FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023
Source: Bleeping Computer
The FBI, CISA, and NSA released a list of the top 15 vulnerabilities most exploited in 2023, urging organizations to patch them to prevent attacks. Many of these flaws were exploited as zero-days, indicating an uptick in targeted attacks on critical systems. Notable vulnerabilities include those in Citrix, Cisco, Fortinet, and Microsoft products. The advisory highlights the need for active patch management and provides details on vulnerabilities exploited by state-sponsored and other actors to compromise network security.
Microsoft Visio Files Used in Sophisticated Phishing Attacks
Source: Infosecurity Magazine
Cybersecurity experts have discovered a new phishing tactic involving Microsoft Visio (.vsdx) files, where attackers embed phishing links within trusted Visio diagrams. By using legitimate email accounts to send these files, they bypass security checks. When users open the Visio files and click on embedded links, they’re redirected to fake login pages to steal credentials. This tactic exploits trusted platforms like Microsoft Visio and SharePoint, and experts urge users to verify sender identities, enable multi-factor authentication, and utilize advanced email security.
CISOs Turn to Indemnity Insurance as Breach Pressure Mounts
Source: Infosecurity Magazine
Under increasing scrutiny from boards and regulators, many CISOs are turning to personal indemnity insurance to shield themselves from liability in case of a security breach. A Panaseer report highlights that 61% of companies faced breaches due to ineffective policies or controls, leading 90% of CISOs to face demands for better security assurances. However, a lack of data visibility and reliable analytics continues to challenge CISOs, driving stress and prompting some to consider leaving the industry.
AI Threat to Escalate in 2025, Google Cloud Warns
Source: Infosecurity Magazine
Google Cloud’s 2025 cybersecurity forecast warns of escalating AI-driven cyber threats. Key risks include enhanced phishing campaigns, deepfakes, and social engineering tactics powered by large language models (LLMs). Malicious actors are expected to leverage AI for advanced malware development, disinformation, and identity theft. Cyber espionage groups from countries like Russia, China, North Korea, and Iran are projected to use AI tools for targeted attacks and information operations.
Halliburton Optimistic Amid $35M Data Breach Loss
Source: Dark Reading
Halliburton confirmed a $35 million loss from an August ransomware attack attributed to the RansomHub gang. The breach led to some system shutdowns, data exfiltration, and a slight earnings impact. While Halliburton believes the financial effect is manageable, concerns remain over potential future risks if the attackers release or sell stolen data.