InfoSec Dot - Issue #27. 🚨 Fortinet Vulnerability | 🦊 Firefox Emergency Patch | 🇪🇺 EU Cyber Resilience Act

In partnership with

Hi there,

Welcome to this Thursday's quick update edition of InfoSec Dot!

In this week’s newsletter, we delve into the latest vulnerabilities and breaches, including Mozilla’s urgent Firefox patch to counter active exploits and Fortinet’s ongoing struggle with unpatched firewalls affecting thousands.

We also explore groundbreaking developments such as the EU’s new Cyber Resilience Act and the FBI’s creative tactics to combat crypto fraud. These stories reflect the rapid evolution of threats and the critical need for vigilance in our digital defenses.

Let’s dive in!

Learn AI in 5 Minutes a Day

AI Tool Report is one of the fastest-growing and most respected newsletters in the world, with over 550,000 readers from companies like OpenAI, Nvidia, Meta, Microsoft, and more.

Our research team spends hundreds of hours a week summarizing the latest news, and finding you the best opportunities to save time and earn more using AI.

Sign up with 1-Click

🗓️ What’s New

GitHub Patches Critical Vulnerability in Enterprise Server
GitHub has released patches for a critical vulnerability in its Enterprise Server that could allow unauthorized access via an authentication bypass. The flaw affects versions with SAML SSO authentication and encrypted assertions. GitHub recommends all affected users update to the latest versions to secure their systems. Read more (2 Mins)

Chinese Researchers Claim RSA Encryption Breakthrough with Quantum Computing
Chinese researchers have announced a significant breakthrough, claiming they can break RSA encryption using a quantum computer. If validated, this development could undermine widely used encryption methods that protect sensitive data worldwide. The research highlights the urgent need for quantum-resistant cryptographic algorithms, as advancements in quantum computing continue to pose a growing threat to traditional encryption techniques. Read more (4 Mins)

Medical Data of 400,000 Americans Stolen in Cyberattack
Gryphon Healthcare suffered a supply-chain attack that compromised sensitive medical information of almost 400,000 Americans, including Social Security numbers, diagnosis details, and insurance information. The breach was linked to a third-party partner that handles Gryphon’s billing services. Although no evidence of data misuse has been reported, the attack underscores the risks faced by healthcare providers. Read more (3 Mins)

Live Nation Faces Lawsuit Over Ticketmaster Data Breach
Live Nation is facing a lawsuit following a data breach at Ticketmaster that exposed the personal information of thousands of concertgoers. The lawsuit alleges that inadequate security measures led to the breach, which affected sensitive customer data, including payment information. Plaintiffs are seeking damages, claiming negligence on the part of Ticketmaster and Live Nation in safeguarding user data. Read more (4 Mins)

Cisco Investigates Breach After Stolen Data Surfaces on Hacking Forum
Cisco is investigating claims of a data breach after a hacker listed allegedly stolen data for sale on a forum. The hacker, known as "IntelBroker," asserts that sensitive information, including source code, customer documents, and API tokens, was compromised. Cisco has initiated an internal review to verify the claims and assess any potential impact on its systems. Read more (3 Mins)

EU Adopts Cyber Resilience Act to Enhance Product Security
The European Union has officially adopted the Cyber Resilience Act, establishing stricter cybersecurity standards for digital products and connected devices sold within the EU. This legislation requires manufacturers to implement robust security measures and conduct regular assessments to address vulnerabilities. The goal is to increase consumer protection and reduce the risk of cyber threats across the region’s digital landscape. Read more (3 Mins)

Mozilla Patches Actively Exploited Firefox Vulnerability
Mozilla has released a critical patch for Firefox addressing a use-after-free vulnerability (CVE-2024-9680) that is being actively exploited. This flaw, found in the browser's animation timelines, could allow attackers to execute code remotely. Mozilla advises all users to update to the latest versions to mitigate potential risks, while several national cybersecurity agencies have also issued warnings due to the vulnerability's high impact. Read more (3 Mins)

Fortinet Vulnerability Leaves 87,000+ Devices Open to Attack (CVE-2024-23113)
A critical vulnerability, CVE-2024-23113, affecting Fortinet FortiGate firewalls, remains unpatched in over 87,000 devices. This flaw allows unauthenticated remote code execution, making systems susceptible to cyber attacks. Fortinet has advised immediate updates to affected versions, and administrators are urged to implement strict security policies and monitor for potential exploit attempts. Read more (3 Mins)

🔗 Quick Links

• The dark side of API security

• Unveiling USB Artifacts: A Comparative Analysis

• Mitigating Attack Vectors in GitHub Workflows

• Microsoft reveals ransomware attacks against its customers nearly tripled last year

• Data breaches trigger increase in cyber insurance claims

If you like this issue, I'd really appreciate it if you could forward it to your friends and colleagues! Your support helps us grow and continue providing great content.

If you have specific feedback or anything interesting you’d like to share, please let me know by replying to this email.

Regards,

Dot