Threat Landscape Briefing – March 2024

In this month’s briefing we explore:

• Deepfake Technology Tricks Worker Into Paying Out $25 Million (01:04)
  • A finance worker at a multinational firm was tricked into paying $25 million to fraudsters who used deepfake technology to pose as the company’s Chief Financial Officer.
  • See Info-Tech’s research on how to Address Security and Privacy Risks for Generative AI.
• Heads Up, Bootloaders: Critical Shim Flaw Opens Door to Remote Code Execution (RCE) (03:22)
  • A significant remote code execution vulnerability has been discovered in the shim bootloader, a ubiquitous first-stage loader for Unified Extensible Firmware Interface systems.
  • Learn more about the Best Vulnerability Management Tools 2024
• CISA Warns of Active Exploits: Patch Fortinet Products Against Critical Vulnerabilities (06:43)
  • Two critical vulnerabilities have been identified in multiple Fortinet products. Successful exploitation could grant attackers full system control, leading to code execution, data theft, and operational disruption.
  • See Info-Tech’s research on how to Implement Risk-Based Vulnerability Management.
• 2023: A Banner Year for Ransomware (10:28)
  • With record-breaking payments and a substantial increase in the scope and complexity of attacks, 2023 marked a major comeback for ransomware.
  • See how Info-Tech can help you Build Resilience Against Ransomware Attacks.
• ResumeLooters Steal Personal Data of 2 Million Using Exploits Almost as Old as the Internet (13:19)
  • Hacking Gang “ResumeLooters” has stolen the personal data of over two million job seekers after exploiting 65 legitimate job listing sites.
  • Learn more about the Best Cyber Risk Rating Software.