To maximize the effectiveness of phishing simulations, organizations should implement a structured approach. Start with a baseline assessment to gauge the current level of phishing awareness among employees. This initial evaluation provides a clear starting point and helps identify specific weaknesses that need attention.

Next, regular and varied simulations should be conducted at unpredictable intervals to maintain employee vigilance. By keeping simulations unpredictable, employees remain alert and less likely to become desensitized. Additionally, the simulations should cover a wide range of scenarios to address different phishing tactics, such as email scams, spear phishing, and social engineering, ensuring employees are prepared for all types of attacks.

It is also important to use data-driven adjustments. Analytics from simulations should be used to refine training programs, focusing on areas where employees struggle the most. 

Engaging leadership involvement in the simulations can further strengthen the training. When leadership participates, it sets a positive example and reinforces the importance of cybersecurity across the organization, reducing vulnerabilities like **CEO fraud** or whale phishing.

Finally, establish a continuous feedback loop. After each simulation, provide immediate feedback to employees through debriefing, highlighting key lessons and areas for improvement. This ensures that the learning process remains ongoing.

****The Takeaway****

Phishing simulation can be an impactful component of an organization’s cybersecurity strategy. It bridges the gap between theoretical training and real-world applications. Organizations can use this proactive stance to enhance awareness, empower the workforce, and build a resilient cybersecurity culture.

1.  **4 Ways For Employees To Distinguish Phishing Attacks**
2.  **99% of UAE’s .ae Domains Exposed to Phishing, Spoofing**
3.  **GitLoker-Linked GoIssue Phishing Tool Targets GitHub Users**
4.  **Phishing Attacks Bypass Microsoft 365 Email Safety Warnings**
5.  **Future of Phishing Email Training for Employees in Cybersecurity**

Why Simulating Phishing Attacks Is the Best Way to Train Employees

Ubuntu Security Notice 7117-2 - USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a regression in needrestart. This update fixes the problem. Qualys discovered that needrestart passed unsanitized data to a library which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root.

==========================================================================  
Ubuntu Security Notice USN-7117-2  
November 26, 2024

needrestart regression  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10  
- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

USN-7117-1 caused some regression in needrestart.

Software Description:  
- needrestart: check which daemons need to be restarted after library   
upgrades

Details:

USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a  
regression in needrestart. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Qualys discovered that needrestart passed unsanitized data to a library  
 (libmodule-scandeps-perl) which expects safe input. A local attacker could  
 possibly use this issue to execute arbitrary code as root.  
 (CVE-2024-11003)

 Qualys discovered that the library libmodule-scandeps-perl incorrectly  
 parsed perl code. This could allow a local attacker to execute arbitrary  
 shell commands. (CVE-2024-10224)

 Qualys discovered that needrestart incorrectly used the PYTHONPATH  
 environment variable to spawn a new Python interpreter. A local attacker  
 could possibly use this issue to execute arbitrary code as root.  
 (CVE-2024-48990)

 Qualys discovered that needrestart incorrectly checked the path to the  
 Python interpreter. A local attacker could possibly use this issue to win  
 a race condition and execute arbitrary code as root. (CVE-2024-48991)

 Qualys discovered that needrestart incorrectly used the RUBYLIB  
 environment variable to spawn a new Ruby interpreter. A local attacker  
 could possibly use this issue to execute arbitrary code as root.  
 (CVE-2024-48992)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  needrestart                     3.6-8ubuntu4.3

Ubuntu 24.04 LTS  
  needrestart                     3.6-7ubuntu4.4

Ubuntu 22.04 LTS  
  needrestart                     3.5-5ubuntu2.3

Ubuntu 20.04 LTS  
  needrestart                     3.4-6ubuntu0.1+esm2  
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS  
  needrestart                     3.1-1ubuntu0.1+esm2  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  needrestart                     2.6-1ubuntu0.1~esm2  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7117-2  
  https://ubuntu.com/security/notices/USN-7117-1  
  https://launchpad.net/bugs/2089193

Package Information:  
  https://launchpad.net/ubuntu/+source/needrestart/3.6-8ubuntu4.3  
  https://launchpad.net/ubuntu/+source/needrestart/3.6-7ubuntu4.4  
  https://launchpad.net/ubuntu/+source/needrestart/3.5-5ubuntu2.3

Ubuntu Security Notice USN-7117-2

Digital networks are the backbone of global business and communication, making cyber resiliency essential for organizations to thrive.…

Digital networks are the backbone of global business and communication, making cyber resiliency essential for organizations to thrive. Cyber resiliency isn’t just a trendy term; it’s about an organization’s ability to predict, endure, recover from, and adapt to cyber threats. With cybercrime expected to cost $10.5 trillion annually by 2025 (Cybersecurity Ventures), ensuring strong defences has never been more critical.

As artificial intelligence (AI) continues to reshape the infrastructure of cyber threats and defences, the need for strong cyber resiliency strategies has become more critical than ever. The integration of AI into cybersecurity has created a constantly evolving challenge, where traditional defenses often fall short. Cybercriminals now use advanced AI algorithms to craft convincing phishing schemes, generate realistic deepfakes, and develop adaptive attacks designed to outsmart standard security systems.

Simultaneously, defenders are harnessing the same technological advances to build more intelligent, proactive, and responsive security ecosystems. This article explores the evolving infrastructure of cyber resiliency in the AI era, examining how organizations can build an “unbreakable shield” that not only protects against current threats but anticipates and adapts to future challenges.

****The Rise of Cyber Threats in the AI Era****

The proliferation of AI has dramatically transformed the cyber threat infrastructure. Cybercriminals are no longer limited to static, predictable attack patterns but can now deploy intelligent systems that learn, adapt, and optimize their assault strategies in real time.

****AI-Powered Attacks in Action****

*   **Phishing Evolution**: Using natural language processing, phishing emails now generate highly personalized and contextually relevant messages, increasing click-through rates by up to **30%** (IBM Security).
*   **Deepfake Threats**: AI-generated audio and video impersonations have already been used to steal millions in social engineering attacks.
*   **Adaptive Threats**: Machine learning algorithms probe network defenses, identifying and exploiting vulnerabilities faster than traditional methods ever could.

Case Study: The SolarWinds supply chain attack, one of the most sophisticated breaches in recent history, leveraged advanced techniques to infiltrate critical infrastructure worldwide. It demonstrated the devastating potential of AI-enhanced cyber operations.

****What is Cyber Resiliency?****

Cyber resiliency extends beyond traditional cybersecurity approaches. While cybersecurity focuses primarily on prevention and protection, cyber resiliency adopts a holistic, adaptive strategy encompassing prevention, detection, response, and recovery.

****Key Principles of Cyber Resiliency:****

1.  **Anticipation**: Identifying potential threats and vulnerabilities before they materialize.
2.  **Vital Defense**: Developing flexible mechanisms to withstand attacks.
3.  **Rapid Response**: Ensuring swift action to contain and neutralize threats.
4.  **Operational Continuity**: Minimizing disruption during and after incidents.
5.  **Continuous Learning**: Adapting strategies based on each encounter to stay ahead of adversaries.

By adopting this proactive and adaptive approach, organizations shift from simply reacting to attacks to building an “always ready” defense posture.

****The Role of AI in Enhancing Cyber Resiliency****

AI has become a game-changing technology in developing more strong cyber resiliency strategies.

****1\. Prevention****

*   **Predictive Analytics**: AI forecasts vulnerabilities, enabling proactive mitigation.
*   **Threat Intelligence**: Machine learning identifies emerging risk patterns from massive data sets.
*   **Risk Assessment**: AI-powered tools offer comprehensive evaluations to guide security investments.

****2\. Detection****

*   **Real-Time Anomaly Detection**: Algorithms spot suspicious activities before damage occurs.
*   **Behavioural Analysis**: AI discerns between normal user behaviour and potential breaches.
*   **Correlation Engines**: These tools detect complex, multi-stage attack attempts.

****3\. Response****

*   **Automated Incident Response**: AI isolates threats within milliseconds, minimizing damage.
*   **Triage Systems**: Intelligent mechanisms prioritize critical security events for human review.
*   **Dynamic Playbooks**: AI guides response teams through complex scenarios based on real-time data.

****4\. Recovery****

*   **Optimized Disaster Recovery**: AI minimizes downtime with intelligent restoration processes.
*   **Predictive Maintenance**: Algorithms identify and address vulnerabilities before recurrence.

Quote: “AI is transforming cyber resiliency, enabling faster detection, smarter responses, and greater adaptability to threats,” says Dr. Jane Smith, CTO of CyberSafe Solutions.

****Building the “Unbreakable Shield”: Key Strategies for Organizations****

To thrive in the AI era, organizations must adopt these strategies:

1.  **Invest in AI-Powered Security Tools**
    *   Deploy advanced threat detection platforms.
    *   Implement predictive analytics for proactive risk management.
    *   Leverage machine learning for continuous security improvement.
2.  **Embrace Zero Trust Architecture**
    *   Enforce strict access controls.
    *   Adopt network segmentation to limit lateral movement.
    *   Continuously verify user and device identities.
3.  **Train and Educate Teams**
    *   Conduct regular AI-threat simulation exercises.
    *   Develop comprehensive awareness programs to prevent human error.
4.  **Conduct Resiliency Drills**
    *   Test response protocols against AI-powered attack scenarios.
    *   Measure and improve readiness through regular evaluations.
5.  **Collaborate Across Industries**
    *   Share threat intelligence to counteract emerging risks.
    *   Engage in cross-sector forums to foster innovation.

****Challenges in Achieving Cyber Resiliency****

Despite AI’s potential, organizations face obstacles:

*   **High Costs**: Advanced AI tools require significant investment.
*   **Skills Gaps**: Many teams lack expertise in implementing AI-driven solutions.
*   **Regulatory Complexity**: Compliance with evolving global standards is challenging.
*   **Rapid Change**: Technology advances faster than most organizations can adapt.

**Solutions:**

*   Invest in training programs for AI and cybersecurity.
*   Build partnerships to share resources and expertise.

****The Future of Cyber Resiliency in the AI Era****

The next frontier includes:

*   **Quantum-Resistant Encryption**: Preparing for threats posed by quantum computing.
*   **AI-Augmented Defense Systems**: Combining human expertise with machine intelligence.
*   **Collaborative Ecosystems**: Global alliances to tackle cyber threats collectively.

****Conclusion****

In the AI era, cyber resiliency requires a comprehensive and adaptive approach. Organizations can strengthen their defenses by leveraging advanced technologies, promoting a culture of continuous learning, and deploying strategic defense measures to stay ahead of evolving threats.

Now is the time to act. Assess your organization’s resiliency, invest in AI-powered solutions, and prepare for a future where adaptability is the ultimate competitive advantage.

1.  Microsoft’s Secure Future Initiative Boosts Cybersecurity
2.  Email Hacking Reigns as Top Cybersecurity Threat, Study
3.  Cybersecurity Tips For Businesses Using Remote Workers
4.  IT, Cybersecurity Jobs in the Age of Emerging AI Technologies
5.  Future of Phishing Email Training for Employees in Cybersecurity

Cyber Resiliency in the AI Era: Building the Unbreakable Shield 

The future of cybersecurity isn't about preventing every breach — it's about learning and growing stronger with each attack.

Akhil Mittal, Senior Manager, Black Duck Software

November 21, 2024

6 Min Read

Source: Brain light via Alamy Stock Photo

COMMENTARY

Despite massive investments in cybersecurity, breaches are still on the rise, and attackers seem to evolve faster than defenses can keep up. The IBM "Cost of a Data Breach Report 2024" estimates the average global breach cost has reached a staggering $4.88 million. But the true damage goes beyond the financial — it's about how quickly your organization can recover and grow stronger. Focusing only on prevention is outdated. It's time to shift the mindset: Every breach is an opportunity to innovate. 

**Turning Breaches Into Opportunities**

Breaches are no longer theoretical. They're happening right now — AI-powered hacks, supply chain vulnerabilities, and social engineering make them inevitable. IBM's report shows that 83% of organizations faced multiple breaches last year. One retail client I worked with had the same mindset: focusing on prevention and detection alone. But after facing multiple breaches, the company flipped its approach — each breach became a learning opportunity. Instead of panic, the company built resilience.

**Strengthening Defenses After Each Breach**

Organizations need to shift from asking, "How do we stop breaches?" to "How do we get stronger from breaches?" Here are five strategies that I've seen make a significant impact: 

**1\. From Breach to Micro-Incident **

Not every breach needs to be a disaster. By treating breaches as micro-incidents, you can contain the damage and quickly move forward. With network segmentation and behavioral analytics, threats can be isolated and stopped from spreading. One financial client cut its recovery time by 50% by adopting self-isolating networks. When suspicious activity was detected, the network kicked into action, isolating the threat and stopping its spread. 

**2\. Stress Test Daily **

Running breach simulations once or twice a year is no longer enough. Leading organizations are stress-testing their defenses daily. This goes beyond testing — it's about actively rehearsing for real-world scenarios, ensuring your teams are battle-ready. Think of it like chaos engineering: You aren't just hoping for the best. You're deliberately looking for weaknesses so you can fix them before attackers find them. This approach helped another client find multiple weak points that were missed in its regular annual penetration tests. 

**3\. Minimize Human Intervention **

When a breach hits, speed is everything. Self-healing systems powered by AI automatically isolate compromised systems and begin repairs without the need for human intervention. One of my e-commerce clients cut its recovery time in half with self-healing technology. Its teams could stop putting out fires and focus on strategic long-term improvements. 

**4\. Adaptive Defense **

Every breach is an opportunity to learn and improve. One of the financial clients created a feedback loop that used AI-powered systems to analyze each breach. Machine learning models adapted defenses, spotting patterns in the attacks, adjusting firewall rules, and fine-tuning detection algorithms. Gartner predicts that by 2026, 30% of enterprises will automate more than half of their network activities, using AI to detect and respond to threats in minutes. 

**5\. Collective Defense **

No one fights cyber threats alone. A healthcare consortium I know began sharing real-time threat intelligence with other organizations. This collective defense approach helped it detect and stop attacks faster. Participating in networks like Information Sharing and Analysis Centers (ISACs) or using platforms like MITRE ATT&CK can boost defenses across industries by pooling insights and data. 

**Cybersecurity as a Competitive Advantage**

Resilience is the new competitive advantage. You can't prevent every breach, but how quickly you respond is what sets you apart. Accenture found that 87% of consumers trust companies that handle breaches with transparency and resilience. It's not the breach itself that builds trust, of course — it's how you respond. 

In industries like finance, healthcare, and technology, resilience not only helps you recover but also fosters customer loyalty. As cyber threats become more global, regulations like GDPR in Europe demand fast, transparent responses. In the Asia-Pacific region, rapid digital transformation is creating new attack surfaces. Wherever your business operates, resilience is key to success.

**Actionable Steps for CISOs**

Here's how chief information security officers (CISOs) can turn breaches into growth opportunities: 

*   Run continuous breach simulations: Make breach simulations part of your daily routine. Simulate phishing, ransomware, and supply chain attacks to identify vulnerabilities before real attackers exploit them. Leading companies, inspired by chaos engineering, run controlled breach tests every day, treating each one as an opportunity to fine-tune their incident response plans. 
    
*   Adopt self-healing systems: AI-powered self-healing systems minimize downtime by automatically detecting and isolating compromised systems, ensuring your business keeps running. With 24/7 monitoring tools, you can spot unusual behavior fast, allowing your teams to focus on strategic initiatives instead of reactive firefighting. 
    
*   Leverage AI-driven threat intelligence sharing: Join intelligence-sharing networks like ISACs to collaborate with peers. Real-time threat data allows organizations to stay ahead of emerging threats. Platforms like MITRE ATT&CK help teams analyze adversary behaviors, enabling them to fine-tune defense strategies. 
    
*   Prepare for quantum computing: While quantum computing is still emerging, it could eventually break today's encryption standards. Start preparing now by researching quantum-resistant encryption and staying informed on the latest industry developments. 
    
*   Create a resilience-first culture: Resilience shouldn't just be a buzzword — it must become part of your company's DNA. Encourage your teams to learn from every incident, find gaps in your defenses, and use them as opportunities to build stronger systems. Regularly debrief after breaches to reflect on what went right, not just what went wrong. This helps create a culture of continuous improvement, ensuring that your organization gets stronger after every incident. 
    

Resilience isn't just the CISO's job. CEOs and compliance officers also play crucial roles in aligning the entire organization with resilience strategies. Regulatory frameworks like Europe's General Data Protection Regulation (GDPR) and the US Portability and Accountability Act (HIPAA) demand transparent recovery protocols, and how leadership handles breaches impacts brand trust, shareholder confidence, and customer loyalty.

**Leading With Resilience**

The future of cybersecurity isn't about preventing every breach — it's about learning and growing stronger with each attack. Companies that turn breaches into opportunities for innovation won't just survive — they'll lead. By adopting resilience-first strategies, continuous improvement, and adaptive defenses, your organization can turn security challenges into competitive advantages. 

**About the Author**

Senior Manager, Black Duck Software

Akhil Mittal is a recognized cybersecurity leader with more than two decades of experience in application security, cloud security, and DevSecOps. As a Gartner Cybersecurity ambassador and senior manager at Black Duck Software, he leads key security initiatives, helping global organizations strengthen their defenses against advanced cyber threats. Akhil has worked closely with chief information security officers (CISOs) and executive leadership to align security strategies with business goals, ensuring robust protection across industries. He also contributes his expertise through leading cybersecurity publications and serves as a judge for top industry awards and hackathons. Certified in CISSP and CCSP, his work continues to shape the future of cybersecurity, driving innovation and resilience worldwide.

Cybersecurity Is Critical, but Breaches Don't Have to Be Disasters

When a cybersecurity incident occurs, it's not just IT systems and data that are at risk — a company's reputation is on the line, too.

Source: Panther Media GmbH via Alamy Stock Photo

Question: What value do public relations experts bring to a company during a cybersecurity incident?

Ronn Torossian, founder, 5WPR: The threat of a cyberattack is ever-present, making cybersecurity a top priority for organizations of all sizes. But when a cybersecurity incident occurs, it's not just IT systems and data that are at risk — a company's reputation is on the line, too. This is where public relations (PR) can step in as a critical safeguard. A well-executed cybersecurity PR strategy can help contain the fallout of a cybersecurity breach, maintain stakeholder trust, and position the organization for recovery.

Here are five ways PR professionals can protect a company against damage from a cybersecurity incident.

**1\. Build Trust With Stakeholders Ahead of Time**

PR's role in a cybersecurity incident starts long before a breach happens. Proactive engagement with stakeholders builds a reservoir of goodwill to draw upon in times of crisis. Engagement includes providing regular updates on the company's cybersecurity measures, sharing tips for data protection, and offering insights into industry best practices.

For instance, tech giants like Cisco and IBM consistently communicate their cybersecurity initiatives, positioning themselves as leaders in the space. By doing so, they reinforce their commitment to security. This proactive approach helps set the stage for smoother communication during a crisis.

**2\. Communicate With Transparency and Speed**

The first hours of a cybersecurity breach are crucial. Prompt, transparent communication helps shape public perception and can significantly influence the level of trust that stakeholders place in the company. When an incident occurs, PR teams must work swiftly to inform customers, employees, and partners about what happened, what steps the company is taking, and what they should do next.

A classic negative case study is Equifax's 2017 breach, where delayed communication compounded the public's distrust. Companies that immediately acknowledge a breach and provide clear updates often regain trust faster. Transparency demonstrates accountability and commitment, both of which are key to repairing reputational damage.

**3\. Harness Social Media for Crisis Responses**

Social media is a double-edged sword in the wake of a cybersecurity breach. These digital channels amplify both the reach of the company's crisis communications and the spread of misinformation or negative sentiment. A strong social media strategy is essential for managing the narrative.

PR teams should use platforms like LinkedIn and other digital channels to provide real-time updates, address customer concerns, and reinforce the company's commitment to resolving the issue. These channels offer an opportunity to humanize the brand, which can help mitigate panic and frustration.

**4\. Bring in Cybersecurity Teams for Updates**

Effective crisis communication requires more than just PR expertise. Collaboration with IT and cybersecurity teams ensures that messaging is accurate, clear, and credible.

Cybersecurity experts lend authority to media briefings or stakeholder updates and signal that the situation is under control. PR professionals translate complex technical details into language that resonates with diverse audiences. This partnership helps build confidence in the organization's ability to manage and resolve cybersecurity incidents.

**5\. Rebuild Trust After an Attack**

Long-term organizational recovery from a cybersecurity breach depends on rebuilding trust, which is rooted in ongoing education and advocacy. PR teams can drive awareness campaigns that encourage both internal and external audiences to adopt better cybersecurity practices.

This might involve publishing blogs, hosting webinars, or participating in industry panels to share insights on navigating the evolving threat landscape. Advocacy for stronger industry standards or collaboration on public policy can further position the company as a thought leader committed to enhancing cybersecurity for all.

**About the Author**

Dark Reading

The Edge is Dark Reading's home for features, threat data and in-depth perspectives on cybersecurity.

How Can PR Protect Companies During a Cyberattack?

Debian Linux Security Advisory 5816-1 - The Qualys Threat Research Unit discovered that libmodule-scandeps-perl, a Perl module to recursively scan Perl code for dependencies, allows an attacker to execute arbitrary shell commands via specially crafted file names.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5816-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
November 19, 2024                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : libmodule-scandeps-perl  
CVE ID         : CVE-2024-10224

The Qualys Threat Research Unit discovered that libmodule-scandeps-perl,  
a Perl module to recursively scan Perl code for dependencies, allows an  
attacker to execute arbitrary shell commands via specially crafted file  
names.

Details can be found in the Qualys advisory at  
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt

For the stable distribution (bookworm), this problem has been fixed in  
version 1.31-2+deb12u1.

We recommend that you upgrade your libmodule-scandeps-perl packages.

For the detailed security status of libmodule-scandeps-perl please refer  
to its security tracker page at:  
https://security-tracker.debian.org/tracker/libmodule-scandeps-perl

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmc8u7tfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Ta0A//TsnJj10BYWU0GlFOs6sGALdSfLn8vxB/E5MM6O4ZSEFC0u8KywvrESTg  
oxh5QieR4kqPDnq5JYIKwBZkD+ohI57ji2xcnjYIp/HRoRXC8IETPvjJHIu5rbtN  
BiMSyvp/9YYGUfOzPDGgqO7Rhuz/GqoFwkvziDXiUOg8OYE4kOUunXuMWBXSOQ6W  
Oji2YHHomRb13QY1DnAx5ISAthBlDeTVLAsReWG6e+dzR6Z+VDRLEHwiXJS9EJSS  
Si4a+KLf5TqJRfI+rSDaRJPRO53I657Xk4Ob5PEc1ay6LfUtdg8zzxyt/FCzlMng  
3mO80A4s2dS4T02L9SeeniSVQFE+etmTQAR3sIoe4AYulgXu5Jz4NrUmNohMdqrq  
xYtIcUD24aig4DRujVMcK5RHndw3JG9/TP5obPeJ5Cjlb28MpeE67e3bgnqzVdN7  
QZLKPoEX0C9LZk+sWqLYx2P1nwiPeaEwYppSFErsZV3w0qnJkTa97LY2XiRTlIWw  
wBjUrHi78bhoGo2Mpo9iGdjN4fcbBolqZ6c/xOWTBmouRWWyD1CblpEZ3UUqnn74  
wUqLknPAdMt8F8C91cKPdXoXkY3nrV01jecj8hfUU3qvDvbu4lyjWmUOP+dYJLUt  
zgJobOMroKkug8sld+eweWF1ILdgCsrQRSUrPYyiP4sAMC6uAKE=  
=+uJR  
-----END PGP SIGNATURE-----

Debian Security Advisory 5816-1

Ubuntu Security Notice 7120-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7120-1November 19, 2024linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-hwe-6.8,linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency,linux-oem-6.8, linux-oracle, linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-nvidia: Linux kernel for NVIDIA systems- linux-nvidia-lowlatency: Linux low latency kernel for NVIDIA systems- linux-oem-6.8: Linux kernel for OEM systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-gcp-6.8: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-6.8: Linux hardware enablement (HWE) kernel- linux-nvidia-6.8: Linux kernel for NVIDIA systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - File systems infrastructure;  - Network traffic control;(CVE-2024-46800, CVE-2024-43882)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1014-gke      6.8.0-1014.18  linux-image-6.8.0-1015-raspi    6.8.0-1015.17  linux-image-6.8.0-1016-ibm      6.8.0-1016.16  linux-image-6.8.0-1016-oracle   6.8.0-1016.17  linux-image-6.8.0-1016-oracle-64k  6.8.0-1016.17  linux-image-6.8.0-1017-oem      6.8.0-1017.17  linux-image-6.8.0-1018-gcp      6.8.0-1018.20  linux-image-6.8.0-1018-nvidia   6.8.0-1018.20  linux-image-6.8.0-1018-nvidia-64k  6.8.0-1018.20  linux-image-6.8.0-1018-nvidia-lowlatency  6.8.0-1018.20.1  linux-image-6.8.0-1018-nvidia-lowlatency-64k  6.8.0-1018.20.1  linux-image-6.8.0-1019-aws      6.8.0-1019.21  linux-image-6.8.0-49-generic    6.8.0-49.49  linux-image-6.8.0-49-generic-64k  6.8.0-49.49  linux-image-aws                 6.8.0-1019.21  linux-image-gcp                 6.8.0-1018.20  linux-image-generic             6.8.0-49.49  linux-image-generic-64k         6.8.0-49.49  linux-image-generic-64k-hwe-24.04  6.8.0-49.49  linux-image-generic-hwe-24.04   6.8.0-49.49  linux-image-generic-lpae        6.8.0-49.49  linux-image-gke                 6.8.0-1014.18  linux-image-ibm                 6.8.0-1016.16  linux-image-ibm-classic         6.8.0-1016.16  linux-image-ibm-lts-24.04       6.8.0-1016.16  linux-image-kvm                 6.8.0-49.49  linux-image-nvidia              6.8.0-1018.20  linux-image-nvidia-64k          6.8.0-1018.20  linux-image-nvidia-lowlatency   6.8.0-1018.20.1  linux-image-nvidia-lowlatency-64k  6.8.0-1018.20.1  linux-image-oem-24.04           6.8.0-1017.17  linux-image-oem-24.04a          6.8.0-1017.17  linux-image-oracle              6.8.0-1016.17  linux-image-oracle-64k          6.8.0-1016.17  linux-image-raspi               6.8.0-1015.17  linux-image-virtual             6.8.0-49.49  linux-image-virtual-hwe-24.04   6.8.0-49.49Ubuntu 22.04 LTS  linux-image-6.8.0-1018-gcp      6.8.0-1018.20~22.04.1  linux-image-6.8.0-1018-nvidia   6.8.0-1018.20~22.04.1  linux-image-6.8.0-1018-nvidia-64k  6.8.0-1018.20~22.04.1  linux-image-6.8.0-49-generic    6.8.0-49.49~22.04.1  linux-image-6.8.0-49-generic-64k  6.8.0-49.49~22.04.1  linux-image-gcp                 6.8.0-1018.20~22.04.1  linux-image-generic-64k-hwe-22.04  6.8.0-49.49~22.04.1  linux-image-generic-hwe-22.04   6.8.0-49.49~22.04.1  linux-image-nvidia-6.8          6.8.0-1018.20~22.04.1  linux-image-nvidia-64k-6.8      6.8.0-1018.20~22.04.1  linux-image-nvidia-64k-hwe-22.04  6.8.0-1018.20~22.04.1  linux-image-nvidia-hwe-22.04    6.8.0-1018.20~22.04.1  linux-image-oem-22.04           6.8.0-49.49~22.04.1  linux-image-oem-22.04a          6.8.0-49.49~22.04.1  linux-image-oem-22.04b          6.8.0-49.49~22.04.1  linux-image-oem-22.04c          6.8.0-49.49~22.04.1  linux-image-oem-22.04d          6.8.0-49.49~22.04.1  linux-image-virtual-hwe-22.04   6.8.0-49.49~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7120-1  CVE-2024-43882, CVE-2024-46800Package Information:  https://launchpad.net/ubuntu/+source/linux/6.8.0-49.49  https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1019.21  https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1018.20  https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1014.18  https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1016.16  https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1018.20  https://launchpad.net/ubuntu/+source/linux-nvidia-lowlatency/6.8.0-1018.20.1  https://launchpad.net/ubuntu/+source/linux-oem-6.8/6.8.0-1017.17  https://launchpad.net/ubuntu/+source/linux-oracle/6.8.0-1016.17  https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1015.17  https://launchpad.net/ubuntu/+source/linux-gcp-6.8/6.8.0-1018.20~22.04.1  https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-49.49~22.04.1  https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1018.20~22.04.1

Ubuntu Security Notice USN-7120-1

Ubuntu Security Notice 7117-1 - Qualys discovered that needrestart passed unsanitized data to a library which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root. Qualys discovered that the library libmodule-scandeps-perl incorrectly parsed perl code. This could allow a local attacker to execute arbitrary shell commands.

==========================================================================  
Ubuntu Security Notice USN-7117-1  
November 19, 2024

Several security issues were fixed in needrestart and Module::ScanDeps  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10  
- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in libmodule-scandeps-perl, needrestart.

Software Description:  
- libmodule-scandeps-perl: module to recursively scan Perl code for   
dependencies  
- needrestart: check which daemons need to be restarted after library   
upgrades

Details:

Qualys discovered that needrestart passed unsanitized data to a library  
(libmodule-scandeps-perl) which expects safe input. A local attacker could  
possibly use this issue to execute arbitrary code as root.  
(CVE-2024-11003)

Qualys discovered that the library libmodule-scandeps-perl incorrectly  
parsed perl code. This could allow a local attacker to execute arbitrary  
shell commands. (CVE-2024-10224)

Qualys discovered that needrestart incorrectly used the PYTHONPATH  
environment variable to spawn a new Python interpreter. A local attacker  
could possibly use this issue to execute arbitrary code as root.  
(CVE-2024-48990)

Qualys discovered that needrestart incorrectly checked the path to the  
Python interpreter. A local attacker could possibly use this issue to win  
a race condition and execute arbitrary code as root. (CVE-2024-48991)

Qualys discovered that needrestart incorrectly used the RUBYLIB  
environment variable to spawn a new Ruby interpreter. A local attacker  
could possibly use this issue to execute arbitrary code as root.  
(CVE-2024-48992)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  libmodule-scandeps-perl         1.35-1ubuntu0.24.10.1  
  needrestart                     3.6-8ubuntu4.2

Ubuntu 24.04 LTS  
  libmodule-scandeps-perl         1.35-1ubuntu0.24.04.1  
  needrestart                     3.6-7ubuntu4.3

Ubuntu 22.04 LTS  
  libmodule-scandeps-perl         1.31-1ubuntu0.1  
  needrestart                     3.5-5ubuntu2.2

Ubuntu 20.04 LTS  
  libmodule-scandeps-perl         1.27-1ubuntu0.1~esm1  
                                  Available with Ubuntu Pro  
  needrestart                     3.4-6ubuntu0.1+esm1  
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS  
  libmodule-scandeps-perl         1.24-1ubuntu0.1~esm1  
                                  Available with Ubuntu Pro  
  needrestart                     3.1-1ubuntu0.1+esm1  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  libmodule-scandeps-perl         1.20-1ubuntu0.1~esm1  
                                  Available with Ubuntu Pro  
  needrestart                     2.6-1ubuntu0.1~esm1  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7117-1  
  CVE-2024-10224, CVE-2024-11003, CVE-2024-48990, CVE-2024-48991,  
  CVE-2024-48992

Package Information:

 https://launchpad.net/ubuntu/+source/libmodule-scandeps-perl/1.35-1ubuntu0.24.10.1  
  https://launchpad.net/ubuntu/+source/needrestart/3.6-8ubuntu4.2

 https://launchpad.net/ubuntu/+source/libmodule-scandeps-perl/1.35-1ubuntu0.24.04.1  
  https://launchpad.net/ubuntu/+source/needrestart/3.6-7ubuntu4.3

 https://launchpad.net/ubuntu/+source/libmodule-scandeps-perl/1.31-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/needrestart/3.5-5ubuntu2.2

Ubuntu Security Notice USN-7117-1

Companies that recognize current market opportunities — from the need to safely implement revolutionary technology like AI to the vast proliferation of cyber threats — have remarkable growth prospects.

Source" Brian Jackson via Alamy Stock Photo

Companies have never faced a wider and more dynamic array of cyber threats than they do right now. From rapidly rising costs associated with data breaches and other cyberattacks to the exploitation of artificial intelligence (AI) to make attacks more effective than ever, the cyber-threat landscape is constantly evolving. This has led to a drastic increase in cybersecurity spending, as well as a wave of innovation in the sector.

As cyberattacks become more targeted and sophisticated, there is a vast and growing market for solutions that help companies address their most vulnerable attack vectors. For example, cybercriminals often steal account names, passwords, and other credentials to launch attacks, which is why identity and access management have become key priorities for companies across many industries. Cybercriminals are also using AI resources such as LLMs to target employees with advanced social engineering attacks that allow them to infiltrate secure networks and steal information.

Cybercriminals and other bad actors such as hostile foreign governments are more motivated than ever to develop powerful cyber capabilities that enable them to hijack data, disrupt operations, and bypass existing cybersecurity protocols. This trend will only gain momentum, and revolutionary technology like AI will function as a force multiplier that makes cyberattacks more destructive and difficult to detect. This is why the cybersecurity industry will continue to see unprecedented demand and investment in the coming years.

**A New Era of Cyberattacks**

Companies are investing heavily in cybersecurity — according to a PwC survey, 77% of companies plan to increase their cyber budgets, while Gartner has projected that information security spending will spike by 15% in 2025. However, these investments haven't yet turned the tide against the onslaught of cyberattacks that are inflicting increasingly severe financial, reputational, and operational costs on companies. A 2024 IBM report found that the average cost of a data breach hit $4.88 million globally this year, a record high and a 10% increase from 2023.

The 2024 Allianz Risk Barometer found that cyber incidents are the top global business risk for the "first time and by a clear margin" — a finding that applies to companies of all sizes. AI is a key driver of this trend, as it has lowered the barriers to entry for cybercriminals around the world. For example, large language models (LLMs) allow cybercriminals to launch advanced phishing attacks regardless of their language skills or technical ability. Hostile foreign governments are using AI to launch cyberattacks as well — Microsoft reported that Russia, North Korea, and China are all using AI for surveillance, scripting, and social engineering.

As cyber threats become more dangerous and dynamic, the market for robust solutions will continue to expand. Companies in the sector will have to leverage emerging technology like AI and develop cybersecurity solutions that address specific vulnerabilities more effectively than their competitors.

**Opportunities in the Cybersecurity Market**

The cybersecurity industry has seen significant fragmentation in recent years as the demand for specialized solutions increases. Particular categories of cyberattacks, such as phishing, call for targeted solutions capable of countering the latest cybercriminal tactics. IBM reported that phishing is one of the most common and financially destructive initial attack vectors, which means cybercriminals are using it to gain access and launch broader cyberattacks. A major goal of phishing attacks is credential theft, which is why stolen or compromised credentials are involved in initial attacks more often than any other individual factor.

Companies like Strata help customers resist phishing attacks and other forms of credential theft with holistic identity and access management solutions. The reliance on legacy systems is one of the most urgent cybersecurity challenges many companies face — a challenge that has become all the more daunting due to the growing risk posed by third-party vendors and other partners. Supply chain cyberattacks are becoming increasingly common — Verizon found that there was a 68% increase in "supply chain interconnection" involved in breaches between 2023 and 2024.

Integrated cybersecurity solutions are critical, as cybercriminals and other bad actors need only  a single access point to infiltrate an organization. Solutions that help customers modernize their cybersecurity infrastructure for the evolving cyber-threat landscape are becoming more vital. Chief information security officers (CISOs) and other cybersecurity leaders need access to simplified solutions that break down silos between IT and security teams, meet increasingly stringent compliance demands, and help them evaluate and address vulnerabilities.

**Maximizing the Impact of Emerging Technology**

While AI is propelling a new wave of cyberattacks, it can also be harnessed to keep companies safer. Companies can use AI to simulate cyberattacks, detect malicious activity, prioritize cyber threats and potential vulnerabilities, and protect data across many different environments. However, AI still faces significant trust issues, due to problems like hallucinations (when LLMs present false information as accurate) and the existence of "black box" machine learning algorithms that don't provide any transparency into their decision-making processes.

According to a recent survey of 6,000 knowledge workers, 54% of AI users don't trust the data used to train AI systems — and more than two-thirds of these workers say they're hesitant to adopt AI. Meanwhile, laws and regulations around AI are becoming stricter all the time. For example, the EU AI Act requires companies to mitigate systemic risks, report cyber incidents, and focus on cybersecurity in their AI implementations.

While the AI trust gap is hindering adoption of the technology and regulations are becoming tougher, this opens a market for companies that provide end-to-end AI governance. At a time when AI adoption is skyrocketing, companies need the infrastructure necessary to ensure compliance and monitor AI systems for potential cyber threats. IBM found that 82% of executives believe "secure and trustworthy AI is essential to the success of their business," but less than a quarter of generative AI projects are being secured.

From the need to safely implement technology like AI to the vast proliferation of cyber threats (many of which are being powered by that very same technology), the cybersecurity industry has reached an inflection point. The companies that recognize these market opportunities have remarkable growth prospects in the coming years.

**About the Author**

General Partner, Titanium Ventures

Marcus Bartram is General Partner at Titanium Ventures (former Telstra Ventures), a San Francisco-based VC firm that differentiates by generating revenue for its portfolio with strategic channel partners and customer relationships as well as by using data science to drive its investment process. Marcus is on the founding team and has led investments in cybersecurity companies like CrowdStrike, Auth0, Anomali, Cequence, CloudKnox, Cofense, CyberGRX, Elastica, vArmour, and Zimperium.

Tag

#ibm