It’s no secret that cyber attacks — especially ransomware attacks — are increasing across industries and organizations. Attack methods are evolving and rapid digitization, along with the rise of cloud computing and a remote workforce, are creating new threat vectors and exposing new vulnerabilities. One industry that has become a major target for attacks is the automotive industry.

Previously published blog post: Recently, Arctic Wolf observed threat actors begin exploiting CVE-2022-40684, a critical remote authentication bypass vulnerability impacting FortiOS, FortiProxy, and FortiSwitchManager.

On Tuesday, October 11th, 2022, Aruba disclosed three critical vulnerabilities impacting EdgeConnect Enterprise Orchestrator. The vulnerabilities, CVE-2022-37913, CVE-2022-37914, CVE-2022-37915, are remote code execution and authentication bypass vulnerabilities that could enable remote threat actors to compromise a host. In order for a threat actor to exploit these vulnerabilities, WAN access would need to be available for the CLI and/or web-based management interfaces.

The worst-case scenario happens: Your organization suffers a data breach. It’s going to take time to clean it up, the business’ reputation may take a hit, and there’s the major issue of cost. How much does cleanup cost? What if it’s a ransomware attack where your organization must pay the ransom? What other specialists will you have to hire—and how much will you need to pay them?

The FBI’s 2021 Elder Fraud Report leads off with a staggering, sobering statistic: adults 60 and over were swindled out of $1.7 billion dollars last year. That’s with a B. Even worse, that marks an increase of 74% year-over-year. Clearly seniors are an attractive target for cybercriminals. Here are five of their favorite ways to target our elders, and what can be done to stop them.

Late Thursday, October 6, 2022, Fortinet disclosed a critical remote authentication bypass vulnerability —CVE-2022-40684— impacting FortiOS and FortiProxy. The vulnerability could allow a remote unauthenticated threat actor to obtain access to the administrative interface and perform operations via specially crafted HTTP or HTTPS requests.

You can’t protect your system if you don’t know where the vulnerabilities lie or what aspects of your security architecture are being targeted by threats. Intelligence is everything in security — it’s how CISO’s make large-scale operational decisions, how IT teams prioritize projects, and how responders restore and remediate a system during and after an incident.

To kids, their Halloween candy stash might as well be a treasure chest. It is their most valuable possession and must remain hidden from pirates … or at least siblings dressed up like pirates. I grew up in a big family. With many kids in the house sharing the same love for Reese’s Peanut Butter Cups, I knew the value of my candy. I knew how important it was to keep it secure. I’d count the pieces multiple times a day.