🚨 FortiManager Zeroday, Iran Targets Presidential Election, Cisco Brute Force Attack, Penn State Fine

The podcast opens with host James Azar acknowledging the Jewish holiday of Simchat Torah and reflecting on the one-year anniversary of the October 7th attacks in Israel, noting its significance in both Jewish tradition and current geopolitics.

He briefly mentions his recent Substack article, which provides an unbiased breakdown of the cybersecurity positions of Donald Trump and Kamala Harris ahead of the U.S. elections.

This sets the stage for the podcast's focus on cyber threats and election security.

Cisco Patches Multiple Vulnerabilities

Cisco has patched several vulnerabilities in its security products, including a critical flaw affecting its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) systems. This vulnerability, CVE-2024-20481, can cause denial-of-service (DoS) conditions through brute-force VPN attacks. Although the CVSS score is relatively low (5.8), the flaw is being actively exploited, highlighting the need for practitioners to prioritize patches based on threat context rather than just CVSS scores.

Action Item for Security Professionals: Patch Cisco ASA and FTD systems immediately and assess vulnerabilities in the environment based on actual risk rather than CVSS scores alone.

Fortinet Zero-Day Exploited Since June

A zero-day vulnerability in Fortinet’s FortiManager has been exploited by attackers since June 2024. CVE-2024-47575 allows unauthenticated attackers to execute arbitrary code. Fortinet and Google’s Mandiant have observed over 50 victims, spanning various industries. Mandiant is tracking this under a new threat cluster (UNC 5820).

Action Item for Security Professionals: Fortinet users should review patches and mitigation guidance from Fortinet and incorporate threat intelligence from Mandiant regarding UNC 5820.

Iranian Threat Group Targets U.S. Elections

Iranian state-sponsored group Cotton Sandstorm has been ramping up attacks on U.S. election infrastructure ahead of the 2024 presidential elections. Microsoft’s report highlights attempts to assess vulnerabilities in battleground states, raising concerns over potential interference. The group has also targeted U.S. media outlets for misinformation campaigns.

Russia Targets U.S. Critical Infrastructure

Russian threat actors, active since late 2021, have been probing U.S. critical infrastructure, particularly managed service providers (MSPs) that serve vital sectors. While these actors have since pivoted to focus on Ukraine post-invasion, the potential damage they could cause in the U.S. is alarming, particularly in energy and industrial sectors.

Action Item for Security Professionals: Organizations in critical infrastructure sectors should ensure comprehensive IT/OT segmentation and continuously monitor for suspicious activity, especially within MSP networks.

North Korea’s Lazarus Group Exploits Google Zero-Day

North Korea’s notorious Lazarus Group exploited a Google Chrome zero-day (CVE-2024-49047) through a fake decentralized finance (DeFi) game. This campaign targets cryptocurrency holders and exchanges, part of North Korea’s ongoing effort to steal financial assets via cyber means.

Action Item for Security Professionals: Cryptocurrency platforms and users should ensure they have updated security patches and educate users on identifying phishing attempts tied to DeFi applications.

Wisconsin Sued Over Election Security Flaws

Wisconsin’s online voting system, My Vote, is facing legal challenges over alleged weak cybersecurity protections. Plaintiffs claim that minimal information (name and birthdate) allows anyone to request absentee ballots, making the system vulnerable to fraud.

New Campaign Exploiting CAPTCHA for Malware

A malicious campaign leveraging fake CAPTCHA verification steps to deliver malware, known as LumaStealer, has been identified. Users are tricked into believing they are completing security steps, only to unknowingly download malware that steals sensitive data like passwords and crypto wallet credentials.

Action Item for Security Professionals: Educate end-users on identifying suspicious CAPTCHA processes and implement advanced malware detection systems to block such social engineering attacks.

Penn State Fined for Cybersecurity Non-Compliance

Penn State University was fined $1.25 million for failing to meet cybersecurity requirements in their contracts with the Department of Defense and NASA. This is part of a broader enforcement push by the Department of Justice against universities not adhering to federal cybersecurity standards.

Action Item for Security Professionals: Institutions with federal contracts should review and ensure compliance with all cybersecurity requirements, including regular audits and risk assessments.

Conclusion

James Azar wraps up the podcast by reminding listeners to stay vigilant, highlighting how the threats discussed today—from election security to ransomware—are rapidly evolving. He also encourages professionals to prioritize actions based on the specific risks to their organization rather than relying solely on external metrics like CVSS scores.

Key Takeaway for Security Professionals

Focus on timely patching, proactive threat hunting, and contextual risk assessment to address vulnerabilities and safeguard against sophisticated cyber threats.

✅ Story Links: 

https://www.securityweek.com/cisco-patches-vulnerability-exploited-in-large-scale-brute-force-campaign/

https://www.securityweek.com/new-fortinet-zero-day-exploited-for-months-before-patch-release/

https://thecyberexpress.com/us-presidential-election-targeted-by-hackers/

https://therecord.media/wisconsin-sued-over-voting-system-cyber

https://thecyberexpress.com/russia-breaching-us-critical-infrastructure/

https://www.bleepingcomputer.com/news/security/lazarus-hackers-used-fake-defi-game-to-exploit-google-chrome-zero-day/

https://www.darkreading.com/cyberattacks-data-breaches/trick-captcha-lumma-stealer-malware

https://www.bankinfosecurity.com/embargo-ransomware-disables-security-defenses-a-26603

https://therecord.media/penn-state-fined-millions-cybersecurity

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1  

✅ Important Links to Follow: 

👉Substack:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast   

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/ 

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/ 

👉Twitter (X): https://twitter.com/cyberhubpodcast 

👉Instagram: https://www.instagram.com/cyberhubpodcast 

✅ For Business Inquiries:  info@cyberhubpodcast.com

=============================

✅ About The CyberHub Podcast.

The Hub of the Infosec Community. 

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. 

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.