Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On Tuesday, March 7, 2023, Fortinet published a security advisory detailing an unauthenticated remote code execution vulnerability affecting FortiOS and FortiProxy (CVE-2023-25610). The vulnerability was internally discovered by Fortinet, and exploitation has not been observed in the wild at this time. A proof of concept (PoC) exploit has not been published publicly for this vulnerability at this time.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. An unfortunate (aren’t they all?) breach at Acer. With the the UEFI rootkit discovery last week, I wonder if they were poking around for another vendor implementation?

California Consumer Privacy Act is a data privacy regulation introduced to protect the privacy of personal data and uphold the rights of consumers. So, it is an obligation for organizations to achieve and maintain CCPA Compliance if they are dealing with the personal data of citizens of California. However, now CCPA will soon be replaced with the latest version which is known as the California Privacy Right Act (CPRA).

A few weeks ago, we had the pleasure of exchanging with Ezequiel Rabinovich, Lemontech's CTO, about how his teams use GitGuardian to protect their secrets.

Every day, thousands of companies download updates to their software. With a click of a button, they can walk away and return the next morning with everything reorganized and in order. While a staple of modern life, this action is no longer completely harmless. It is now one of many attacks that bad actors use to access systems and execute supply chain attacks.

As cybercrime continues to grow and organizations digitize, understanding cybersecurity and how to improve one’s security posture becomes paramount. Unfortunately, the firewall has dissolved and tools alone, though helpful, can’t protect environments when public sector organizations are understaffed, underfunded, and struggling to maintain compliance.

When I talk to customers and partners about Cloud Threat Exchange (CTE), I immediately say, “I’m not in marketing, and didn’t see the future—so I misnamed the module. I should have named it Cloud Data Exchange.” Why do I say this? Because, as Netskope and Cloud Exchange have matured, the number of use cases the module can fulfill has naturally grown beyond the initial vision. How so?

DC Health Link is part of the Affordable Care Act online marketplace of health insurance plans. The service provides health care to members of Congress as well as many staff members throughout Capitol Hill. This healthcare service was recently the victim of a cyber attack and suffered a serious data breach that exposed hundreds of politicians and Capitol Hill staff members.

It's been a rough week for major companies and the government as well, with the week finishing off with Washington D.C. lawmakers having their health information exposed. This week's attacks make it very clear that nobody is safe from cyber gangs and hackers. Dole, Dish Network, and Acer all suffered data losses this week, as well as the Crystal Bay Casino.

You’ve just sat down to start your work day and you’re going through your emails, hot cup of coffee in hand. You see an email from your company’s IT department telling you to install an update ASAP. As soon as you click the link in the email, you realize you probably should have checked with IT first.