Week in review: Fortinet patches pre-auth RCE, Switzerland under cyberattack

Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Building a culture of security awareness in healthcare begins with leadership
In this Help Net Security interview, Ken Briggs, General Counsel at Salucro, discusses how fostering a culture of security awareness has become paramount for healthcare organizations.

Building a hyper-connected future with 6G networks
In this Help Net Security interview, Shamik Mishra, Capgemini‘s CTO of Connectivity, delves into the emerging themes and technologies shaping 6G, its performance metrics compared to 5G, the role of advanced AI algorithms, the impact of higher frequencies, and the geopolitical race for 6G leadership.

Fortinet patches pre-auth RCE, update your Fortigate firewalls ASAP! (CVE-2023-27997)
Fortinet has released several versions of FortiOS, the OS/firmware powering its Fortigate firewalls and other devices, without mentioning that they include a fix for CVE-2023-27997, a remote code execution (RCE) flaw that does not require the attacker to be logged in to exploit it.

June 2023 Patch Tuesday: Critical patches for Microsoft Windows, SharePoint, Exchange
For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly known before today!

PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362)
As more victim organizations of Cl0p gang’s MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE vulnerability exploited by the Cl0p cyber extortion group to plunder confidential data.

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887)
VMware has fixed two critical (CVE-2023-20887, CVE-2023-20888) and one important vulnerability (CVE-2023-20889) in Aria Operations for Networks (formerly vRealize Network Insight), its popular enterprise network monitoring tool.

Switzerland under cyberattack
Swiss government websites are under DDoS attacks, but several ransomware gangs have also turned their sights on Swiss government organizations, cantonal governments, cities and companies in the last few months.

Red teaming can be the ground truth for CISOs and execs
This year, against the backdrop of attacks on everyone from healthcare institutions and schools to financial services organizations, as well as the introduction of legislation across the UK and EU to move security up the agenda, cybersecurity has undoubtedly become more of a priority for boards.

The multiplying impact of BEC attacks
The 2023 Verizon Data Breach Investigations Report (DBIR) has confirmed what FBI’s Internet Crime Complaint Center has pointed out earlier this year: BEC scammers are ramping up their social engineering efforts to great success.

Examining the long-term effects of data privacy violations
In this Help Net Security video, Kris Lahiri, CSO at Egnyte, believes data privacy violations cast a long shadow and takes a closer look at the lasting consequences.

Cyber extortion hits all-time high
Cyber extortion attacks have become increasingly prevalent in recent years, posing a significant threat to organizations of all sizes and industries, according to Orange Cyberdefense.

How secure is your vehicle with digital key technology?
Digital key technology allows mobile devices to streamline approval for everyday access points, making it a fitting solution for the automotive industry.

Quantum computing’s threat to national security
In this Help Net Security video, Denis Mandich, CTO at Qrypt, talks about quantum computing.

Incorporating cloud security teams into the SOC enhances operational efficiencies
Security leaders are recognizing that cloud and the way cloud security teams work today are becoming increasingly critical to business and IT operations, according to Trend Micro.

Beyond MFA: 3 steps to improve security and reduce customer authentication friction
Multi-factor authentication (MFA) was developed to provide protection for online accounts by requiring the user to present two or more verification factors to gain access to an application, online account, or other service.

NetSPI Breach and Attack Simulation (BAS) platform demo
Ready to continuously simulate real-world attack behaviors, not just IoCs, and put your detective controls to the test in a way no other organization can? See BAS in action or schedule a 1:1 meeting with the NetSPI BAS team to get started.

Lack of adequate investments hinders identity security efforts
Organizations are still grappling with identity-related incidents, with an alarming 90% reporting one in the last 12 months, a 6% increase from last year, according to The Identity Defined Security Alliance (IDSA).

How to achieve cyber resilience?
Cyber resilience is a leading strategic priority today, and most enterprises are now pursuing programs to bolster their ability to mitigate attacks.

Enhancing security team capabilities in tough economic times
In this Help Net Security video, Eoin Hinchy, CEO of Tines, discusses how organizations can maximize the potential of their security teams during an economic downturn.

What is a browser doing at Infosecurity Europe 2023?
What if the enterprise had complete control over the browser? What would it do for security, productivity, for work itself? Ari Yablok, Head Of Brand at Island, invites you to visit Island at Infosecurity Europe 2023 (Stand S75) to learn more.

How cybercriminals target energy companies
In this Help Net Security video, Jim Simpson, Director of Threat Intelligence at Searchlight Cyber, discusses how cybercriminals employ specialized strategies when targeting energy companies.

Introducing the book: Visual Threat Intelligence
In this Help Net Security video interview, Thomas Roccia, Senior Security Researcher, discusses his new book – Visual Threat Intelligence.

3 ways we’ve made the CIS Controls more automation-friendly
The Center for Internet Security wants to help you streamline your compliance efforts.

New infosec products of the week: June 16, 2023
Here’s a look at the most interesting products from the past week, featuring releases from NETSCOUT, Okta, Quantinuum, Seceon, and Zilla Security.

More about

Don't miss