Cyber Bakery Chronicles

Keeping Up with Cybersecurity News with CyberBakery.net....Your Weekly Update.

Cyber Bakery Chronicles

Your Weekly Cybersecurity Update (25 October 2024)

  • FortiGate Admins Report Active Exploitation 0-Day. Vendor Isn't Talking
  • Russia Hit By DDoS During BRICS Summit
  • Cyber Skills Gap Widens, Nearly 90% of Businesses Link Breaches to Lack of Expertise
  • Ireland fines LinkedIn €310 million over targeted advertising
  • Half of Businesses Underestimate SaaS Security Risks, Culture Blamed
  • ANS 2024 Top Attacks and Threats Report

FortiGate Admins Report Active Exploitation 0-Day. Vendor Isn't Talking.

Fortinet, a prominent developer of network security software, has concealed a critical vulnerability for over a week despite evidence that attackers are exploiting it to execute malicious code on servers used by sensitive customer organizations.

Fortinet's representatives have failed to respond to inquiries and have not issued any public advisory about the vulnerability or the specific software involved. This lack of transparency is consistent with previous zero-day vulnerabilities that have impacted Fortinet customers. Consequently, customers, reporters, and others are left with few reliable sources of information, primarily relying on social media to discuss the ongoing attacks.

According to one Reddit post, the vulnerability affects FortiManager, a software tool for managing all traffic and devices on an organization’s network. Specific versions vulnerable, the post said, include FortiManager versions:

  • 7.6.0 and below
  • 7.4.4 and below
  • 7.2.7 and below
  • 7.0.12 and below
  • 6.4.14 and below

Users of the affected versions must take immediate action to protect themselves by upgrading to versions 7.6.1 or above, 7.4.5 or above, 7.2.8 or above, 7.0.13 or above, or 6.4.15 or above. It is crucial to note that the cloud-based FortiManager Cloud is also potentially vulnerable.

Many administrators managing FortiGate-powered networks have received urgent emails from the company about available updates and strong recommendations to install them. Yet, some users have not received these critical notifications. Fortinet has failed to issue any public advisory or CVE designation for security professionals to track this serious zero-day vulnerability.

This vulnerability has been under discussion since at least October 13. Independent researcher Kevin Beaumont indicates that the security flaw arises from a default FortiManager setting that permits devices with unknown or unauthorized serial numbers to register themselves in an organisation’s FortiManager dashboard. Although specific details remain murky, a now-deleted comment on Reddit warned that this zero-day vulnerability could enable attackers to "steal a FortiGate certificate from any FortiGate, register it to your FortiManager, and gain access." Immediate action is necessary to mitigate this risk.

Russia Hit By DDoS During BRICS Summit

The Russian Foreign Ministry was struck by a significant cyber attack on Wednesday, which coincided with the high-profile BRICS summit being hosted in the country. Spokeswoman Maria Zakharova provided insights into the incident, revealing that the ministry was the target of a large-scale distributed denial-of-service (DDoS) attack.

Zakharova explained, "This morning, we began experiencing a massive cyber assault originating from abroad, specifically targeting the infrastructure of our official website along with the Russian Foreign Ministry's portal."

She acknowledged that the ministry frequently encounters various cyber threats, but emphasized that today’s attack was "unprecedented in scale," suggesting a level of intensity and coordination not previously seen in similar incidents.

The BRICS summit, scheduled in Kazan, Russia, from October 22 to 24, serves as a platform for showcasing Moscow's global influence, particularly in light of ongoing Western sanctions. The timing of this cyber attack raises concerns about the security of critical national infrastructure during such a pivotal international event.

Fortinet's latest Global Cybersecurity Skills Gap Report paints a concerning picture: the cybersecurity skills gap is widening, and businesses increasingly feel the sting.

Key Findings:

  • Skills Gap Fuels Breaches: Nearly 90% of organizations reported a security breach in the past year that they partly attribute to a lack of cybersecurity skills. This number has risen steadily from 84% in 2023 and 80% the year before.
  • Breaches Cost Millions: Cyberattacks are taking a bigger financial bite. Over half of respondents said breaches cost their organizations over $1 million in lost revenue, fines, and other expenses.
  • Boards Take Notice: Cybersecurity is becoming a boardroom issue. 72% of respondents reported that their boards are more focused on cybersecurity than ever before, and 97% agree boards see it as a business priority. Executives are also held accountable, with 51% reporting directors or executives facing consequences like fines or job loss after a breach.
  • Certifications Matter: Certifications are a valuable asset for cybersecurity professionals. Over 90% of hiring managers prefer qualified candidates, and 89% of respondents said they would pay for employees to get certified. However, finding certified talent remains challenging, with over 70% reporting difficulty filling positions requiring tech-focused certifications.
  • Expanding the Talent Pool: Organizations look beyond traditional backgrounds to fill cybersecurity roles. 83% of respondents have diversity hiring goals, but attracting women (85%), minorities (68%), and veterans (49%) remains a challenge. While certifications are valued, traditional requirements persist, with 71% still requiring four-year degrees and 66% only hiring from traditional training backgrounds.

Fortinet recommends a multi-faceted approach to address the skills gap and build cyber resilience:

  1. Upskilling IT and Security Teams: Invest in training and certifications to equip existing teams with the necessary skills.
  2. Cultivating a Cyber-Aware Workforce: Train all employees to identify and report suspicious activity, forming a human firewall.
  3. Implementing Effective Security Solutions: Utilize robust security technology to bolster defences.

The Skills Gap Survey included over 1,850 IT and cybersecurity decision-makers from 29 countries across various industries, including technology, manufacturing, and financial services.

Ireland fines LinkedIn €310 million over targeted advertising

LinkedIn has been fined €310 million by the Irish Data Protection Commission for violating EU laws on personal data processing for behavioural analysis and targeted advertising. The investigation stemmed from a complaint by the French non-profit La Quadrature Du Net. The DPC found that LinkedIn failed to obtain valid consent for third-party data, misused legitimate interests, invalidly claimed contractual necessity, and did not provide sufficient information about its data processing. Additionally, LinkedIn processed data in ways that users did not fully understand. The DPC has ordered LinkedIn to comply with EU legal requirements and pay the fine. The decision includes a reprimand and administrative fines governed by Articles 58(2)(i) and 83 of the

Half of Businesses Underestimate SaaS Security Risks, Culture Blamed

A recent AppOmni report highlights a significant gap between perceptions and realities of SaaS security in enterprises. Key findings indicate that 49% of businesses underestimate SaaS security risks, 34% of security professionals lack visibility into SaaS applications, and only 15% centralize SaaS security within their teams. The report identifies cultural issues as the root cause of vulnerabilities, stemming from decentralised decision-making and poor communication between business units and security teams. This disconnect has led to an increase in SaaS-related breaches, with 31% of organisations reporting a breach in the past year.

To address these challenges, the report recommends fostering enhanced communication, implementing security awareness training, establishing clear security policies, encouraging a proactive security mindset, and leveraging SaaS Security Posture Management (SSPM) tools. As SaaS adoption grows, organisations must prioritise creating a security-conscious culture through smart investments and ongoing education to effectively mitigate risks and safeguard data.

SANS 2024 Top Attacks and Threats Report

Understanding the current threat landscape is crucial for organisational leaders who must adapt to an ever-evolving array of attack vectors, vulnerabilities, and technological advancements. Recent research conducted by the SANS Institute, in collaboration with AuditBoard, provides vital, up-to-date insights for Chief Information Security Officers (CISOs) regarding emerging cyber threats and their far-reaching impacts on businesses.

The 2024 Top Attacks & Threats Report delves deeper into the emerging threats discussed during the annual SANS keynote at the prestigious RSA® Conference, which is recognised as one of the leading cybersecurity events globally. Additionally, the report examines a wide range of other noteworthy trends observed in attacker behaviour, offering a comprehensive overview of the tactics and techniques being employed by malicious actors.

Included in this report are detailed mitigation strategies designed to enhance organisational defences. It provides actionable insights and recommendations on essential skills, processes, and controls that enterprises must implement to effectively safeguard their systems against the increasing sophistication and variety of advanced cyber attacks. By addressing these critical areas, organizations can better prepare themselves to respond to and recover from security incidents, ultimately strengthening their overall cyber resilience.

Download the full report for actionable insights on:

  • 2024 breach and threat baseline data, including assessments of the most formidable issues on the horizon
  • Security-focused software development and solutions for multi-cloud security and SOC automation
  • Pros, cons, and use cases for artificial intelligence and machine learning