FlagThis

A zero-day vulnerability in Fortinet firewalls is being actively exploited by attackers. The flaw allows attackers to compromise systems with exposed interfaces. There is a mass exploitation campaign against Fortinet firewalls that peaked in December 2024. Fortinet has released a patch (CVE-2024-55591). It is suspected that the attackers may have been exploiting a zero-day vulnerability before the patch was released. Organizations using Fortinet firewalls are strongly advised to apply the patch as soon as possible.

Otelier, a hotel management platform, suffered a significant data breach after attackers compromised its Amazon S3 cloud storage. Millions of guests’ personal information and hotel reservations were stolen. The affected hotel brands include Marriott, Hilton, and Hyatt. The stolen data could include personally identifiable information and reservation details, exposing guests to potential identity theft and fraud.

A new hacking group has leaked configuration files and VPN credentials for over 15,000 FortiGate devices. This includes full configuration dumps and VPN passwords, exposing sensitive technical information to other cybercriminals. The affected devices appear to be primarily Fortigate 7.x and 7.2.x devices. The data was likely collected using a zero day exploit in 2022 but just released in Jan 2025.

A significant data leak exposed the location data of approximately 800,000 Volkswagen electric vehicles (EVs), encompassing models from VW, Audi, Seat, and Skoda. The leak, caused by a cloud misconfiguration, revealed real-time GPS locations of the vehicles, along with other sensitive data. This incident raises serious privacy concerns, particularly as the exposed data could be linked to vehicle owners, including sensitive individuals.

The data leak allowed unauthorized access to vehicle locations, potentially enabling surveillance and tracking of individuals. The incident highlights the critical importance of robust cloud security practices and the need for stringent data protection measures by automotive manufacturers and their software subsidiaries. The incident was brought to light by a whistleblower and security researchers.

UnitedHealthcare’s Optum had an AI chatbot used by employees exposed to the internet. This chatbot, designed for employees to inquire about claims, was accessible publicly. The exposure raises concerns about the security of sensitive data and the potential for unauthorized access. This incident highlights the risks associated with deploying AI tools without adequate security measures. The AI chatbot exposure occurred amid broader scrutiny of UnitedHealthcare for its use of AI in claims denials.

The threat actor known as IntelBroker has claimed to have breached Cisco systems, exfiltrating 4.5TB of data including source code and other sensitive information. The breach occurred due to an accidental misconfiguration by Cisco, which left its systems open. This incident highlights the risks of misconfigured systems and the potential for sensitive data exposure. The attackers are now offering this data on various cybercrime forums. It’s important for Cisco to investigate this issue and protect their clients as well as their own data.

A data broker, SL Data Services, exposed 644,869 sensitive files, including background checks, in a publicly accessible cloud storage container. The files contained personal information like names, addresses, phone numbers, and criminal histories. This highlights the risks of data brokers and the need for individuals to protect their personal information.