Infosec bits for 2024 week 43

Sicelo Ncekana | Oct. 25, 2024, 11:03 a.m.

Cybersecurity News:

Cisco Confirms Security Incident After Hacker Offers to Sell Data [Eduard Kovacs, Security Week]

Fortinet zero-day attack spree hits at least 50 customers [Matt Kapko, Cybersecurity News]

3 proven use cases for AI in preventative cybersecurity [Charles Owen-Jackson, Security Intelligence]

Vulnerabilities & Patches:

87,000+ FortiOS Devices Vulnerable to Remote Code Execution Attacks [Guru Baran, Cybersecurity News]

Cisco Patches Critical Vulnerability Affecting VPN Services [Ashish Khaitan, The Cyber Express]

Cisco reports more than 35 vulnerabilities in firewall products [Dirk Knop, Heise Online]

Lazarus Group exploited Chrome vulnerability with fake NFT game [TradingView, TradingView]

Breaches & Attacks:

800,000 people just had their full names, SSNs and more exposed in massive insurance admin company data breach [Anthony Spadafora, Tom's Guide]

Hackers Allegedly Claiming Breach NoBroker Users Data & Demands Ransom [Dhivya, Cybersecurity News]

UnitedHealth says data of 100 million stolen in Change Healthcare breach [Lawrence Abrams, Bleeping Computer]

Goodbye Fidelity – more than 77,000 customers at risk from database breach – you should do this as soon as possible [Unión Rayo, Unión Rayo]

Malware

New malware family NotLockBit aims ransomware attacks toward macOS [Steve Zurier, SC Media]

Windows users are being tricked by sneaky malware scheme [Kurt Knutsson, Fox News]

Bumblebee malware returns after recent law enforcement disruption [Bill Toulas, Bleeping Computer]