Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On the internet, we’re all Hansel and Gretel. But the trail of breadcrumbs we leave behind when searching, posting on social media or shopping online aren’t designed to help us find our way back home. Instead, they’re designed to help the companies we interact with provide a richer, more customized and useful online experience.

Have you ever watched a scary movie where a young couple comes home to find the front door cracked open or windows thrown wide, curtains billowing in the autumn evening breeze? As the couple approaches the house, the tense music swells and we grip our armrests, struck by the terrifying realization that anyone — or anything — could be awaiting them inside.

It’s no secret that cyber attacks — especially ransomware attacks — are increasing across industries and organizations. Attack methods are evolving and rapid digitization, along with the rise of cloud computing and a remote workforce, are creating new threat vectors and exposing new vulnerabilities. One industry that has become a major target for attacks is the automotive industry.

Previously published blog post: Recently, Arctic Wolf observed threat actors begin exploiting CVE-2022-40684, a critical remote authentication bypass vulnerability impacting FortiOS, FortiProxy, and FortiSwitchManager.

On Tuesday, October 11th, 2022, Aruba disclosed three critical vulnerabilities impacting EdgeConnect Enterprise Orchestrator. The vulnerabilities, CVE-2022-37913, CVE-2022-37914, CVE-2022-37915, are remote code execution and authentication bypass vulnerabilities that could enable remote threat actors to compromise a host. In order for a threat actor to exploit these vulnerabilities, WAN access would need to be available for the CLI and/or web-based management interfaces.

The worst-case scenario happens: Your organization suffers a data breach. It’s going to take time to clean it up, the business’ reputation may take a hit, and there’s the major issue of cost. How much does cleanup cost? What if it’s a ransomware attack where your organization must pay the ransom? What other specialists will you have to hire—and how much will you need to pay them?

The FBI’s 2021 Elder Fraud Report leads off with a staggering, sobering statistic: adults 60 and over were swindled out of $1.7 billion dollars last year. That’s with a B. Even worse, that marks an increase of 74% year-over-year. Clearly seniors are an attractive target for cybercriminals. Here are five of their favorite ways to target our elders, and what can be done to stop them.

Late Thursday, October 6, 2022, Fortinet disclosed a critical remote authentication bypass vulnerability —CVE-2022-40684— impacting FortiOS and FortiProxy. The vulnerability could allow a remote unauthenticated threat actor to obtain access to the administrative interface and perform operations via specially crafted HTTP or HTTPS requests.

You can’t protect your system if you don’t know where the vulnerabilities lie or what aspects of your security architecture are being targeted by threats. Intelligence is everything in security — it’s how CISO’s make large-scale operational decisions, how IT teams prioritize projects, and how responders restore and remediate a system during and after an incident.