Cyber Security Briefing: Critical Flaws, Ransomware, and AI Privacy Concerns

Critical Vulnerabilities and Exploits

• 🚨 Fortra has issued an urgent warning about a critical flaw in its GoAnywhere Managed File Transfer solution, carrying a CVSS score of 10 and allowing attackers to seize full system control.
• ⚠️ Cisco has released fixes for a critical vulnerability in its IOS and IOS XE software that could allow remote attackers to execute arbitrary code.
• 🛡️ Cloudflare mitigated the largest distributed denial of service attack ever recorded, peaking at 22.2 terabits per second.

Ransomware and Cyberattacks

• 💰 The Rhysida ransomware gang claims responsibility for a cyberattack on the Maryland Transit Administration, demanding 30 Bitcoin and releasing stolen data.
• 🦠 A new ransomware variant named Obscura spreads via domain controllers, disabling recovery and encrypting data.
• 🇨🇳 Mandiant links the new BRICKSTORM backdoor to a China-based espionage campaign targeting law firms and tech companies.

Emerging Threats and AI Concerns

• 📈 Retailers' rapid adoption of generative AI is expanding attack surfaces, with sensitive data leaks rising due to employee uploads to unapproved platforms.
• ⚙️ Researchers expose systemic risks in GitHub Actions due to misuse of the pull request target trigger, potentially leading to remote code execution and supply chain attacks.
• 🧠 Senators have introduced a bill to task the FTC with regulating neural data to prevent companies from harvesting and selling brain signals.

Privacy and Legal Grey Zones

• ⚖️ A discussion on women's health apps highlights that they are not covered by HIPAA, creating a legal grey zone for reproductive health data.
• 🏫 Students in Kansas are pushing back against an AI-powered monitoring tool, Gaggle, citing concerns over chilling speech and privacy intrusions.
• 📜 While some states are attempting to strengthen protections for health app data, the landscape remains a patchwork of laws dependent on political winds.