Transcript
A (0:04)
A poorly patched bug is being exploited in Fortinet firewalls. Hackers go after security testing environments. Jordanian police use Celebrite against activists and new Cisco and smarter mail 0 days this is the risky bulletin prepared by Catalyn Campanu and read by me, Amberly Jack Today is January 23rd and this podcast episode is brought to you by Spectrops Today. The experts in attack path management in today's top story, an old Fortinet bug was not properly patched and threat actors have found a new way to exploit it. The bug from December allowed attackers to bypass single sign on authentication. Fortinet has confirmed the bug was not patched properly. Threat actors are leveraging the flaw to set up backdoor accounts. The new attacks began last week. The attack requires SSO and most devices are safe because it's not enabled by default. Cisco has patched and actively exploited Zero Day in its Unified Communications Manager, phone call and conferencing software. The vulnerability allowed unauthenticated attackers to run malicious code on the platform's web interface. The flaw granted root access to the device. Azero Day in the Smarter Mail business email platform can allow attackers to reset the administrator password. A patch was released last week, but the bug had already been exploited in the wild. Watchtower Labs discovered the bug when analysing logs shared by customers. The Jordanian government has extracted data from devices of local activists using Celebrite's phone hacking and forensics tools. Investigators from Citizen Lab and the OCCRP have found dozens of affected individuals dating back to 2020. The devices were hacked while the owners were interrogated by police. Recent targets were activists who organised protests in support of Palestinians in Gaza. Spain has closed its investigation into the use of Pegasus spyware against government officials. The High Court closed the inquiry after Israel refused to cooperate. Spanish officials began the probe in 2022 after the spyware was used to hack Prime Minister Pedro Sanchez and Defence Minister Margarita Robles. The Dutch parliament has urged its government not to store its digital identity data in US cloud services. The Dig ID service allows Dutch citizens to prove their identity to government websites. The Netherlands has been one of the first EU countries to push for data independence from US infrastructure. Kazakhstan will introduce criminal liability for individuals who leak large quantities of personal data. Under the new law, companies that fail to protect user data will also face increased fines. Those fines will triple from roughly $17,000 to about 42,500. The Chinese government says it investigated more than 4,000 cyber attacks originating from Taiwan last year. The attack sought to steal classified information from Chinese companies across multiple sectors. China claims some of the operations were carried out by what it describes as Taiwanese cyber troops. Hackers are compromising deliberately vulnerable applications used for training pen testers. According to Pentera Labs, several Fortune 500 companies and security vendors left their training labs exposed to the Internet. Targeted apps included the likes of owasp, Juice Shop, DVWA and Hackazon. More than a dozen victims of the Inc. Ransomware Group have had their data recovered by security firm Cybercentors. The company infiltrated the ransomware group's infrastructure and retrieved the victim's original unencrypted data. The Inc. Ransomware Group has more than 100 victims listed on its Dark website. New Zealand's privacy commissioner has launched an investigation into the recent Manage My Health security breach. A hack exposed the medical records of more than 120,000 people late last year. Officials plan to investigate if proper security measures were in place. The GitLab project has patched a two factor authentication bypass vulnerability. Threat actors with the victim's password could have submitted forged Device responses to bypass2fa. The bug is one of five security flaws patched by GitLab this week. Older model Vivitech security cameras can be hacked remotely. A fresh vulnerability allows attackers to run remote code without authentication. According to akamai, at least 37 models of Vivatek camera are affected. All are running the company's legacy framework. AI has been used to find 353 vulnerabilities across the top 5,000 PHP extensions in the packages repository. Security firm Sansec use CLAUDE code for the audit. The bugs impact libraries that have been downloaded 6 million times. Almost 3 quarters of the bugs are direct object reference and authentication bypass issues. The Curl project will shut down its bug bounty program this month. The project's maintainer, Daniel Stenberg, blamed an influx of AI generated bug reports. Stenberg says the reports are time consuming to triage and many are not even security flaws. And finally, the GROK AI agent generated an estimated 3 million sexualized images over 11 days. The Centre for Countering Digital Hate estimated that 23,000 of those were likely children. Grok's image generation feature was introduced in December. Social media platform X is currently under investigation in several countries over the feature. That's all for this podcast edition. Today's show was brought to you by our sponsor Spectrops. Find them@Spectropsio. Thanks for your company.