InfoSec Dot - Issue #61. 🚨 Firewall Exploits Persist | 📱 Android Security Gets a Boost | 🎯 Hackers Target AI Supply Chains

In partnership with

Hello, Cybersecurity Enthusiasts!

In today’s edition, we uncover critical cybersecurity developments, including Fortinet’s second firewall authentication bypass, raising alarms for enterprise security.

We also dive into Google’s new Android SafetyCore, designed to bolster mobile defenses, and the rise of AI model supply chain threats, as attackers embed malicious code in Hugging Face pickle files. With ransomware payments declining to $813 million in 2024, is cyber defense finally improving, or are criminals shifting tactics?

Stay ahead with these vital updates to fortify your security posture.

Looking for unbiased, fact-based news? Join 1440 today.

Upgrade your news intake with 1440! Dive into a daily newsletter trusted by millions for its comprehensive, 5-minute snapshot of the world's happenings. We navigate through over 100 sources to bring you fact-based news on politics, business, and culture—minus the bias and absolutely free.

Subscribe to 1440 today.

🗓️ What’s New

Election Security Under Scrutiny: CISA’s Role in Safeguarding the Vote 

As the U.S. gears up for elections, CISA’s cybersecurity efforts face political and operational challenges. With concerns over election integrity, cyber threats, and state-federal tensions, the debate over voting security and resilience intensifies. Read More (3 Mins)

CIS Build Kits: Strengthening Cyber Defense for Enterprises 

CIS (Center for Internet Security) offers Build Kits to help organizations harden systems, ensure compliance, and mitigate cyber threats efficiently. These tools provide pre-configured security settings for various platforms, aligning with industry best practices. Read More (3 Mins)

Google Confirms Android SafetyCore: A New Layer of Mobile Security 

Google has introduced SafetyCore, a security feature designed to harden Android devices against advanced cyber threats. This low-level protection aims to prevent unauthorized modifications, making Android safer for users and enterprises. Read More (3 Mins)

Attackers Hide Malicious Code in Hugging Face AI Model Files 🎭

Cybercriminals are embedding malicious code in Hugging Face AI model pickle files, exploiting the trusted AI ecosystem to execute attacks. This technique raises concerns over supply chain security in AI and machine learning. Read More (6 Mins)

Ransomware Payments Drop to $813M in 2024 

Ransomware payments declined to $813 million in 2024, signaling a shift in cybersecurity resilience and victim responses. Experts attribute the drop to better defenses, law enforcement actions, and companies refusing to pay ransoms. However, ransomware groups continue to evolve, posing persistent threats. Read More (4 Mins)

Fortinet Discloses Second Firewall Auth Bypass Flaw 

Fortinet has revealed a second authentication bypass vulnerability in its firewall products, patched in January. This flaw could allow attackers to gain unauthorized access, potentially compromising network security. Security experts urge immediate patching to mitigate risks. Read More (5 Mins)

🔗 Quick Links

• India's Cybercrime Problems Grow as Nation Digitizes

• Private equity firm to acquire SolarWinds for $4.4B

• Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks

• Nearly 10% of employee gen AI prompts include sensitive data

• 7AI Launches With $36 Million in Seed Funding for Agentic Security Platform

If you like this issue, I'd really appreciate it if you could forward it to your friends and colleagues! Your support helps us grow and continue providing great content.

If you have specific feedback or anything interesting you’d like to share, please let me know by replying to this email.

Regards,

Dot