CyberSecurity Updates

12 Jun

Fortinet Releases Security Updates for FortiOS and FortiProxy

Attacks, Insights, Malware

Fortinet has released security updates to address a heap-based buffer overflow vulnerability CVE-2023-27997 in FortiOS and FortiProxy. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Fortinet security advisory FG-IR-23-097 and apply the necessary updates. For more information, see Fortinet’s Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign.

Read More
12 Jun

Cycode’s free CI/CD monitoring tool offers new DevOps visibility

Data Breaches, Malware, Social Engineering

Cycode’s new Cimon monitoring tool for continuous integration and continuous delivery is designed to offer a new level of visibility into the CI/CD process, securing code against data exfiltration and other malicious activity. According to the company’s announcement, Cimon — short for CI Monitor — is a runtime security agent that uses the enhanced Berkeley Packet Filter (eBPF) system to look directly into the CI pipeline, develop a baseline understanding of what normal behavior looks…

Read More
12 Jun

Health Service Ireland latest victim of MOVEit cyber attack

Attacks, Data Breaches

Health Service Ireland (HSE) has become the latest victim of a supply chain cyber attack launched against document transfer service MOVEit. The attack was launched by ransomware gang, Clop. Clop were able to infiltrate MOVEit by exploiting a zero-day vulnerability that allowed the malicious group to break into company networks and steal data. Professional services partnership EY was also impacted by the cyber attack, leading to the breach. HSE was working with EY to automate…

Read More
12 Jun

Threat intelligence programs poised for growth

Data Breaches, Malware, Social Engineering

In my last CSO article, I detailed cybersecurity professionals’ opinions on the characteristics of a mature cyber-threat intelligence (CTI) program. According to ESG research, the top attributes of a mature CTI program include dissemination of reports to a broad audience, analysis of massive amounts of threat data, and CTI integration with lots of security technologies. Alas, most CTI programs are far from mature, but this may change over the next few years as most enterprise…

Read More
10 Jun

Mixing cybercrime and cyberespionage – Week in security with Tony Anscombe

Information

A crimeware group that usually targets individuals and SMBs in North America and Europe adds cyberespionage to its activities It’s rather rare to find a cybercrime group that ventures into cyberespionage, which alone makes new ESET research all the more interesting. According to ESET experts, a cybercrime group known as Asylum Ambuscade – which usually targets individuals, SMBs, bank customers, and cryptocurrency traders in North America and Europe – has added cyberespionage to its activities.…

Read More
10 Jun

More MOVEit mitigations: new patches published for further protection

Information

by Paul Ducklin Even if you’re not a MOVEit customer, and even if you’d never heard of the MOVEit file sharing software before the end of last month… …we suspect you’ve heard of it now. That’s because the MOVEit brand name has been all over the IT and mainstream media for the last week or so, due to an unfortunate security hole dubbed CVE-2023-34362, which turned out to be what’s known in the jargon as…

Read More
09 Jun

Asylum Ambuscade: crimeware or cyberespionage?

Information

A curious case of a threat actor at the border between crimeware and cyberespionage Asylum Ambuscade is a cybercrime group that has been performing cyberespionage operations on the side. They were first publicly outed in March 2022 by Proofpoint researchers after the group targeted European government staff involved in helping Ukrainian refugees, just a few weeks after the start of the Russia-Ukraine war. In this blogpost, we provide details about the early 2022 espionage campaign…

Read More
09 Jun

Thoughts on scheduled password changes (don’t call them rotations!)

Information

by Paul Ducklin We’re all still using passwords on many, perhaps most, of our accounts, because we’re all still using plenty of online services that don’t offer any other sort of login system. Just today, for instance, I paid membership fees to a cycling-related group that asked for my postal address so it could send me my membership card, which I thought was a delightfully simple and old-school way of letting me retrieve my membership…

Read More
09 Jun

In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption

Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless crucial for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
09 Jun

Google launches Secure AI Framework to help secure AI technology

Data Breaches, Malware, Social Engineering

Google has announced the launch of the Secure AI Framework (SAIF), a conceptual framework for securing AI systems. Google, owner of the generative AI chatbot Bard and parent company of AI research lab DeepMind, said a framework across the public and private sectors is essential for making sure that responsible actors safeguard the technology that supports AI advancements so that when AI models are implemented, they’re secure-by-default. Its new framework concept is an important step…

Read More