Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On October 23, 2024, Fortinet published an advisory disclosing an actively exploited vulnerability (CVE-2024-47575) affecting FortiManager and FortiManager Cloud. The critical-severity vulnerability can be exploited on FortiManager instances exposed to the internet via port 541. Successful exploitation could allow a remote, unauthenticated threat actor to execute arbitrary code or commands via specially crafted requests.

One of the most challenging elements of securing an organization from cyber threats is ensuring that their employees aren’t placing themselves or their colleagues at risk. But as Arctic Wolf’s new Human Risk Behavior Snapshot shows, even security practitioners and IT leaders aren’t always model citizens when it comes to mitigating their own cyber risk.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Woes continue at the Internet Archive.

The growing scale of organizations and the more opportunities to push the boundaries have led to an upsurge in corporate fraud in recent years. Fraud can be a deceptive action taken against a company or one carried out by the company. A company could commit fraud in many ways to improve its industry reputation and defend itself from audits. On the other side, a company may become a victim of financial statement fraud, asset theft, and corruption committed by its staff members.

This week, the FBI announced it is investigating a classified data leak of U.S. intel on Israel’s plans to retaliate against Iran. The top-secret documents were exposed on the Telegram messaging app, and it’s unclear if it was a leak or hack. The investigation will center on the Defense Department’s National Geospatial-Intelligence Agency, which manages the country’s network of spy satellites and anyone with access to the classified document.

When it comes to building a comprehensive data security strategy, everything hinges on finding and accurately classifying all your sensitive data. It seems security professionals have finally given up on legacy solutions that require extensive labeling and manual data mapping — and not a moment too soon. We're confident no one will mourn the passing of legacy solutions.

Third-party monitoring is a critical aspect of Third-Party Risk Management as it keeps security teams informed of the organization's evolving third-party risk exposure. To learn the importance of third-party monitoring and why it should be emphasized in your TPRM program, read on.

Over the past few decades, securing remote access has become monumentally more complex. Remote work, with all of its benefits, has also furthered the threats of shadow IT and unauthorized remote access.

Code repositories are the primary source of secrets, but GitGuardian data highlights the broader issue of secret sprawl. From code to production, understand how these vulnerabilities expose sensitive data and learn how to enhance your security posture with GitGuardian insights.

Historically, Mac users haven't had to worry about malware as much as their Windows-using cousins. Although malware targeting Apple devices actually predates viruses written for PCs, and there have been some families of malware that have presented a significant threat for both operating systems (for instance, the Word macro viruses that hit computers hard from 1995 onwards), it is generally the case that you're simply a lot less likely to encounter malware on your Mac than you are on your Windows PC.