InfoSec Dot - Issue #30. 🚨 Fortinet Zero-Day Attacks | 🔒 Apple’s New Private Cloud | 🎯 NVIDIA Security Patches

In partnership with

Hello, Cybersecurity enthusiasts!

Welcome to this comprehensive Monday edition of InfoSec Dot!

This week, we’re diving into critical updates, from Fortinet zero-day vulnerabilities under active exploitation to NVIDIA’s recent patches for high-severity driver flaws. Apple is also boosting data privacy with its Private Cloud Compute initiative, and Microsoft warns CISOs about the importance of AI oversight.

Each of these stories highlights the evolving challenges and advancements in the cybersecurity landscape. Let’s explore what’s happening and how these changes might impact our digital defenses.

Start learning AI in 2025

Everyone talks about AI, but no one has the time to learn it. So, we found the easiest way to learn AI in as little time as possible: The Rundown AI.

It's a free AI newsletter that keeps you up-to-date on the latest AI news, and teaches you how to apply it in just 5 minutes a day.

Plus, complete the quiz after signing up and they’ll recommend the best AI tools, guides, and courses – tailored to your needs.

Sign up to start learning.

🗓️ What’s New

Fortinet Alerts on Critical FortiManager Flaw Exploited in Zero-Day Attacks
Fortinet has issued a warning about a critical vulnerability in FortiManager that is actively exploited as a zero-day. The flaw allows unauthorized access, potentially leading to system compromise. Fortinet advises users to apply patches immediately to mitigate risks and secure their networks from ongoing exploitation attempts. Read more (12 Mins)

LinkedIn Fined €310 Million for Data Privacy Violations
Ireland’s Data Protection Commission has fined LinkedIn €310 million for violations related to data privacy, including improper data processing and inadequate transparency measures. This ruling highlights the increased regulatory scrutiny over tech companies’ handling of personal information in the EU, emphasizing the need for stronger data protection practices to comply with GDPR standards. Read more (3 Mins)

Researcher Exposes Microsoft’s ServiceNow Vulnerability, Revealing Employee Data
A researcher gained unauthorized access to Microsoft’s ServiceNow instance, exposing Microsoft employee emails and chat support records. The vulnerability was exploited by misconfiguring permissions, allowing broad data access. This incident highlights the critical need for strong access controls and vigilant monitoring of third-party platforms handling sensitive company data. Read more (6 Mins)

Apple Launches Private Cloud Compute to Boost Data Privacy
Apple has introduced a "Private Cloud Compute" initiative, designed to enhance data privacy across its cloud services. This platform reportedly allows for user data processing with increased security and privacy controls, enabling Apple to meet compliance requirements and protect sensitive data. The move reflects Apple’s ongoing commitment to privacy-focused infrastructure. Read more (2 Mins)

Hacker Returns Millions Stolen from U.S. Government Crypto Wallet
In a surprising turn, a hacker who had drained millions from a U.S. government-linked crypto wallet has returned the stolen funds. The incident, initially thought to be a massive heist, ended with the unexpected return of the assets. The hacker reportedly returned the funds after realizing the wallet was linked to a government entity, highlighting the unique dynamics of accountability in crypto theft. Read more (3 Mins)

NVIDIA Patches High-Severity Flaws in Graphics Drivers for Windows and Linux
NVIDIA has issued security patches addressing high-severity vulnerabilities in its graphics drivers for Windows and Linux, which could enable privilege escalation and denial-of-service attacks. These flaws affect multiple driver versions, and NVIDIA recommends updating to the latest driver versions to mitigate potential security risks. Read more (3 Mins)

🔍 In-Depth Insights

Building an Effective Security Team
Creating a strong security team requires clear role definitions, strategic hiring, and a focus on continuous training. Prioritizing soft skills like communication, along with technical expertise, is crucial for effective collaboration and crisis response. Additionally, fostering a supportive work culture helps retain top talent and enables proactive security practices, positioning the team to manage evolving threats. Read more (6 Mins)

AWS Uses Active Defense to Protect Customers from Security Threats
AWS outlines its approach to active defense, which combines automated threat detection, proactive engagement with threat actors, and continuous monitoring to safeguard customer environments. Techniques like honey tokens, decoys, and automated responses help AWS detect and respond to threats swiftly. AWS encourages customers to adopt similar strategies to bolster their security postures and minimize risks. Read more (5 Mins)

🤖 AI in Cybersecurity

Microsoft Warns CISOs to Prioritize AI Technology Oversight
Microsoft advises CISOs to stay proactive in understanding and managing AI technologies as they integrate into business operations. The rapid growth of AI brings both opportunities and security risks, such as data privacy concerns and model manipulation. Microsoft recommends that security leaders develop AI-specific governance frameworks and enhance threat detection capabilities to manage AI-associated risks effectively. Read more (9 Mins)

AI Impersonation: Emerging Cyberattack Vector
AI-driven impersonation is becoming a serious cyber threat, with attackers leveraging deepfake audio, video, and text to mimic trusted individuals or brands convincingly. This tactic allows threat actors to bypass traditional security checks, leading to social engineering and fraud at scale. Organizations are advised to enhance identity verification protocols and invest in AI detection tools to counteract these sophisticated impersonation attacks. Read more (4 Mins)

💡 Actionable Insights

CloudCopilot Resource Guide for IAM Operators
This resource provides IAM operators with a comprehensive guide to managing cloud identity and access permissions securely. It includes best practices for role-based access control, multi-factor authentication, and automated monitoring. CloudCopilot emphasizes streamlined operations and adherence to compliance standards to protect cloud environments effectively. Read more (6 Mins)

Using Amazon Detective API for Enhanced GuardDuty Investigations
Amazon’s blog details how to leverage the Amazon Detective API to investigate security findings from GuardDuty and enrich data in AWS Security Hub. The guide provides steps to automate analysis, correlate security events, and visualize potential threats. This integration enables security teams to streamline investigations and gain deeper insights into suspicious activities across AWS environments. Read more (18 Mins)

🔗 Miscellaneous Links

• Eliminating AI Deepfake Threats: Is Your Identity Security AI-Proof?

• 77% of CISOs fear next big breach will get them fired

• 10 AI questions CIOs need to answer in the boardroom

• Over $1 Million Paid Out at Pwn2Own Ireland 2024

Also, I'd really appreciate it if you could forward it to your friends and colleagues! Your support helps us grow and continue providing great content.

Regards,

Dot