March 7, 2026

 

Header image for the Red Dot Weekly Cyber Security News https://reddotsecurity.news

Hello all,

What a difference one week can make! Top of mind for many is the Iran conflict and the implications as it relates to cyber warfare. In a surprising first, Chairman of the Joint Chiefs of Staff, General Dan Caine, openly talked about cyber operations as part of operation Epic Fury. Allied governments worldwide are on high alert for retaliatory cyber-attacks from Iran and their sleepers embedded outside of the conflict zone. An early physical casualty was Amazon AWS in the United Arab Emirates and Bahrain when it suffered damage on March 1st from an Iranian drone strike. Two of the three availability zones are still down. AWS has advised clients to invoke their Disaster Recovery Plans. I wonder if their cyber insurance will cover this since it is technically an “Act of War”? What’s very interesting is that we’re in the second week of this conflict, and there has been no significant cyber retaliation from Iranian threat actors so far. Hopefully this trend continues.

Headline NEWS:

  • Cisco has multiple vulnerabilities that it disclosed this week in several products. Two of the newly revealed defects are rated critical. And the one from last week in their SD-WAN has had Proof of Concept (PoC) code released on GitHub by zerozenxlabs and is now under active exploitation. Please follow the vendor’s recommendation and update to the latest patched versions.
  • FBI and other three- and four-letter agencies, along with multiple individual state governments and US cities, are all warning of potential cyber attacks as a result of Operation Epic Fury against Iran. Vigilance is urged – more so than normal – to ensure that your digital charges are safe. Attacks against critical infrastructure, banking, and government systems are anticipated. If you see something amiss, say something.
  • Juniper managed to slip in a nice defect which almost got missed due to the quantity of other news. But it didn’t get missed. Junos OS Evolved platform has a Remote Code Execution defect. Thankfully, this serious vulnerability only affects Juniper’s PTX Series of devices because it is bad. It “allows an unauthenticated, network-based attacker to execute code as root”. The fix is to update to the latest version of Junos OS. If you have a PTX Series in use, check yours immediately!

In Ransomware, Malware, and Vulnerabilities News:

  • Data Breaches are the new headlines as it relates to ransomware. A year ago, the news headlines were predominantly about who was encrypted and which dirtbag group was responsible. In the last six months or so, the headlines have shifted to who is the latest to reveal that private data was stolen and likely sold to the highest bidder. This has been somewhat fueled by the rash of successful click-fix attacks, fake meeting tools, fake support offerings, connection requests, and malicious plugins, that enable a threat actor to gain initial access and then pivot to more sensitive systems and escalate privileges. By using legitimate software that’s often already on the systems and methods that resemble normal system activity, the intruder stays out of the crosshairs of the threat monitoring tools while exfiltrating valuable sensitive data. It is imperative that security professionals do not let down their guard and continue to push for iterative hardening of their networks, devices, and identification processes. We must never give up the fight to stay at least one step ahead.

In Other News Events of Note and Interest:

  • AI News was hot and heavy this week with quite a few product announcements, such as Anthropic’s Claude Code Security and ChatGPT-5.3 in Copilot, Cloudflare announcing a new AI firewall to protect LLM’s, Huawei making their AI Datacenters available worldwide, and Copilot now being able to store passwords. In rather bizarre headlines, Google is facing a wrongful death lawsuit that alleges Google’s Gemini chatbot instructed a Florida man (why is it always a Florida man?) to commit suicide after he failed to get a robot body for his Gemini AI “wife” whom he named Xia. And there’s a really good article in our AI section positing that we have maybe 12 more months left to get AI safety worked out before it is too late, and it won’t be possible afterward.

Musings

Many businesses now have a new very real threat that they’d never been forced to consider before, the prospect that their insurance policies may reject what would otherwise have been a valid claim. The Iran hostilities, Operation Epic Fury, are technically not a war since none of the nations involved have formally declared war. However, for the purposes of insurance that distinction is irrelevant. The typical “Acts of War” exclusion is for “warlike action by a military force”. That means that the clause applies whether there is a formal declaration or not. Chairman of the Joint Chiefs of Staff, General Dan Caine, openly talked about cyber operations as part of operation Epic Fury, clearly putting them square into the Acts of War definition. So where does that leave you and your ability to lean on your insurance policy if an Iranian supported attack takes down your business’ ability to function? Would you be covered? Now is the time to find out, not when you’re reaching out to your insurance agent to declare an incident.

Visc. Jan Broucinek

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

 

Tags
Share this with: