InfoSec Dot - Issue #59. 🔓 Russian 7-Zip Zero-Day 🛑 | Zero Trust Essential 🔒 | AMD Patches Microcode 🖥️

In partnership with

Hello, Cybersecurity Enthusiasts!

In this edition, we explore the latest developments in cybersecurity, including the discovery of a zero-day vulnerability in the 7-Zip archiver, exploited by Russian hackers for malicious purposes.

We also cover the essential role of Zero Trust in modern defense strategies, the implications of AMD's microcode security patches, and the growing threats to healthcare systems.

Stay informed with these crucial updates to strengthen your cybersecurity defenses against evolving threats.

Here’s Why Over 4 Million Professionals Read Morning Brew

• Business news explained in plain English

• Straight facts, zero fluff, & plenty of puns

• 100% free

See for yourself

🗓️ What’s New

Zyxel Won’t Patch Exploited Flaws in End-of-Life Routers

Zyxel has confirmed it will not patch security vulnerabilities in several end-of-life routers, despite active exploitation by threat actors. The vulnerabilities, including critical flaws enabling remote code execution, affect older models that are no longer supported. Security experts urge users to upgrade to newer, supported devices to protect their networks. Read More (3 Mins)

CISA Adds Four New Actively Exploited Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These flaws, affecting widely used software, pose serious risks to organizations and must be patched immediately to prevent cyberattacks. Read More (2 Mins)

AMD Patches Microcode Security Flaws After Accidental Disclosure

AMD has released patches for multiple microcode vulnerabilities after details were accidentally leaked ahead of schedule. These flaws could allow attackers to compromise system security, making timely updates critical for affected users and enterprises. Read More (5 Mins)

AMD’s Random Microcode Flaws & DeepSeek Cyberattack

Recent vulnerabilities discovered in AMD’s microcode have raised concerns over system security, with the flaws posing risks for a range of users. Meanwhile, the DeepSeek cyberattack continues to impact organizations, as attackers exploit security weaknesses. Read More (5 Mins)

North Korean Hackers Deploy ‘Ferret Backdoor’ in Espionage Campaign

North Korean cyber-espionage group Kimsuky is deploying a new malware strain called Ferret Backdoor. This tool allows attackers to remotely execute commands, steal sensitive data, and manipulate infected systems. The campaign primarily targets government agencies and research institutions in South Korea. Security experts recommend enhanced network monitoring and regular threat assessments. Read More (3 Mins)

Russian Hackers Exploit 7-Zip Zero-Day Vulnerability

Russian cybercriminals have leveraged a zero-day vulnerability in the 7-Zip file archiver to execute a series of cyberattacks, demonstrating how powerful and stealthy these threats can be. Prompt patching and vigilance are essential to defend against this exploit. Read More (7 Mins)

🔗 Quick Links

• 8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur

• Personal Information Compromised in GrubHub Data Breach

• Google fixes Android kernel zero-day exploited in attacks

• Security by Design vs. Security by Default – What’s the Better Choice?

• Why Zero-Trust Cybersecurity Is Essential in Today's Threat Landscape

If you like this issue, I'd really appreciate it if you could forward it to your friends and colleagues! Your support helps us grow and continue providing great content.

If you have specific feedback or anything interesting you’d like to share, please let me know by replying to this email.

Regards,

Dot