An FBI cyber incident, GoDaddy’s third breach in three years and an NHS data leak highlight a week of major cybersecurity events. Here are the latest threats and advisories for the week of February 24, 2023. 

Threat Advisories and Alerts 

NCSC Provides Recommendations on Supply Chain Security 

As the recent ransomware attack on ION Trading revealed, supply chain attacks can be devastating to a business and have knock-on effects for suppliers and customers alike. The U.K. National Cyber Security Centre recently published guidance on the topic to help companies address supply chain cyberthreats. The article provides detailed security recommendations, including how companies can map their supply chains, the type of supplier information to gather and how to address subcontractors in the supply chain.   

Source: https://www.ncsc.gov.uk/guidance/mapping-your-supply-chain   

PoC Exploit Released for Fortinet Flaw with a 9.8 Severity Score  

Security researchers at Horizon3 have released a proof-of-concept (PoC) exploit for a critical vulnerability (CVE-2022-39952) impacting multiple versions of Fortinet’s network access control suite, FortiNAC. The flaw has a severity score of 9.8, and if exploited, could allow attackers to achieve remote code execution. Users of FortiNAC 9.10 through 9.1.7, 9.2.0 through 9.2.5, 9.4.0 and all versions on the 8.3, 8.5, 8.6, 8.7 and 8.8 branches are urged to apply the appropriate security updates immediately.  

Source: https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-fortinet-rce-flaw-patch-now/   

Emerging Threats and Research 

19% of Brits Have Been Victims of Online Fraud 

A new survey by Finnish security vendor F-Secure has revealed that a fifth of adults in the U.K. have been victims of online fraud, experiencing identity theft, stolen passwords and theft of life savings. Why have so many Brits been affected? The survey, which polled 1,000 people in the U.K., may have an answer. It revealed that 60% of respondents think cybersecurity is too complex and 48% are unsure whether their devices are secure.   

Source: https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/   

GoDaddy Suffers Third Breach in Three Years 

In what is starting to seem like an annual event, web hosting and domain registrar giant GoDaddy has been hit with yet another breach. This time, threat actors stole source code and installed malware that intermittently redirected customers’ sites to malicious pages. According to GoDaddy, the attack’s purpose was to “infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.” The initial infection, which was first reported in December 2022 by upset customers, follows November 2021 and March 2020 breaches. An investigation into this most recent incident shows that all three breaches are connected.   

Source: https://thehackernews.com/2023/02/godaddy-discloses-multi-year-security.html   

FBI Contains Security Breach on Its Computer Systems 

The U.S. Federal Bureau of Investigation (FBI) has experienced a cyber incident, impacting computer systems used in child sexual exploitation investigations. The FBI has not revealed details of the breach but said in a statement, “This is an isolated incident that has been contained.” According to former FBI agent Austin Berglas, the incident is likely contained to a specific computer or network. For this reason, it’s unlikely classified information was accessed.  

Source: https://www.theregister.com/2023/02/17/fbi_security_incident/   

Thousands of NHS Employees Impacted by Data Leak 

The data of roughly 14,000 staff members at a NHS hospital trust in Liverpool, U.K. had their data leaked due to an email snafu. According to an apology letter to the victims, a file containing names, addresses, dates of birth and other sensitive information was sent to 24 external accounts and hundreds of NHS managers. “The spreadsheet file included a hidden tab which contained staff personal information. Whilst it was not visible to those receiving the email, it should not have been included in this spreadsheet,” the letter read. The 24 external recipients have since confirmed deletion of the spreadsheet.  

Source: https://www.infosecurity-magazine.com/news/data-leak-hits-thousands-of-nhs/   

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.