Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Attackers are encrypting AWS S3 data without using ransomware
A ransomware gang dubbed Codefinger is encrypting data stored in target organizations’ AWS S3 buckets with AWS’s server-side encryption option with customer-provided keys (SSE-C), and asking for money to hand over the key they used.

Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?
A threat actor has leaked configuration files (aka configs) for over 15,000 Fortinet Fortigate firewalls and associated admin and user credentials.

Balancing usability and security in the fight against identity-based attacks
In this Help Net Security interview, Adam Bateman, CEO of Push Security, talks about the rise in identity-based attacks, how they’re becoming more sophisticated each year, and how AI and ML are both fueling these threats and helping to defend against them.

Critical SimpleHelp vulnerabilities fixed, update your server instances!
If you’re an organization using SimpleHelp for your remote IT support/access needs, you should update or patch your server installation without delay, to fix security vulnerabilities that may be exploited by remote attackers to execute code on the underlying host.

How CISOs can elevate cybersecurity in boardroom discussions
Ross Young is the CISO in residence at Team8 and the creator of the OWASP Threat and Safeguard Matrix (TaSM).

Rsync vulnerabilities allow remote code execution on servers, patch quickly!
Six vulnerabilities have been fixed in the newest versions of Rsync (v3.4.0), two of which could be exploited by a malicious client to achieve arbitrary code execution on a machine with a running Rsync server.

Using cognitive diversity for stronger, smarter cyber defense
In this Help Net Security interview, Mel Morris, CEO of Corpora.ai, discusses how cognitive biases affect decision-making during cybersecurity incidents.

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws
Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) are being actively exploited.

How AI and ML are transforming digital banking security
In this Help Net Security interview, Nuno Martins da Silveira Teodoro, VP of Group Cybersecurity at Solaris, discusses the latest advancements in digital banking security.

Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)
Fortinet has patched an authentication bypass vulnerability (CVE-2024-55591) affecting its FortiOS firewalls and FortiProxy web gateways that has been exploited as a zero-day by attackers to compromise publicly-exposed FortiGate firewalls.

GitHub CISO on security strategy and collaborating with the open-source community
In this Help Net Security, Alexis Wales, CISO at GitHub, discusses how GitHub embeds security into every aspect of its platform to protect millions of developers and repositories, ensuring it remains a trustworthy platform for building secure software.

Malicious actors’ GenAI use has yet to match the hype
Generative AI has helped lower the barrier for entry for malicious actors and has made them more efficient, i.e., quicker at creating convincing deepfakes, mounting phishing campaigns and investment scams, the most recent report by the Cyber Threat Alliance (CTA) has concluded.

Contextal Platform: Open-source threat detection and intelligence
Contextal Platform is an open-source cybersecurity solution for contextual threat detection and intelligence.

UK domain registry Nominet breached via Ivanti zero-day
The number of internet-facing Ivanti Connect Secure instances vulnerable to attack via CVE-2025-0282 has fallen from 2,048 to 800 in the last four days, the Shadowserver Foundation shared.

Chainsaw: Open-source tool for hunting through Windows forensic artefacts
Chainsaw is an open-source first-response tool for quickly detecting threats in Windows forensic artefacts, including Event Logs and the MFT file.

EU law enforcement training agency data breach: Data of 97,000 individuals compromised
Personal data of nearly 100,000 individuals that have participated in trainings organized by CEPOL, the European Union (EU) Agency for Law Enforcement Training, has potentially been compromised due to the cyberattack suffered by the agency in May 2024.

A humble proposal: The InfoSec CIA triad should be expanded
The inconsistent and incomplete definitions of essential properties in information security create confusion within the InfoSec community, gaps in security controls, and may elevate the costs of incidents.

Cybersecurity is stepping into a new era of complexity
Cybersecurity is entering a new era of complexity, according to the World Economic Forum’s Global Cybersecurity Outlook 2025 report.

This is the year CISOs unlock AI’s full potential
In 2025, CISOs will have powerful new capabilities as generative artificial intelligence (GenAI) continues to mature.

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)
ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot.

Time for a change: Elevating developers’ security skills
Organizations don’t know their software engineers’ security skills because they don’t assess them in the interview process.

What 2024 taught us about security vulnerabilties
This roundup showcases the standout findings from 2024’s cybersecurity reports, highlighting critical risks and emerging threats that demand attention.

FBI removed PlugX malware from U.S. computers
The Justice Department announced on Tuesday that, alongside international partners, the FBI deleted “PlugX” malware from thousands of infected computers worldwide.

Cybersecurity jobs available right now: January 14, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

Webinar: Amplifying SIEM with AI-driven NDR for IT/OT convergence
Learn how NDR provides enriched telemetry, real-time insights, and faster threat responses to secure hybrid infrastructures.

New infosec products of the week: January 17, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Atsign, Cisco, Commvault, and IT-Harvest.