Cyberattackers Continue Assault Against Fortinet Devices

Patched earlier this month, a code-execution vulnerability is the latest FortiOS weakness to be exploited by attackers, who see the devices as well-placed targets for initial access operations. Patched earlier this month, a code-execution vulnerability is the latest FortiOS weakness to be exploited by attackers, who see the devices as well-placed targets for initial access operations. [TechWeb]( Follow Dark Reading: [RSS]( March 16, 2023 LATEST SECURITY NEWS & COMMENTARY [Cyberattackers Continue Assault Against Fortinet Devices]( Patched earlier this month, a code-execution vulnerability is the latest FortiOS weakness to be exploited by attackers, who see the devices as well-placed targets for initial access operations. [Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector]( Over the weekend, cybercriminals laid the groundwork for Silicon Valley Bank-related fraud attacks that they're now starting to cash in on. Businesses are the targets and, sometimes, the enablers. [GoatRAT Android Banking Trojan Targets Mobile Automated Payment System]( The new malware was discovered targeting three banks in Brazil. [SMBs Orgs Want Help, but Cybersecurity Expertise Is Scarce]( Smaller firms are boosting cybersecurity budgets, but there's a long way to go to address a deep lack of cyber preparedness among SMBs. [Meet Data Privacy Mandates With Cybersecurity Frameworks]( Protection laws are always evolving. Here's how you can streamline your compliance efforts . [Why Security Practitioners Should Understand Their Business]( The sooner CISOs become proactive in understanding the flip side of the organizations they protect, the better they'll be at their jobs. ['Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit]( Two gang members are being charged for allegedly threatening to release personal information and impersonating law enforcement in an effort to dox victims. [Telerik Bug Exploited to Steal Federal Agency Data, CISA Warns]( An unpatched Microsoft Web server allowed multiple cybersecurity threat groups to steal data from a federal civilian executive branch. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface]( One researcher thinks trust is broken in AD. Microsoft disagrees that there's a security vulnerability. But enterprise IT environments should be aware of an authentication gap either way. [How Businesses Can Get Ready for AI-Powered Security Threats]( Organizations need to take steps now to strengthen their cyber defenses. [MORE]( EDITORS' CHOICE [Microsoft Zero-Day Bugs Allow Security Feature Bypass]( Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately. LATEST FROM THE EDGE [How Do Attackers Hijack Old Domains and Subdomains?]( Here is a cautionary tale of what happens if side-projects or sections of the website becomes obsolete. If you don't remove them, someone might hijack your subdomain. LATEST FROM DR TECHNOLOGY [Google Proposes Reducing TLS Cert Life Span to 90 Days]( Organizations will likely have until the end of 2024 to gain visibility and control over their keys and certificates. WEBINARS - [ChatGPT: Defending Your Business Against AI-Supercharged Ransomware]( This webinar will dig into the ways criminals are projected to take advantage of ChatGPT and other AI tools to improve the reach and effectiveness of their ransomware attacks. The session will conclude with a review of a 12-step plan ... - [Building Out the Best Response Playbook for Ransomware Attacks]( When ransomware locks up your business's critical data and essential gear, there is no time to panic. The organization needs answers fast: Is the infection going to spread to other endpoints? Will the attackers publicly dump the stolen information? How ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Relationship Between Security Maturity and Business Enablement]( - [IT/OT Security Platform Navigator 2022]( - [Empower Digital Transformation by Protecting Converged IT and OT]( - [Cloud Journey Adoption Stage: Securing Hybrid and Multi-cloud Environments]( - [Cloud Journey Consideration Stage: 2022 Cloud Security Report]( - [The 2022 State of Cloud Security Report]( - [Seven Ways to Avoid the Nightmare of a Cloud Misconfiguration Attack]( [View More White Papers >>]( FEATURED REPORTS - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [2022 State of Network Management (a $499 Value FREE)]( We surveyed networking professionals about their networking budgets, spending priorities, and concerns. Find out how big of a role security is playing and how they plan to address it. Download the report today! [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Hornetsecurity Launches VM Backup V9]( [DirectDefense Reports the Top Threats From 2022 and What's Trending for 2023]( [Camozzi Group and Radiflow Announce Collaboration on Industrial Systems Cybersecurity]( [Optiv More Than Doubles Federal Presence With ClearShark Acquisition]( [SecurityScorecard Appoints Former US Congressman John Katko As Senior Advisor]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)