Fortinet Zero Day Reportedly Exploited by Nation-State Threat Actors - October 2024 Cyber Risk Roundup

Fortinet Zero Day Reportedly Exploited by Nation-State Threat Actors - October 2024 Cyber Risk Roundup

This is the monthly zero trust cybersecurity newsletter highlighting key news and actionable insights for enterprises looking to stop the next cyberattack by land, by sea, or in space. Our Cyber Risk Roundup offers a quick peek at this month's big stories. 

🪲 A Fortinet zero day (CVE-2024-47575) was officially disclosed last week, affecting Fortinet’s FortiManager platform used to control Fortinet devices including FortiGate firewalls. This flaw can enable RCE and control of FortiManager and managed devices (including VPN services if an attacker compromises FortiManager). 

💻 🇨🇳📱 Chinese cyber intrusions appear to be targeting U.S. telecommunications networks. The breach is reportedly aimed to intercept sensitive communications linked to prominent political figures. The FBI and CISA have joined the investigation.

🚰🚨 The largest water utility in the U.S. shut down its billing system in response to a cyber incident, marking yet another critical infrastructure attack.

🩺 Ransomware is on the rise for healthcare orgs, with new data from Sophos backing up what seems to be an alarming frequency of attacks. Two thirds of those surveyed report suffering a ransomware attack in the past year. 

🪲🪲🪲 A chain of several bugs was discovered earlier this month in Palo Alto Networks Expedition, their firewall migration tool. If combined, an attacker could use these to write files to the Expedition system and more.

Get the above stories and more in our October Cyber Risk Roundup. Keep scrolling for cyber guides, deep dives, and upcoming events.

Highlights

Xage Security Announces $1.5 Million Contract with the U.S. Navy

Big news: the U.S. Navy has awarded Xage a $1.5 million contract to operationalize its innovative approach to securing critical naval battle networks and accelerating the Navy’s adoption of zero trust strategies. 

Read the Blog

NERC-CIP Compliance: How Xage Supports Utility Customers

With regulatory updates on the horizon for North American electric utilities, now’s the time to refresh on the core principles of compliance—and learn how Xage can help.

Read the Blog

EPIC Midstream Achieves ROI in Three Months with Xage

Learn how Xage has helped EPIC Midstream enhance its cybersecurity posture, meet stringent regulatory requirements, and significantly improve the productivity of its workforce.

Read the Blog

The Two Biggest Emerging Battlegrounds and Threats to National Security: Cyber and Space

As cybersecurity evolves, it’s essential to address not just terrestrial risks but emerging threats in space. Hear Xage’s CEO, Geoffrey Mattson, discuss the importance of replacing outdated methods with a zero-trust approach.

Read the Article

Zero Trust Access and Protection For The Whole Enterprise

Check our updated Xage resources page and learn how the platform delivers zero trust access and protection from cyberattacks across IT and hybrid/multi-cloud environments.

Get the Report

Events

API Oil & Gas 2024 

Xage is excited to be exhibiting at the 2024 API Cybersecurity Conference for the Oil & Gas Industry in Houston! Join our experts, Roman Arutyunov and Amit Pawar, as they lead discussions in key cybersecurity tracks:

🗓️ Tuesday, November 12th @ 2:50 PM – Third Party Risk and Supply Chain Risk Management Track with Amit Pawar

🗓️ Wednesday, November 13th @ 4:10 PM – Identity and Access Management Track with Roman Arutyunov

Don't miss out on how Xage is securing the future of the oil and gas industry. Let's protect critical infrastructure together!

Join us at the Conference!

Infinite Paths to Achieving CMMC 2.0 Success

With a deadline on the horizon, CMMC 2.0 implementation is top of mind. Unfortunately it’s not as simple as following a recipe—the path to success varies widely based on the specifics of your organization and environment. Are you team Microsoft or team Google? What’s your technology ecosystem?

In this webinar we’ll discuss the requirements of CMMC and dig into how getting it right varies depending on your systems and setup.

Watch the Webinar

Xage Security In the News

Industrial Cyber, Solutions Review, VMBlog and more 

Xage got a lot of mentions and publications in the press this month. Visit our press page to check them out.

Read The News

To view or add a comment, sign in

More articles by Xage Security

Insights from the community

Others also viewed

Explore topics