CISO Talk by James Azar
CyberHub Podcast
🚨 Cyber News: Kubernetes Exploit, Fortinet RCE Bug, Nissan Data Breach, Probe into Change Healthcare & Russia Targeted by West
1×
0:00
Current time: 0:00 / Total time: -13:41
-13:41

🚨 Cyber News: Kubernetes Exploit, Fortinet RCE Bug, Nissan Data Breach, Probe into Change Healthcare & Russia Targeted by West

Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines

In this episode of the Cyber Hub Podcast, host James Azar dives into a series of critical cybersecurity updates, ranging from newly discovered vulnerabilities and patches to significant breaches and global cybersecurity tensions.

Here's a detailed summary of the key stories covered, along with actionable insights for each.

Kubernetes Vulnerability: A Window of Concern

A significant vulnerability (CVE-2023-5528) has been identified in Kubernetes, affecting all Windows endpoints in a cluster, potentially leading to arbitrary code execution with system privileges. This vulnerability arises from the way Kubernetes processes YAML files and is particularly exploitable when creating a pod that includes a local volume.

Action Points:

1. Immediately update Kubernetes installations to version 1.28.4 or later, especially for deployments with Windows nodes.

2. Review and monitor pod creation processes, specifically those involving local volumes, to prevent exploitation.

Fortinet's Critical Patch

Fortinet has released a patch for a critical vulnerability (CVE-2023-488) in the FortiClient Enterprise Management Server (EMS), which could allow unauthenticated remote code execution on vulnerable servers. This flaw, discovered by the UK National Cyber Security Center and a Fortinet developer, affects versions 7.0.1 through 7.0.10 and 7.2.0 through 7.2.2.

Action Points:

1. Prioritize the immediate application of the Fortinet patch to affected EMS versions.

2. Conduct a thorough security review of FortiClient EMS deployments to ensure no unauthorized access has occurred.

DarkGate Malware's New Wave

The DarkGate malware operation is exploiting a now-patched Windows Defender SmartScreen vulnerability (CVE-2024-21412) to bypass security warnings and deliver malware. This flaw was previously exploited by the WaterHydra group and is now seeing active exploitation by DarkGate operators.

Action Points:

1. Ensure all Windows systems are patched against CVE-2024-21412 to prevent exploitation.

2. Stay informed about the TTPs and IOCs of DarkGate operators to enhance detection and response capabilities.

Nissan Oceana's Data Breach Notification

Nissan Oceana is notifying approximately 100,000 individuals about a data breach resulting from a ransomware attack by the Akira Ransomware Group. The breach affected customers, dealers, and employees in Australia and New Zealand, with personal identification information compromised.

Action Points:

1. Affected individuals should monitor their personal and financial accounts for suspicious activity.

2. Organizations should review their cybersecurity posture and incident response plans, especially those in the automotive and financial sectors.

Intel and AMD's Security Advisories

Intel and AMD released security advisories addressing multiple vulnerabilities in their products. Intel's advisories include two high-severity vulnerabilities, while AMD's advisories cover the Ghost Race microarchitectural vulnerability and a web GPU browser-based GPU cache side channel attack method.

Action Points:

1. Apply the latest patches and updates from Intel and AMD to mitigate the vulnerabilities.

2. Keep abreast of emerging threats and vulnerabilities, particularly those affecting critical hardware components.

TikTok Legislation and Russian Election Security Concerns

U.S. lawmakers have passed a bill potentially banning TikTok if ByteDance does not sell its U.S. stake, citing national security concerns. Meanwhile, Russia alleges that U.S. and Western countries are attempting to hack its presidential election, marking a period of heightened global cybersecurity tensions.

Action Points:

1. For organizations and individuals, reassess the use of TikTok and other apps with potential national security implications.

2. Stay informed about global cybersecurity developments, as they may have broader implications for cyber policies and practices.

As the cybersecurity landscape continues to evolve, staying informed and proactive is key to navigating these challenging waters.

Share

Show Notes and Story Links:

https://www.securityweek.com/kubernetes-vulnerability-allows-remote-code-execution-on-windows-endpoints/

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-rce-bug-in-endpoint-management-software/

https://www.securityweek.com/nissan-data-breach-affects-100000-individuals/

https://www.bleepingcomputer.com/news/security/hackers-exploit-windows-smartscreen-flaw-to-drop-darkgate-malware/

https://www.securityweek.com/chipmaker-patch-tuesday-intel-amd-address-new-microarchitectural-vulnerabilities/

https://www.securityweek.com/government-launches-probe-into-change-healthcare-data-breach/

https://www.securityweek.com/bill-that-could-ban-tiktok-passed-in-the-house-heres-what-to-know/

https://therecord.media/russia-presidential-election-hack-claims-united-states-putin

Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel!

Apply now to be a featured partner on the show: https://www.cyberhubpodcast.com/contact

******

Listen here: https://linktr.ee/cyberhubpodcast

SubStack:

******

Website: https://www.cyberhubpodcast.com

Youtube: https://www.youtube.com/c/TheCyberHubPodcast

Rumble: https://rumble.com/c/c-1353861

Facebook: https://www.facebook.com/CyberHubpodcast/

Linkedin: https://www.linkedin.com/company/cyberhubpodcast/

Twitter: https://twitter.com/cyberhubpodcast

Instagram: https://www.instagram.com/cyberhubpodcast

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Discussion about this podcast

CISO Talk by James Azar
CyberHub Podcast
Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines and how these stories help keep practitioners sharp and ready.