Featured Story
Fortinet Releases Security Updates for Multiple Products
Fortinet has recently announced critical security updates addressing vulnerabilities across several of its products, including FortiOS and FortiProxy. These updates aim to mitigate risks associated with out-of-bounds write, stack-based buffer overflow, authorization bypass, and improper authentication vulnerabilities that could potentially allow attackers to execute arbitrary code, commands, or gain unauthorized access.
Other Stories
EU Parliament Approves Cyber Resilience Act
The European Union (EU) Parliament approved Tuesday new cyber resilience standards to protect all digital products in the EU from cyber threats. Already agreed with the Council last December, the regulation aims to ensure that products with digital features are secure to use, resilient against cyber threats, and provide enough information about their security properties.
The regulation aims to ensure high cybersecurity for products with digital elements and their integrated remote data processing solutions. This includes defining remote data processing as processing is done away from the user’s device, ensuring manufacturers secure products regardless of data location. This covers situations like mobile apps accessing manufacturer-provided services, falling under the regulation’s scope.
The legislation was approved with 517 votes in favor, 12 against and 78 abstentions. It will now have to be formally adopted by Council, too, in order to come into law.
This legislation not only emphasizes the necessity of integrating cybersecurity from the design phase of digital elements but also addresses the critical cybersecurity skills gap, highlighting the indispensable role of human expertise in complementing technological safeguards.
For IT and management professionals, this represents a significant shift towards prioritizing security in the digital landscape, ensuring a harmonized approach that reduces legal uncertainties and enhances the resilience of digital infrastructure across the European Union.
Cloud Account Attacks Surged 16-Fold in 2023
Cloud account threats increased 16-fold in 2023, with attackers adopting new techniques in these environments, according to Red Canary’s 2024 Threat Detection Report.
Researchers found that detections associated with T1078.004: Cloud Accounts, the MITRE ATT&CK technique for cloud account compromises, was the fourth most prevalent technique used by threat actors in 2023, up from 46th place in 2022.
Threat actors have seen this as an opportunity to focus their efforts on this new computing field.
‘Magnet Goblin’ Exploits Ivanti 1-Day Bug in Mere Hours
While threat actors converged on Ivanti edge devices earlier this year, one of them moved quicker than the rest, deploying a one-day exploit the day after its public disclosure.
“Magnet Goblin,” recently named in a Check Point research blog post, was one of the fastest to capitalize on that potential. Within a day after the release of a proof-of-concept (PoC) exploit, the group had malware in-hand capable of exploiting it.
US Intelligence Predicts Upcoming Cyber Threats for 2024
Accelerating competition between nation-states, regional conflicts with far-reaching impact, and non-state threat actors with unprecedented capabilities are three of the main cyber threats the US intelligence community (IC) will face over the next few months.
This is according to the Office of the Director of National Intelligence’s (ODNI) 2024 Annual Assessment of the US Intelligence Community, a report reflecting the collective insights of the US IC.