- InfoSec Dot
- Posts
- InfoSec Dot - Issue #18. 🚨Fortinet Breach | 💳 Mastercard's Big Buy | 🐉 Kali Linux Update
InfoSec Dot - Issue #18. 🚨Fortinet Breach | 💳 Mastercard's Big Buy | 🐉 Kali Linux Update
Latest cybersecurity news and updates
Hey there,
Welcome to this comprehensive Monday edition of InfoSec Dot!
Hope you're all staying safe and curious out there! This week, we're unpacking some fascinating developments around AI's ever-growing role in cybersecurity. From the latest insights at Darktrace to thought-provoking discussions from the World Economic Forum, we've got plenty to cover. Whether you're a seasoned pro or just dipping your toes into the world of cybersecurity, there's something in here for you.
So grab a cup of your favorite brew, settle in, and let's dive into what's new and noteworthy in our digital realm this week.
Happy reading!
Want SOC 2 compliance without the Security Theater?
Get the all-in-one platform for SOC 2
Build real-world security 💪
Penetration testing, compliance software, 3rd party audit, & vCISO
🗓️ What’s New
Fortinet Suffers Significant Data Breach with 440GB Data Stolen
Fortinet confirmed a data breach involving 440GB of data stolen from its Azure Sharepoint instance by a hacker, "Fortibitch." The hacker tried to extort the company, which Fortinet refused, leading to the data being offered on hacking forums. The breach involved limited customer data stored on a third-party cloud service, affecting less than 0.3% of Fortinet's customers and did not include ransomware or access to Fortinet's internal networks. Read More (3 Mins)
Mastercard Enhances Cybersecurity with Recorded Future Acquisition
Mastercard has announced the acquisition of Recorded Future, a leading threat intelligence firm, for $2.65 billion. This move is set to bolster Mastercard's cybersecurity capabilities, extending beyond the payment ecosystem to secure the broader digital economy. Recorded Future, renowned for its extensive client base and sophisticated AI-driven insights, will significantly enhance Mastercard's fraud prevention and real-time decision-making services. Read More (3 Mins)
Apple Vision Pro's Gaze Tracking Vulnerability Exposed
Researchers discovered a vulnerability in Apple's Vision Pro, dubbed GAZEploit (CVE-2024-40865), which exploited gaze-tracking technology to infer keystrokes on the virtual keyboard. This could potentially expose sensitive user information such as passwords and personal data. Apple has since patched this flaw by modifying how persona behaves when the virtual keyboard is active, mitigating the risk of such privacy breaches. Read More (3 Mins)
Trump-Backed Crypto Project Targeted by Scammers
Scammers targeted followers of a new cryptocurrency project endorsed by Donald Trump, tricking over 70,000 people into a fake giveaway. The fraud was facilitated through ads on the project's official Telegram channel, leading victims to expose their crypto wallets under the guise of receiving substantial cryptocurrency rewards. This incident highlights the vulnerabilities associated with crypto projects and the need for vigilant cybersecurity measures. Read More (2 Mins)
UK Elevates Data Centres to Critical National Infrastructure Status
The UK government has designated data centres as Critical National Infrastructure, bolstering their defense against cyber threats and IT blackouts. This move follows a £3.75 billion investment in Europe’s largest data centre, aiming to secure vital data and enhance economic growth. The designation will provide increased government support and resilience against disruptions, ensuring the stability of services critical to both public and economic sectors. Read More (5 Mins)
Kali Linux 2024.3 Released with New Tools and Device Support
Kali Linux 2024.3 is now available, introducing 11 new tools and extended support for Qualcomm Snapdragon SDM845 SoC devices, including popular models like OnePlus 6/6T and Xiaomi Pocophone F1. This update emphasizes enhancements in network security tools and more efficient package management, making it a significant upgrade for security professionals and enthusiasts alike. Read More (6 Mins)
🔍 In-Depth Insights
Cybersecurity Workforce Growth Stalls Amid Expanding Skills Gaps
A new ISC2 study highlights critical stagnation in cybersecurity workforce growth, maintaining at 5.5 million globally despite increasing demand. This stagnation is compounded by widening skills gaps, particularly in AI and cloud computing. Employers are urged to enhance job creation and professional development to mitigate risks and maintain security integrity. This study emphasizes the need for strategic hiring and training to address the evolving cybersecurity landscape. Read More (15 Mins)
Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial Industries
EclecticIQ reports on Scattered Spider's ransomware attacks in financial and insurance sectors, exploiting cloud infrastructures through phishing and advanced social engineering. These attacks, utilizing stolen credentials and cloud-native tools, underscore serious cybersecurity threats to sensitive industries. Read More (15 Mins)
🤖 AI in Cybersecurity
From Dance to AI Security: Nicole Carignan's Unique Journey
Nicole Carignan's path to becoming an AI security executive is both unique and inspiring. Starting as a dance major while working at NASA, she transitioned to cybersecurity after being recruited into the intelligence community. Her blend of technical skills and artistic background has shaped her distinctive approach to AI and cybersecurity at Darktrace, where she leverages machine learning to enhance security measures. Read More (5 Mins)
AI's Role in Cybersecurity: Key Insights from the World Economic Forum
The World Economic Forum's recent roundup highlights AI's increasing role in cybersecurity, warning that generative AI will make phishing more convincing by eliminating grammatical errors that often mark fake emails. The roundup also discusses recent ransomware attacks on US and UK water companies, emphasizing the urgent need for increased investment in data protection due to the rising sophistication of cyber threats. Read More (7 Mins)
AI's Impact on Cybersecurity in 2024: Darktrace Report Insights
Darktrace's latest report on AI in cybersecurity reveals significant trends and challenges. Most surveyed CISOs recognize AI-powered threats as a major ongoing concern, highlighting the necessity for advanced defenses. The report details the evolving threat landscape, where AI impacts every attack stage, making timely threat identification and response crucial. Security professionals urge stronger cybersecurity measures and AI integration to effectively combat these sophisticated threats. Read More (7 Mins)
💡 Actionable Insights
$20 Experiment Turns Researchers into .MOBI Admins
Researchers at watchTowr Labs uncovered a critical vulnerability by acquiring an expired WHOIS server domain for the .MOBI top-level domain, which cost just $20. They unexpectedly became admins, able to intercept and manipulate over 2.5 million domain queries, potentially impacting secure communications across numerous platforms including government and military emails. The experiment revealed profound security flaws in the maintenance of domain registry information and highlighted the susceptibility of the internet's infrastructural trust. Read More (30 Mins)
Best Practices for SaaS Providers Integrating with AWS Accounts
Datadog Security Labs highlights essential security practices for SaaS providers integrating with customer AWS accounts. The guide advises using IAM roles with ExternalIDs, minimizing permissions, and employing session policies to prevent unauthorized access. It also recommends using infrastructure as code for secure and efficient setup, ensuring robust security measures are in place for AWS integrations. Read More (20 Mins)
🔗 Miscellaneous Links
What did you think of today's newsletter content? |
Also, I'd really appreciate it if you could forward it to your friends and colleagues! Your support helps us grow and continue providing great content.
Regards,
Dot
Reply