CSTI
    industryThe Commercial Era (2016-Present) Daily Briefing

    Cybersecurity Briefing: Notable Threats and Vulnerabilities on June 12, 2020

    Friday, June 12, 2020

    # Lead Story: Fortinet Vulnerabilities Exposed

    On June 12, 2020, significant vulnerabilities in Fortinet's FortiGate devices were discovered, flagged as CVE-2020-12812. These vulnerabilities could allow attackers to bypass security protocols, including two-factor authentication, through a case-sensitivity issue in username handling between local accounts and LDAP servers. This flaw poses a grave risk, potentially enabling unauthenticated users to gain unauthorized access if specific configurations are exploited. Organizations utilizing FortiGate products should prioritize immediate patching to mitigate risks and prevent unauthorized access. The Hacker News

    # Secondary Item 1: Malicious Apps on Google Play

    The Google Play Store was marred by the presence of over 20 malicious applications that posed as cryptocurrency wallets. These apps exploited compromised developer accounts to steal users' wallet credentials, putting significant financial assets at risk. Despite appearing trustworthy, many of these applications had garnered substantial downloads, highlighting the need for heightened scrutiny and security awareness among users. Cybersecurity News

    # Secondary Item 2: Evolving Phishing Techniques

    The day also saw a rise in sophisticated phishing and malware threats. Cybercriminals employed advanced techniques, embedding malicious payloads within benign-looking JPEG images, demonstrating a worrying evolution in attack methods. This trend underscores the importance of vigilance against unexpected threats and the need for robust security measures across all sectors. Cybersecurity News

    # Analyst Perspective

    The incidents of June 12, 2020, reflect a pattern of increasing complexity in cyber threats, from vulnerabilities that undermine fundamental security protocols to sophisticated social engineering techniques. Organizations must remain proactive in their cybersecurity strategies, employing regular updates, user education, and rigorous scrutiny of applications to safeguard against these evolving threats. The dynamic nature of the cyber landscape necessitates constant vigilance, especially as attackers continuously adapt their methods to exploit new opportunities.

    Sources

    Fortinet CVE-2020-12812 malicious apps Google Play phishing