GSG Newsletter- 4th Edition 11th January, 2025
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats.For more details: CISA Adds One Known Exploited Vulnerability to Catalog | CISA
For more details: CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet
| Fixing CVE-2024-3393 | |||
| To address this issue, you should update your PAN-OS software to one of the fixed versions: | Steps to Upgrade | ||
| PAN-OS 11.2 | Upgrade to version 11.2.3 or later. | Check Current Version | Verify your current PAN-OS version. |
| PAN-OS 11.1 | Upgrade to version 11.1.5 or later. | Backup Configuration | Before upgrading, back up your firewall configuration. |
| PAN-OS 10.2 | Upgrade to version 10.2.14 or later. | Download Update | Obtain the appropriate update from the Palo Alto Networks support portal. |
| PAN-OS 10.1 | Upgrade to version 10.1.15 or later | Install Update | Follow the installation instructions provided by Palo Alto Networks. |
Windows 10 users urged to upgrade to avoid “security fiasco”
Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a “security fiasco” as the 10-year-old operating system nears the end of support in October 2025.
| Why Upgrade? | How to Upgrade? | ||
| Security: | After October 14, 2025, Windows 10 will no longer receive security updates. This means your system will be vulnerable to new threats and malware. | Check Compatibility | Ensure your device meets the minimum system requirements for Windows 11. |
| Support: | Microsoft will stop providing technical support for Windows 10. If you encounter issues, you won’t be able to get official help. | Backup Data | Before upgrading, back up your important data to avoid any loss |
| Features: | Upgrading to Windows 11 gives you access to the latest features, improved performance, and enhanced security | Upgrade via Windows Update | Go to Settings > Update & Security > Windows Update and select “Check for updates.” If your device is eligible, you’ll see the option to download and install Windows 11.
|
| Buy a New Device | If your current device doesn’t meet the requirements, consider purchasing a new device pre-installed with Windows 11. | ||
“It’s five minutes to twelve to avoid a security fiasco for 2025,” explains ESET security expert Thorsten Urbanski.
“We strongly advise all users not to wait until October, but to switch to Windows 11 immediately or choose an alternative operating system if their device cannot be updated to the latest Windows operating system. Otherwise, users expose themselves to considerable security risks and make themselves vulnerable to dangerous cyber attacks and data loss.”
For more details: Windows 10 users urged to upgrade to avoid “security fiasco”
For more details: A Guide to Windows 10 End of Support | Microsoft Windows
Bad Tenable plugin updates take down Nessus agents worldwide
Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates.
As the cybersecurity company acknowledged in an incident report issued after pausing plugin updates to prevent the issue from impacting even more systems, the agents went offline “for certain users on all sites.”
This ongoing incident affects systems updated to Nessus Agent versions 10.8.0 and 10.8.1 across the Americas, Europe, and Asia. Tenable has since pulled the bad versions and released Nessus Agent version 10.8.2 to fix the issue causing agents to shut down.
For more details: Bad Tenable plugin updates take down Nessus agents worldwide
For more details: Tenable Nessus Agent 2025 Release Notes
| Tenable Nessus Agent 10.8.2 (2025-01-02) | |||
| Upgrade or Downgrade Agents | Upgrade to Nessus Agent version 10.8.2.
Downgrade to Nessus Agent version 10.7.3. |
Detailed Instructions | |
| Download the Correct Version | Obtain the Nessus Agent 10.8.2 or 10.7.3 install package from the Tenable support portal. | ||
| Reset Plugins | If you are using agent profiles for upgrades or downgrades, perform a plugin reset to recover any offline agents. | Upgrade or Downgrade Agents | Use the install package to upgrade agents to version 10.8.2 or downgrade to version 10.7.3. |
| Perform a Plugin Reset | If using agent profiles, update your agent profiles to version 10.8.2 or 10.7.3.
Create and run a scan with the Nessus 10.8.0 / 10.8.1 Agent Reset credentialed scan template in Tenable Vulnerability Management, Tenable Security Center, or Tenable Nessus Manager.
|
||
Thousands of Buggy BeyondTrust Systems Remain Exposed
A remarkable number of BeyondTrust instances remain connected to the Internet, despite dire warnings Chinese state-sponsored threat actors are actively exploiting a critical vulnerability in unpatched systems.
The BeyondTrust bug, tracked under CVE-2024-12356, has an assigned CVSS score of 9.8 and affects Privileged Remote Access (PRA) and Remote Support (RS). It was first reported by BeyondTrust on Dec. 16, 2024. Three days later, the vulnerability was added to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities list. By the end of the month, a Chinese state-sponsored hacker group had used the flaw to break into the US Department of the Treasury and steal data.
For more details: Thousands of Buggy BeyondTrust Systems Remain Exposed
For more details: BT24-10 | BeyondTrust
| Fixing CVE-2024-12356 | |
|
Patch the Software |
Apply the patch provided by BeyondTrust for all supported releases of RS & PRA 22.1.x and ` |
| If you are using an on-premise version, ensure your instance is subscribed to automatic updates or manually apply the patch | |
|
Upgrade to Fixed Versions |
Privileged Remote Access (PRA): Upgrade to the patched version BT24-10-ONPREM1 or BT24-10-ONPREM2, depending on your PRA version |
| Remote Support (RS): Upgrade to the patched version BT24-10-ONPREM1 or BT24-10-ONPREM2, depending on your RS version | |
| Verify the Update | After applying the patch or upgrading, verify that the update was successful and that the system is functioning correctly |
Beijing-linked hackers penetrated Treasury systems
A Chinese state-sponsored actor was responsible for a “major incident” that compromised U.S. Treasury Department workstations and classified documents, according to a letter the agency sent congressional lawmakers on Monday.
In a missive to the Senate Banking Committee, the department said it was notified on December 8 by BeyondTrust, a third-party software provider, that a foreign actor had obtained a security key that allowed the perpetrator to remotely gain access to employee workstations and the classified documents stored on them.
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” according to the letter from Aditi Hardikar, assistant Treasury secretary for management.
For more details: Beijing-linked hackers penetrated Treasury systems – The Cyber Post
Rhode Island warns of cybercriminals leaking stolen state files as Deloitte works to restore system
The government of Rhode Island said the hackers behind a recent ransomware attack on several of the state’s digital platforms have leaked some of the data that was stolen from the platform last month.
State officials said consulting firm Deloitte — the vendor that created its HealthSource RI affordable health coverage marketplace and the RIBridges system that manages social services programs — told them a ransomware gang released some of the files onto the dark web.
“This is a scenario that the State has been preparing for, which is why earlier this month we launched a statewide outreach strategy to encourage potentially impacted Rhode Islanders to protect their personal information,” the state said in a statement on December 31.
For more details: Rhode Island warns of cybercriminals leaking stolen state files as Deloitte works to restore system – The Cyber Post
New HIPAA Cybersecurity Rules Pull No Punches
Last week, the US Department of Health and Human Services (HHS), via its Office for Civil Rights (OCR), proposed a long-awaited update to the Security Rule. The 400-page working draft is as serious as its length would suggest, with extensive new requirements for providers, plans, clearinghouses, and their business associates. And while the requirements are all standard best practices, experts point out that this new update is more significant and less flexible than any previous version of HIPAA has been.
Since 2005, healthcare organizations have been subject to Security Standards for the Protection of Electronic Protected Health Information (“Security Rule”) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), a set of national standards designed to protect electronic protected health information (ePHI).
For more details: https://www.darkreading.com/
Apple Offers $95M to Settle Siri Privacy Lawsuit
Apple has agreed to pay a $95 million cash settlement to wrap up a proposed class action lawsuit, Lopez v. Apple, Inc., involving mobile device owners reporting that the tech company has routinely recorded conversations after unintentionally activating Siri.
The class action lawsuit period spans from Sept. 17, 2014, to Dec. 31 of last year, the time period Apple was implementing the “Hey, Siri” feature, which the plaintiffs allege made unauthorized recordings
For more details: Apple Offers $95M to Settle Siri Privacy Lawsuit
U.S. Army Soldier Arrested in AT&T, Verizon Extortions
Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea.
Cameron John Wagenius was arrested near the Army base in Fort Hood, Texas on Dec. 20, after being indicted on two criminal counts of unlawful transfer of confidential phone records.
For more details: U.S. Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security
Reference: CISA, Darkreading, Bleepingcomputer, Krebsonsecurity, Thecyberpost
*Disclaimer: This newsletter contains links to sites on the Internet that are owned and operated by third parties. We do not claim ownership of any third-party content. Trademarks, logos, and brand names are the property of their respective owners.
**These are basic steps; advanced issues may need expert intervention. Consult our team for detailed analysis.
