Cyber Daily 3/20: Clovis Scam, FBI Warns of Gmail and Outlook Attacks, Microsoft Alerts on StilachiRAT, CISA Highlights Fortinet and GitHub Vulnerabilities, CERT NZ Advises on Apache Tomcat

Welcome to your ONSEC Cyber Daily dose for March 20. Today, we're diving into a series of alarming cybersecurity incidents and vulnerabilities that are making headlines. Starting off in Clovis, where residents have fallen victim to a scam that has seen over $230K stolen. This incident serves as a stark reminder of the importance of cybersecurity awareness. Meanwhile, the FBI is sounding the alarm on potential cyberattacks targeting popular email services like Outlook and Gmail. The threat? A ransomware called Medusa. Microsoft is also on high alert, issuing a warning about the multifunctional 'StilachiRAT'. And it's not just Microsoft users who need to be cautious. The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted a significant vulnerability in Fortinet FortiOS, and CERT NZ has issued an urgent advisory for a critical Apache Tomcat vulnerability. In other news, a series of unpatched vulnerabilities are being exploited by nation-state hackers, with Microsoft Windows NTLM File Explorer and Apache Tomcat being the prime targets. But it's not all doom and gloom. We also have a roundup of the latest cybersecurity podcasts, offering insights into everything from AI's impact on financial services security to the exploration of insider threats. Stay tuned for more details on these stories and remember, stay safe, stay secure.
Exploits Alert
- Clovis Residents Scammed for Over $230K: A significant cybersecurity breach has occurred in Clovis, with residents being targeted by a scam that has resulted in over $230K being stolen. The scam involves a system warning error popup and maintenance showing, indicating a cybersecurity vulnerability, data breach, illegal connection, and compromised information. Source: YourCentralValley.com
- FBI Warns of Potential Outlook, Gmail Cyberattacks: The FBI has issued a warning to users of popular email services such as Outlook and Gmail, stating that they could be subject to cyberattacks by a ransomware called Medusa. The warning highlights the increasing threat of ransomware attacks. Source: The Hill
- Microsoft Sounds Alarm on 'StilachiRAT': Microsoft has issued a warning about a multifunctional RAT (Remote Access Trojan) called 'StilachiRAT'. This RAT poses a significant threat to information security and data privacy. Source: Dark Reading
- CISA Warns of Fortinet FortiOS Authentication Bypass Vulnerability: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert highlighting a significant vulnerability in Fortinet's FortiOS. This vulnerability allows for authentication bypass and has been exploited in the wild. Source: Cybersecurity News
- CERT NZ Issues Advisory for Apache Tomcat Vulnerability: The New Zealand Computer Emergency Response Team (CERT NZ) has issued an urgent security advisory warning of a critical vulnerability in Apache Tomcat. This vulnerability poses a significant threat to cybersecurity. Source: The Cyber Express
Vulnerabilities & Patches
- Domain-Level RCE in Veeam Backup (CVE-2025-23120): This vulnerability can put your Veeam server at risk if it's not patched and joined to the network. It's crucial to update your system to avoid potential threats. Source: Watchtowr Labs
- Unpatched Windows Flaw Exploited Since 2017: This flaw, yet to be assigned a CVE identifier, has been exploited by nation-state hackers since 2017. Microsoft has been accused of not crediting ZDI in its Patch Tuesday update. Source: Hackread
- SuperBlack Ransomware Exploits Fortinet Vulnerability: This vulnerability could put companies at risk that have not yet applied the patch, highlighting the growing threat of targeted cyberattacks. No CVE identifier has been provided yet. Source: IT-Daily.net
- Synology Vulnerability (CVE-2024-10445): This vulnerability in the update functionality allows for improper certificate validation, enabling adjacent network attacks. It has a CVSS score of 4.3. Source: Cybersecurity News
- Exploited GitHub Action (CVE-2025-30066): A security vulnerability has been identified in a widely used third-party GitHub Action, tj-actions/changed files. Users are urged to patch their systems to avoid potential threats. Source: The Cyber Express
Podcasts
- CSO Executive Sessions: How AI and LLMs are affecting security in the financial services industry: This podcast discusses the role of AI and LLMs in shaping the security landscape within the financial services industry. It provides insights from CSO and CISO executives. Source: CSO Online
- Exploring Insider Threats with Cyber Sisters - Security Boulevard: This podcast explores the concept of insider threats in cybersecurity, offering insights and feedback from the Cyber Sisters. Source: Security Boulevard
- Peeping perverts and FBI phone calls | Smashing Security podcast: Episode 409 of the "Smashing Security" podcast uncovers a Chinese cyber-attack on Littleton's Electric Light Company. Source: YouTube
- Real Men Stories: Addiction, Adultery, and Restoration (EP:951) - Christian Podcast for Men: James Dalton, a 20-year veteran in cybersecurity software sales, shares his experiences and lessons from two decades in the industry. Source: iHeart
- Remote hijacking at your fingertips. - CyberWire: Episode 2268 of the CyberWire Daily Podcast discusses the concept of remote hijacking in cybersecurity. Source: CyberWire
Final Words
And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We've covered a lot of ground, from scams in Clovis to the latest warnings from the FBI, Microsoft, and CISA. We've also delved into the world of podcasts, exploring the latest episodes on cybersecurity and its impact on various industries. Remember, knowledge is power, especially when it comes to cybersecurity. So, don't keep this valuable information to yourself. Share 'ONSEC Cyber Daily' with your friends, colleagues, and anyone else who could benefit from staying informed about the latest in cybersecurity news. Stay safe, stay informed, and we'll see you in the next edition of 'ONSEC Cyber Daily'.