Fortinet has recently patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762 and CVE-2024-23313), one of which is “potentially” being exploited in the wild.  CISA noted that CVE-2024-21762 is an out-of-bounds write vulnerability in FortiOS, which may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.

Many environments and individual user accounts have been compromised as part of an ongoing campaign that targets Microsoft Azure corporate clouds. The activity includes data exfiltration, financial fraud, impersonation, and more against organizations in different geographic regions and industry verticals. Researchers have found that the activity is refined, with tailor-made phishing aimed at the highest-profile, highest-value individuals.

Rhysida ransomware victims can successfully decrypt files encrypted by the ransomware because of an implementation vulnerability discovered by researchers and used to create a decryptor. Rhysida is a Ransomware-as-a-Service (RaaS) gang that carries out double extortion tactics. It was first observed in May 2023, gaining notoriety for targeting the British Library, the Chilean Army, healthcare delivery organizations, and Holding Slovenske Elektrarne (HSE).

The Canadian government plans to ban Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars.  The Flipper Zero is a portable and programmable pen-testing tool that helps experiment with and debug various hardware and digital devices over multiple protocols, including RFID, radio, NFC, infrared, and Bluetooth.

At least 18 hospitals in Romania were recently knocked offline after a ransomware attack took down their healthcare management system.  The Hipocrate Information System (HIS) used by hospitals to manage medical activity and patient data was targeted over the weekend and is now offline after its database was encrypted.  The incident is under investigation by IT specialists, including cybersecurity experts from the National Cyber Security Directorate (DNSC), and the possibilities for recovery are being assessed.

ExpressVPN recently disabled split tunneling on its Windows clients to prevent an issue where DNS requests were not properly directed to its servers.  The issue, introduced in May 2022 in version 12.23.1 of ExpressVPN, resulted in DNS requests remaining unprotected in certain conditions.  Normally, when users connect to ExpressVPN, their DNS requests are sent to the company's servers.