Cyber Intelligence Weekly

Cyber Intelligence Weekly (October 16, 2022): Our Take on Three Things You Need to Know

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Also, we are always looking for great people to join our team. If you know anyone who fits the profiles for any of our open positions, drop me a line and let us know!

Before we get started on this week’s CIW, I’d like to highlight an upcoming webinar we have with our good friends at PexTrac!

Any effort to level up an offensive security program must begin with people. Your human resources are your greatest asset — and can also be your biggest challenge — in maturing your program and its capabilities.

Echelon Risk + Cyber and PlexTrac are pleased to present part two of our webinar series diving into the key areas of your offensive security strategy: people, process, and technology. This installment will focus on your people — often considered the most crucial aspect of an organization’s security posture.

We’ll discuss the most important decisions your security team must make relating to people, including recruiting and hiring during a talent shortage, onboarding team members to your program and organization, investing in the growth of your people, and avoiding burnout and retaining your best talent.

Our experts in offensive security will share tips on how to create a strong foundation on which your program can build through empowering and prioritizing people — no matter how the threat landscape evolves.

Join us live on Zoom on Wednesday, October 26th at 10am PT / 1pm ET. See you there!

Measuring Your Offensive Security Maturity: Prioritize Your People

Away we go!

1. Vulnerable Fortigate Products FortiOS / FortiProxy / FortiSwitchManager Allow Authentication Bypass on Administrative Interface

Fortinet recently released an advisory for, and patched, a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiSwitchManager projects (CVE-2022-40684). This vulnerability is very serious, as it gives an attacker the ability to login as an administrator on the affected systems.

Vulnerable Fortigate Products FortiOS / FortiProxy / FortiSwitchManager Allow Authentication Bypass on Administrative Interface

Fortinet privately notified their customers urging them to upgrade their systems as soon as possible, presumably to give their customers a head start in patching their systems before the vulnerability became public. Fortinet’s products are very popular and a quick Shodan search shows that there are possibly hundred of thousands of these devices exposed to the internet.

The Cybersecurity & Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities Catalog as they have seen evidence that this vulnerability has been exploited by threat actors in the wild. Check out this blog by our partners at HORIZON3.ai where do a deep dive technical analysis of the bypass.

2. Ferrari Denies Data Breach and Ransomware Attack Following Gang’s Online Claims

Ransomware group RansomEXX recently claimed to have obtained internal documents, datasheets, repair manuals, and other information. Many news outlets have been pointing to the leaked data trove being posted as a sure sign of the company suffering a major cybersecurity incident.

Ferrari Denies Data Breach and Ransomware Attack Following Gang’s Online Claims

Per a recent Reuters report, Ferrari noted that they had not found any evidence that their systems were breached, nor have they suffered a ransomware attack. They also noted there had been no interruptions to their business. Where there is smoke, there usually is fire, it will be interesting to see if there is anything more to report here.

3. GCHQ Head says Chinese Tech Poses Major Risk

In a recent lecture, Jeremy Fleming, the Director of the Government Communications Headquarters recently warned of an increasingly growing Chinese threat in the technology space. He noted how the Chinese regime is using its technology to manipulate people’s lives and fully embed its influence not only at home, but also abroad. His talk was given at the annual security lecture at the Royal United Services Institute think tank.

He also referenced the development of the BeiDou satellite system, which many are calling a rival to the US-owned GPS network. He noted that it could potentially be used to track people or could be used to knock out other country’s satellite systems in the event of a global conflict. When the leader of an established nation’s intelligence community speaks up in this way, it is hard not to listen seriously.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about

Sign Up for Weekly Cyber Intelligence Delivered to Your Inbox

Sign up to get Cyber Intelligence Weekly in your inbox.