Home » Newsletter – 6th Edition February 2025

NEWSLETTER-13th FEBRUARY, 2025

CYBERSECURITY NEWS

CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA has added five vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability
CVE-2022-23748 Dante Discovery Process Control Vulnerability
CVE-2024-21413 Microsoft Outlook Improper Input Validation Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2020-15069 Sophos XG Firewall Buffer Overflow Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats.

For more details: CISA Adds Five Known Exploited Vulnerabilities to Catalog | CISA
   Known Exploited Vulnerabilities Catalog | CISA

Massive brute force attack uses 2.8 million IPs to target VPN devices

A large-scale brute force password attack using almost 2.8 million IP addresses is underway, attempting to guess the credentials for a wide range of networking devices, including those from Palo Alto Networks, Ivanti, and SonicWall.
A brute force attack is when threat actors attempt to repeatedly log into an account or device using many usernames and passwords until the correct combination is found. Once they have access to the correct credentials, the threat actors can then use them to hijack a device or gain access to a network.
For more details: Massive brute force attack uses 2.8 million IPs to target VPN devices

**Recommended Actions
 
Palo Alto Networks
  1. Vulnerability Protection Profile: Attach the Vulnerability Protection profile to a Security policy rule to protect against brute force attacks.
  2. Content Updates: Regularly install content updates that include new signatures to protect against emerging threats.
  3. Custom Actions: Customize the action and trigger conditions for brute force signatures to effectively mitigate attacks.
 
Ivanti
  1. IP Lockout Option: Use the IP lockout option to block brute force password attacks.
  2. Session Security: Disable roaming sessions and limit session lengths to reduce the risk of session hijacking.
  3. Logging: Enable logging to a syslog server for events, user access, and admin access logs

 
 
SonicWall
  1. Intrusion Prevention System (IPS): Ensure IPS is licensed and enabled to block brute force attacks.
  2. Rate Limiting: Configure rate limiting in custom rules to prevent brute force attacks.
  3. Administrator/User Lockout: Enable administrator/user lockout to prevent unauthorized access attempts

Microsoft raises rewards for Copilot AI bug bounty program
Microsoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities.
To further secure its Copilot consumer products against attacks, Redmond added a broader range of Copilot consumer products and services to the scope of the program, including Copilot for Telegram, Copilot for WhatsApp, copilot.microsoft.com, and copilot.ai.
The company is now also offering incentives of up to $5,000 for reporting moderate vulnerabilities, which can also significantly affect the security and reliability of its Copilot products.
For more details: Microsoft raises rewards for Copilot AI bug bounty program
UT El Paso Students Targeted by Phishing Attacks
Students at the University of Texas at El Paso (UTEP) were targeted by a phishing attack that compromised their financial aid refunds. The phishing emails appeared to be from UTEP, tricking students into providing information that allowed cybercriminals to redirect funds to their own accounts. The university is offering an emergency fund to help affected students and is conducting monthly cybersecurity training to prevent future incidents.
For more information: UT El Paso Students Targeted by Phishing Attacks

XE Group Shifts From Card Skimming to Supply Chain Attacks
A cybercrime group long associated with credit card theft has expanded into targeted information stealing from supply chain organizations in the manufacturing and distribution sectors.
In some of these new attacks the threat actor, whom several vendors track as the XE Group and link to Vietnam, has exploited two zero-day vulnerabilities in VeraCore’s warehouse management platform to install Web shells for executing a variety of malicious actions.
Zero-Day Exploits in VeraCore
In a joint report this week, researchers from Intezer and Solis described the activity they observed recently as a sign of the heightened threat the group presents to organizations.
For more details: XE Shifts From Card Skimming to Supply Chain Attacks

**Recommended Actions
Utilization of zero-day vulnerability (CVE-2024-57968 CVSS score 9.9)
  1. Update to the Latest Version: Upgrade Advantive VeraCore to version 2024.4.2.1 or later. This version addresses the vulnerability and prevents unauthorized file uploads.
  2. Restrict File Uploads: Implement strict access controls and validation checks on file uploads to ensure only authorized users can upload files to designated folders.
  3. Monitor and Audit: Regularly monitor and audit file uploads and access logs to detect any suspicious activity.
  4. Apply Security Patches: Stay updated with the latest security patches and updates from Advantive to protect against new vulnerabilities.
Utilization of zero-day vulnerability (CVE-2025-25181 CVSS score 5.8)
  1. Update to the Latest Version: Upgrade Advantive VeraCore to the latest version available.
  2. Input Validation: Implement strict input validation to ensure that only properly formatted data is accepted by the application.
  3. Parameterized Queries: Use parameterized queries instead of concatenating user-inputted strings in SQL commands to prevent unauthorized SQL code execution.
  4. Regular Patching: Ensure all software, including databases and applications like VeraCore, are updated with the latest security patches.
  5. Secure Coding Practices: Encourage secure coding practices among developers to integrate security checks at every stage of application development.

Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware

Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp’s Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack.
The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a report shared with The Hacker News.
“The attack involved the quick and deliberate execution of several post-compromise tactics, techniques and procedures (TTPs) including network and system discovery, administrator account creation, and the establishment of persistence mechanisms, which could have led to the deployment of ransomware,” security researchers Ryan Slaney and Daniel Albrecht said.
For more details: Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware – The Cyber Post

**Recommendations
Regular Backups
 
  1. Frequent backups: Regularly back up your data and ensure backups are stored offline or in a secure cloud environment.
  2. Test restores: Periodically test your backups to ensure they can be restored successfully.

Endpoint Protection

 
  1. Antivirus software: Use advanced antivirus and anti-malware solutions that can detect and block ransomware.
Patch  and Vulnerability Management
  1. Keep all software, including operating systems and applications, up to date with the latest security patches.
  2. Regularly scan for vulnerabilities and apply patches promptly.
Other Security Controls
  1. Email Security, User Training, Network Segmentation, Multi-Factor Authentication (MFA),Endpoint Detection and Response (EDR), Network Monitoring (Intrusion detection and Anomaly detection).

Reference: CISA, Darkreading, Bleepingcomputer, Thecyberpost

DIGITAL TRANSFORMATION NEWS

ServiceNow Launches Government Transformation Suite, Uniting High-Impact Solutions Tailored to Administration Priorities
ServiceNow has introduced the Government Transformation Suite, designed to assist U.S. federal agencies in enhancing transparency, accountability, and operational efficiency. This suite integrates various high-impact solutions tailored to administrative priorities, enabling better asset management, time savings, and optimized software investments. Additionally, it incorporates advanced AI capabilities to support mission success and streamline government operations.
For detailed information: ServiceNow Launches Government Transformation Suite, Uniting High-Impact Solutions Tailored to Administration Priorities | Business Wire

*Disclaimer: This email contains links to sites on the Internet that are owned and operated by third parties. We do not claim ownership of any third-party content. Trademarks, logos, and brand names are the property of their respective owners.
**These are basic steps; advanced issues may need expert intervention. Consult our team for detailed analysis.

Schedule a meeting with experienced advisors




    cf7captchaRegenerate Captcha

    The future of technology is faster and smarter, which makes it even more important for you to partner with trusted technical advisors who understand today's workplace challenges.

    Address

    Headquarter:
    31681 Dequindre Road, Madison Heights, MI 48071

    Branch Offices:
    13800 Coppermine Road, Herndon, VA 20171
    Boston, MA

    Phone

    313.397.8311

    Email

    info@globalsolgroup.com