CISO Talk by James Azar
CyberHub Podcast
🚨 Fortinet Data Breach, Seattle Airport Ransomware Attack, Surge in cyberattacks in Australia, Apple Drops NSO Suit
0:00
Current time: 0:00 / Total time: -17:29
-17:29

🚨 Fortinet Data Breach, Seattle Airport Ransomware Attack, Surge in cyberattacks in Australia, Apple Drops NSO Suit

Today’s top cybersecurity news and the latest threats from Practicing CISO James Azar, tune in to hear how practitioner’s breakdown the latest to bolster their cybersecurity programs

The latest episode of the CyberHub Podcast, hosted by James Azar, kicked off with a lively coffee cup cheer and dove into a jam-packed discussion of the latest cybersecurity incidents and trends.

Here are the top stories from the episode and their implications for IT and security professionals:

Fortinet Data Breach

Fortinet confirmed a data breach after a threat actor, using the pseudonym "Forty Bitch," leaked 440 GB of files allegedly stolen from the company’s Azure SharePoint instance. Fortinet reportedly refused to pay the ransom, and while the company claims the breach is unlikely to impact its financial condition, the full scope of the damage is still under investigation.

Key takeaway: IT professionals should prioritize securing cloud-based services like Azure SharePoint and closely monitor access control to prevent similar breaches.

Port of Seattle Ransomware Attack

The Port of Seattle recently experienced a ransomware attack that caused significant outages. While many systems have been restored, data exfiltration has been confirmed, though the full extent is still under investigation. This case highlights the evolving nature of breach discovery, as initial reports often underestimate the scope of the attack.

Key takeaway: Ensure your incident response plan includes maintaining detailed data inventories to quickly assess the impact of breaches and improve recovery efficiency.

Tennessee School District BEC Scam

In a shocking case of business email compromise (BEC), a Tennessee school district lost $3.4 million after falling for a phishing scam involving a fake curriculum vendor. The money, intended for public schools, was wired to fraudulent accounts.

Key takeaway: Implement rigorous verification processes for financial transactions, including multi-factor authentication and direct verification with vendors before making payments.

Thanks for reading CISO Talk by James Azar! This post is public so feel free to share it.

Share

Ivanti Vulnerability Exploitation

A vulnerability in Ivanti's cloud service appliance was quickly exploited after being disclosed earlier this month. The urgency of patching vulnerabilities immediately upon discovery was underscored, as many organizations fail to apply critical patches in a timely manner.

Key takeaway: Always prioritize immediate patching of critical vulnerabilities, particularly those added to CISA’s Known Exploited Vulnerabilities catalog.

SolarWinds Security Patches

SolarWinds addressed two significant vulnerabilities in its Access Rights Manager, which could allow remote code execution. Though these are high-complexity attacks requiring authenticated users, they highlight the growing importance of secure identity management.

Key takeaway: Strengthen identity and access management practices, especially in environments where sensitive tools like Active Directory are used.

WhatsUp Gold Exploit

Progress Software, still dealing with the repercussions of the MOVEit breach, now faces exploitation of critical vulnerabilities in its WhatsUp Gold software, a network monitoring solution. SQL injection vulnerabilities in the system have allowed attackers to retrieve encrypted passwords without authentication.

Key takeaway: Regularly audit software for vulnerabilities and apply patches as soon as they are available, particularly when managing sensitive network monitoring systems.

China Exploits VS Code Vulnerability

In a new espionage tactic, China’s Mustang Panda group has exploited a feature in Visual Studio Code to gain access to target environments. This marks a significant new supply chain attack vector, using integrated development environments (IDEs) to infiltrate systems.

Key takeaway: Review your development environments for security flaws, especially in widely used tools like Visual Studio Code, and ensure your supply chain is secure.

Apple Drops Lawsuit Against NSO Group

In a surprising move, Apple has withdrawn its lawsuit against NSO Group. The tech giant cited concerns over revealing sensitive vulnerabilities in its OS through court disclosures, potentially increasing the risk of exploitation.

Key takeaway: This decision points to the complexity of cybersecurity lawsuits, and the potential for unintended consequences, such as exposing more vulnerabilities to adversaries.

23andMe Data Breach Settlement

DNA testing company 23andMe has agreed to pay a $30 million settlement over a breach that exposed personal data of 6.4 million customers. While the settlement awaits court approval, it raises ongoing concerns about the security of sensitive personal data held by companies in the genetics and health sectors.

Key takeaway: Companies handling personal data, especially sensitive genetic information, must implement robust security measures and stay ahead of potential breaches.

Action Item for Cybersecurity Professionals:

Strengthen Data Inventory and Patch Management Practices

  • As highlighted in several stories, having a clear understanding of your data inventory and swiftly applying patches are critical steps in minimizing the damage from cyberattacks.

  • Ensure that all critical data is cataloged and secured, and apply updates to software vulnerabilities as soon as they become available.

For more insights, be sure to subscribe to the CyberHub Podcast and stay up-to-date with the latest cybersecurity news.

CISO Talk by James Azar is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

👀 SHOW Supporters:

Today’s Episode is supported by our friends at Nudge Security free 14-day trial to all CyberHub Podcast community members at https://www.nudgesecurity.com/cyberhub

✅ Story Links: 

https://www.securityweek.com/fortinet-data-breach-impacts-customer-information/

https://therecord.media/tennessee-school-district-loses-3-million-bec-scam

https://www.securityweek.com/data-stolen-in-ransomware-attack-that-hit-seattle-airport/

https://www.securityweek.com/ivanti-csa-vulnerability-exploited-in-attacks-days-after-disclosure/

https://www.securityweek.com/solarwinds-patches-critical-vulnerability-in-access-rights-manager/

https://www.bleepingcomputer.com/news/security/hackers-targeting-whatsup-gold-with-public-exploit-since-august/

https://thecyberexpress.com/australia-faces-surge-data-breaches/

https://www.darkreading.com/application-security/microsoft-vs-code-undermined-in-asian-spy-attack

https://www.securityweek.com/apple-suddenly-drops-nso-group-spyware-lawsuit/

https://www.bleepingcomputer.com/news/security/23andme-to-pay-30-million-in-genetics-data-breach-settlement/

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1  

✅ Important Links to Follow: 

👉Substack:

👉Listen here: https://linktr.ee/cyberhubpodcast   

Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/ 

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/ 

👉Twitter (X): https://twitter.com/cyberhubpodcast 

👉Instagram: https://www.instagram.com/cyberhubpodcast 

✅ For Business Inquiries:  info@cyberhubpodcast.com

=============================

About The CyberHub Podcast.

The Hub of the Infosec Community. 

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. 

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.

Discussion about this podcast

CISO Talk by James Azar
CyberHub Podcast
Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines and how these stories help keep practitioners sharp and ready.