"CISA and the FBI issue advisory on Ivanti CSA exploit claims."
Views expressed in this cybersecurity, cyber espionage, and cyber crime update are those of the reporters and correspondents. Accessed on 24 January 2025, 1524 UTC.
Content and Source: https://thecyberwire.com/newsletters/daily-briefing/14/15
Please check link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Daily Briefing for 01.23.25
At a glance.
- CISA and the FBI issue advisory on Ivanti CSA exploit chains.
- Critical SonicWall vulnerability may be under exploitation.
- GhostGPT facilitates cyberattacks.
CISA and the FBI issue advisory on Ivanti CSA exploit chains.
The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint advisory outlining two exploit chains used by threat actors to compromise Ivanti Cloud Service Appliances (CSAs), SecurityWeek reports. The advisory states, "According to CISA and trusted third-party incident response data, threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials, and implant webshells on victim networks. The actors’ primary exploit paths were two vulnerability chains. One exploit chain leveraged CVE-2024-8963 in conjunction with CVE-2024-8190 and CVE-2024-9380 and the other exploited CVE-2024-8963 and CVE-2024-9379."
All of the flaws affect Ivanti CSA 4.6x versions before 519, and CVE-2024-9379 and CVE-2024-9380 affect CSA versions 5.0.1 and below. Ivanti CSA 4.6 is end-of-life, and the agencies "strongly encourage network administrators to upgrade to the latest supported version of Ivanti CSA."
Order your copy of VisibleOps Cybersecurity now to unlock essential strategies for combating advanced threats. This comprehensive guide offers actionable frameworks, proven methodologies, and insights to help you build a resilient cybersecurity culture within your organization. Designed for leaders and teams alike, it equips you with the knowledge to drive operational excellence to both proactively guard and stay ahead of emerging cybersecurity risks. Strengthen your defenses and lead with confidence. VisibleOps Cybersecurity, available at Amazon.
Critical SonicWall vulnerability may be under exploitation.
SonicWall has disclosed a critical remote code execution vulnerability (CVE-2025-23006) affecting its Secure Mobile Access (SMA) 1000 series products. The company warns that the flaw may be under active exploitation, and strongly advises users to upgrade to the hotfix release version of the SMA1000 product. SonicWall added, "To minimize the potential impact of the vulnerability, please ensure that you restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC)." The flaw has been assigned a CVSS score of 9.8.
GhostGPT facilitates cyberattacks.
Abnormal Security has published a report on GhostGPT, an uncensored AI chatbot designed for cybercriminals. The tool can be used to automate malware creation and exploit development, as well as create phishing emails for use in business email compromise (BEC) attacks. GhostGPT is sold as a Telegram bot. The researchers note that the tool "likely uses a wrapper to connect to a jailbroken version of ChatGPT or an open-source large language model (LLM), effectively removing any ethical safeguards." Abnormal adds that the tool has grown very popular since it surfaced late last year, indicating a increased interest in cybercrime-focused AI tools.
Notes.
Today's issue includes events affecting , and the United States.
Attacks, Threats, and Vulnerabilities
Researchers say new attack could take down the European power grid (Ars Technica) Power grid in Central Europe uses unencrypted radio signals to add and shed loads.
Threat Spotlight: Tycoon 2FA phishing kit updated to evade inspection (Barracuda) The rapid rise and evolution of PhaaS is driving a fundamental change in the phishing ecosystem, making the threat increasingly complex and sophisticated. The developers behind these phishing kits invest considerable resources in their creation and continuous enhancement.
HellCat and Morpheus | Two Brands, One Payload as Ransomware Affiliates Drop Identical Code (SentinelOne) Analysis of payloads suggest affiliates may be using a shared codebase or common builder to deploy attacks under different RaaS brand names.
Legislation, Policy, and Regulation
Trump admin tells all Democrats on intelligence oversight board to resign (The Record) The Trump administration has requested all Democratic members of an independent board meant to keep tabs on U.S. government intelligence efforts to resign, three people familiar with the matter told Recorded Future News.
Litigation, Investigation, and Law Enforcement
Meta's pay-or-consent model criticized by EU consumer groups (The Register) Company 'strongly disagrees' with law infringement allegations
LinkedIn sued for allegedly training AI models with private messages without consent (The Record) A proposed class action lawsuit alleges that private messages of LinkedIn Premium customers were used to train AI models without proper consent.
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
State of the Net Conference (Washington and Virtual, DC, USA, Feb 11, 2025) Annually attracting over 600 attendees, the State of the Net Conference provides unparalleled opportunities to network and engage on key policy issues. It is also the only Internet policy conference with over 50 percent of Congressional staff and government policymakers in attendance, making it the perfect setting to explore important, emerging trends. The State of the Net Conference Series is hosted by the Internet Education Foundation, a 501(c)(3) non-profit organization dedicated to educating the public and policymakers about the potential of a decentralized global Internet to promote communications, commerce and democracy. IEF works closely with leaders on Capitol Hill and in the private sector to host the most important debates in Internet policy. IEF’s board of directors is comprised by public interest groups, corporations, and associations representative of the diversity of the Internet community.
Events
Hacking 4 Humanity 2025 (Virtual, Jan 24 - Feb 7, 2025) Online hate is on the rise, leading to real-world devastating effects on individuals and communities around the world. Join Carnegie Mellon, Duquesne, Pitt, and other undergrad and grad students from Pittsburgh at a multidisciplinary hackathon to develop new tech and policy solutions that mitigate online hate and create safer communities. Hacking4Humanity is a tech and policy hackathon for undergraduate and graduate students, which offers students a new way to engage with real-world social problems that can be improved with novel technical and policy solutions.
Cyberjutsu Unplugged: Career Exploration Day (Las Vegas, Nevada, USA, Jan 25, 2025) Join us January 25th and learn more about Cybersecurity and how you can have a career in this space. This is a FREE event but we do recommend making a donation. Just $50, provides a one year membership to the Women's Society of Cyberjutsu and all the resources available to help you along your journey.
GSA Spaceport Summit 2025 (Orlando, Florida, USA, Jan 27, 2025) Commercial Space Week begins with annual GSA Spaceport Summit on January 27, 2025.
Space Mobility Conference and Expo (Orlando, Florida, USA, Jan 28, 2025) Space Mobility mobilizes commercial industry executives and high-ranking officials from defense and government agencies to assure access and superiority in the highly contested space domain.
SpaceCom/Space Congress (Orlando, Florida, USA, Jan 28 - 30, 2025) SpaceCom | Space Congress exclusively draws participation from the industry leaders and organizations with the power to drive new space strategies, fuel forward progress, signal demand for continued innovation, inform policy, and institute a sustainable future for commercial space. As host of Commercial Space Week, SpaceCom integrates the people, institutions, and solutions that ignite innovation– facilitating progress for every space mission.
Comments
Post a Comment
Please leave a comment about our recent post.