Skip to main content
search
All BlogsCyber News

Cyber Attack News – Risk Roundup – Top Stories for October, 2024

By October 29, 2024 No Comments

Fortinet Zero Day Actively Exploited

A Fortinet zero day (CVE-2024-47575) was officially disclosed last week, affecting Fortinet’s FortiManager platform used to control Fortinet devices including FortiGate firewalls. This flaw can enable RCE and control of FortiManager and managed devices.

Exploits of this vulnerability could indirectly affect VPN services only if an attacker compromises FortiManager and uses it to alter the settings of managed devices, potentially impacting firewall and network configurations, which might extend to VPN configurations.

Read the Article

 

More Attacks on U.S. Water Utilities

The largest water utility in the U.S. shut down its billing system in response to a cyber incident, marking yet another critical infrastructure attack. This follows a series of water infrastructure hacks, including three cities in Texas early this year which were eventually linked to Russian hacktivists by Mandiant. One of those resulted in a tank overflow, while another city utility unplugged and went into manual operation to protect their systems. 

This might be a good time for a side note: one high profile water incident of recent years may not have been an attack at all. It was widely reported that hackers had attempted to access a water treatment facility in Oldsmar, Florida. But new evidence suggests it was not the work of an outside attacker and may instead have been a case of an overzealous employee.

Read the Article 

 

U.S. Telecom Networks Targeted 

The U.S. Department of Homeland Security’s Cyber Safety Review Board (CSRB) is investigating alleged Chinese cyber intrusions targeting U.S. telecommunications networks. This breach reportedly aimed to intercept sensitive communications linked to prominent political figures. The FBI and CISA are involved in the inquiry, with the CSRB expected to recommend stronger security measures to protect telecom infrastructure from such threats. This incident highlights the increasing sophistication of cyber threats to critical U.S. infrastructure

Read the Article

 

Continuing Healthcare Attacks

Ransomware continues to escalate for healthcare organizations, with new data from Sophos backing up what seems to be an alarming frequency of attacks. Two thirds of those surveyed reported suffering a ransomware attack in the past year.

Further, a new strain of ransomware called Trinity prompted the U.S. Department of Health and Human Services to publish an advisory in early October warning hospitals of the new strain, calling it a “significant threat.”

Read the Article

 

Vulnerabilities in Palo Alto Networks Migration Tool

A chain of vulnerabilities in Palo Alto Networks’ Expedition were discovered earlier this month. If used in combination, they could allow an attacker to read database contents and write files to the Expedition system. As explained on Vulnerable U, “The attacker would have access to cleartext passwords, device configurations, and API keys for the PAN-OS firewalls.” Find more about the CVEs from NIST: CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, and CVE-2024-9467

Read the Article

 

The Two Biggest Emerging Battlegrounds and Threats to National Security: Cyber and Space

As cybersecurity evolves, it’s essential to address not just terrestrial risks but emerging threats in space. Hear Xage’s CEO, Geoffrey Mattson, weigh in on the importance of replacing outdated methods with a zero-trust approach. 

Read the Article

Gartner Market Guide for Zero Trust Network Access

Learn more about zero trust security solutions.