SecurityDigest: Cybersecurity News and Updates 09.09.2024-16.09.2024
Fortinet Confirms 440GB Data Leak
Fortinet, one of the world's largest suppliers of products for cybersecurity firm confirmed it suffered a data breach after a hacker named "Fortibitch" claimed to have stolen 440GB of files from the company's Microsoft Sharepoint server. The hacker tried to demand a ransom from Fortinet, but the company refused to pay. According to Fortinet , the incident affected only a limited number of files and less than 0.3% of their customers.
In response, the company notified affected customers and noted no evidence of malicious activity targeting them.
The leak was unrelated to a ransomware attack or data encryption, and hackers could not gain access to Fortinet's corporate network.
Recommendations
Companies and service providers should encrypt all sensitive data, especially when stored on third-party servers or cloud solutions.
20 Intel Vulnerabilities Affecting Processors and Other Products
Intel has reported more than 20 vulnerabilities affecting processors and other company products. One of the alerts covers 11 vulnerabilities in UEFI firmware for servers, desktops, mobile devices, and embedded processors such as the Atom, Xeon, Pentium, Celeron, and Core series. Most of these issues pose a high level of vulnerability and can be exploited to elevate privileges or lead to DoS attacks and information leaks.
Additionally, a moderate-risk vulnerability in processors was also discovered that could allow a local attacker to cause a DoS.
Recommendations
Intel recommends installing the latest firmware and microcode updates to protect against these threats.
领英推荐
GitLab warns of critical vulnerability
GitLab has released critical updates to address 18 vulnerabilities in its products, including CVE-2024-6678, which allows attackers to run pipelines on behalf of any user under certain conditions. With a rating of 9.9, this vulnerability allows remote execution of low-privilege environment shutdown actions. The problem concerns GitLab CE/EE versions 8.14 to 17.1.7 and versions 17.2 and 17.3 up to the latest updates.
Additionally, several high-severity vulnerabilities have been addressed that could allow attackers to execute unauthorized commands, hijack user sessions, or initiate denial-of-service attacks.
Recommendations
Users are advised to update GitLab to the latest version, 17.3.2, 17.2.5, or 17.1.7, to prevent possible attacks that limit access to CI/CD pipelines and set them to a minimum of user privileges.
Follow our weekly updates to stay up-to-date with recommendations on how to protect your data from cyber-attacks.
Best Regards,
FS Group Team