Cybersecurity Threats: Patch Tuesday, AI Risks, and Data Breaches

Patch Tuesday and Vulnerability Management

• Microsoft's January Patch Tuesday addressed at least 113 vulnerabilities, including eight critical and one zero-day under active exploitation.
• A zero-day affecting the Windows Desktop Window Manager can undermine protections like ASLR and be chained with other flaws, making patching essential.
• Adobe fixed 25 vulnerabilities across 11 products, including a critical XML external entity injection bug in Apache Tika modules, urging immediate patching.
• Fortinet released patches for six vulnerabilities, including two critical flaws in FortiSIEM and FortiFone, with one allowing remote code execution.

Geopolitical Cybersecurity Trends

• China has instructed domestic companies to stop using cybersecurity software from US and Israeli vendors, citing national security concerns and aiming to replace Western technology.
• Affected firms include VMware, Palo Alto Networks, Fortinet, and Checkpoint Software, reflecting rising US-China tensions and Chinese espionage concerns.
• Analysts urged US lawmakers to adopt a more offensive cyber role to deter adversaries, citing persistent campaigns against critical infrastructure.

AI Security and Supply Chain Risks

• The AI supply chain is the next frontier in cybersecurity, with risks in machine learning models themselves, not just data.
• Organizations often underestimate the number of ML models in production, with some having tens of thousands, creating visibility challenges.
• Malicious actors are embedding risks like credential theft and data exfiltration within open-source ML models, with some downloaded tens of thousands of times.
• Test driving, benchmarking, evaluating, and red-teaming AI applications and models before production is crucial.

Notable Data Breaches and Attacks

• A ransomware attack severely disrupted operations at a Belgian hospital, forcing canceled surgeries and the transfer of critically ill patients.
• US digital investment advisor Betterment confirmed a breach originating from a third-party marketing platform, leading to fraudulent crypto scam emails sent to customers.
• European rail pass provider Eurail disclosed a data breach exposing customer names, contact details, dates of birth, and passport information.
• A critical OpenSSH vulnerability in Moxa industrial Ethernet switches allows remote unauthenticated takeover, requiring immediate firmware updates and network isolation.

Leadership and AI Misuse

• Sean Plankey has been renominated to lead CISA, signaling the White House's continued support despite previous nomination stalls.
• A UK police chief admitted using Microsoft Copilot led to an error in citing a non-existent football match for a fan ban, highlighting potential AI inaccuracies.