CyberSecurity Knuggets

Jun 15, 2024

Today on the news, there have been reports of the Russian government considering the establishment of a dedicated cybersecurity agency, indicating a growing recognition of the importance of cybersecurity. However, there have also been several cybersecurity incidents, including ransomware attacks, data breaches, and DDoS attacks, highlighting the ongoing threat of cybercrime.

There are also reports of new vulnerabilities, such as a Windows zero-day exploited by the Black Basta ransomware gang, and a weak password hash vulnerability in Fortinet firewalls. These vulnerabilities pose significant risks and require immediate attention to prevent potential exploitation by threat actors.

Furthermore, there have been arrests related to cybercrime, including the arrest of individuals involved in mobile bot farms and the hacking of a major Canadian credit union. These arrests highlight the ongoing efforts to combat cybercriminal activities and the need for robust cybersecurity measures.

As a cybersecurity expert, I’ve been keeping up with the latest news, and there are a few critical issues that need immediate attention. First, there’s a vulnerability in Fortinet backup files, which can be intercepted and decrypted by threat actors. Another concerning issue is the HTTP/2 Rapid Reset DDoS attack, which threat actors are sharing proof-of-concept code for. Additionally, a bug impacting the NSXPC component in Apple’s macOS and iOS has been discovered, allowing malicious apps to gain unauthorized access to system services or steal user data. It’s essential for organizations and individuals to stay vigilant and address these vulnerabilities and threats promptly to prevent potential data breaches and security risks.

Stay Well!