CloudCast Cybersecurity Headlines for November 6, 2024
From the CloudCast Studios at Skyhigh Security, I’m your host Scott Schlee and these are your Cybersecurity Headlines for the week of Tuesday, November 6, 2024. Headlines this week: Fortinet Flaw Exploited AWS CDK Vulnerability Patched SEC Charges Over SolarWinds Disclosures REvil Members Sentenced in Russia Meta's WhatsApp Security Update CISA and FBI Probe China-Linked Hacks Change Healthcare Data Breach Delta Sues CrowdStrike Over Outage Thank you for listening to Skyhigh CloudCast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit skyhighsecurity.com. ----------- CloudCast is hosted by Skyhigh Security’s very own Digital Experience Manager, Scott Schlee. Scott’s engaging demeanor and wit, backed by over 20 years in digital media production and web development, has led to successful collaborations with top-tier brands. His experience includes hosting and producing a wide range of podcasts and videos. Scott has been recognized for his outstanding work, including an award-winning digital short and a Webby Awards nomination for Viral Marketing (Branded). Beyond his professional achievements, Scott’s personal journey as a decade-long pancreatic cancer survivor has led him to share his story with the U.S. Congress and other organizations as an advocate for increased cancer research funding. Transcript From the CloudCast Studios at Skyhigh Security, I'm Scott Schlee, and these are your Cybersecurity Headlines for the week of Tuesday, November 6th, 2024. Fortinet recently disclosed a critical flaw in its FortiManager software, which has been actively exploited in zero-day attacks to compromise systems. This vulnerability, known as an out-of-bounds write, allows remote attackers to execute arbitrary code, giving them unauthorized control over affected systems and the ability to steal sensitive data. Organizations using Fortinet products have been strongly urged to apply patches immediately to mitigate potential risks. Critical vulnerability in Amazon's cloud development kit allowed potential account takeovers, exposing users to security risks. This flaw, if exploited, could enable attackers to gain full control over AWS accounts through improperly secured S3 bucket configurations. Amazon has since released a patch for the CDK urging all users to update to the latest version to secure their cloud environments against this risk. The SEC has charged four companies, including Unisys and Avaya, for misleading disclosures regarding their cybersecurity practices following the 2020 SolarWinds cyberattack. These firms allegedly failed to adequately inform investors about the extent of their exposure to cybersecurity risks, instead providing only generic or incomplete risk information. As a result, fines totaling $6 million have been imposed on the companies, with Unisys paying the largest penalty of $4 million. Four members of the notorious REvil Ransomware group were sentenced by the St. Petersburg Garrison Military Court to several years in prison. These individuals were found guilty of crimes related to the illegal circulation of payment methods, marking a rare sentencing for cybercriminals within Russia. This group, linked to high-profile ransomware attacks had been apprehended in 2022, and this verdict signals a significant stance by Russian authorities against certain cybercrime activities. Meta recently introduced an enhanced security feature for WhatsApp known as Identity Proof Linked Storage, IPLS, which provides encrypted storage for user contacts.