Cyber Weekly Newsletter

Cyber Weekly Newsletter for Friday January 17, 2025

The weekly Security, Tech and Cybercrime newsletter from Riskigy's vCISO Cybersecurity team

Cybersecurity awareness tips and alerts from Riskigy to empower your team to #BeCyberSmart #CyberAware

This Weeks Need-to-Know News and Alerts

?? Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. This security flaw (tracked as CVE-2024-55591) impacts FortiOS and FortiProxy. https://www.bleepingcomputer.com/news/security/fortinet-warns-of-auth-bypass-zero-day-exploited-to-hijack-firewalls

?? 3 Actively Exploited Zero-Day Flaws Patched! Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html

?? W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks. A severe flaw in the W3 Total Cache plugin installed on more than a million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. https://www.bleepingcomputer.com/news/security/w3-total-cache-plugin-flaw-exposes-1-million-wordpress-sites-to-attacks

?? Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces. Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. https://thehackernews.com/2025/01/zero-day-vulnerability-suspected-in.html

?? MacOS bug lets hackers install malicious kernel drivers. Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. https://www.bleepingcomputer.com/news/security/microsoft-macos-bug-lets-hackers-install-malicious-kernel-drivers

?? CISA Orders Agencies to Patch BeyondTrust Vulnerability Actively Exploited. US federal agencies must urgently address a command injection vulnerability (CVE-2024-12686) in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) software. https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-beyondtrust-bug-exploited-in-attacks ?

?? SAP has fixed two critical vulnerabilities in NetWeaver web application server that could be exploited to escalate privileges and access restricted information. SAP also released updates to patch 12 additional issues rated with medium and high severity. https://www.bleepingcomputer.com/news/security/sap-fixes-critical-vulnerabilities-in-netweaver-application-servers/ ?

?? CISA shares guidance for Microsoft expanded logging capabilities. Newly introduced Microsoft Purview Audit (Standard) logging capabilities support enterprise cybersecurity operations by providing access to information on critical events. https://www.bleepingcomputer.com/news/security/cisa-shares-guidance-for-microsoft-expanded-logging-capabilities

?? Critical Flaws in Ivanti Endpoint Manager. Ivanti has rolled out security updates to address security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure. https://thehackernews.com/2025/01/researcher-uncovers-critical-flaws-in.html

?? Microsoft will force install the new Outlook email client on Windows 10 systems starting with next month's update. The announcement was made in a message added to the company's Microsoft 365 Admin Center, tagged MC976059, and it applies to M365 apps users. https://www.bleepingcomputer.com/news/microsoft/microsoft-to-force-install-new-outlook-on-windows-10-pcs-in-february

?? Phishing texts trick Apple iMessage users into disabling protection. Cybercriminals are exploiting a trick to turn off Apple iMessage's built-in phishing protection for a text and trick users into re-enabling disabled phishing links. https://www.bleepingcomputer.com/news/security/phishing-texts-trick-apple-imessage-users-into-disabling-protection

?? Get your IRS Identity Protection PIN now. The IRS relaunched its Identity Protection Personal Identification Number (IP PIN) program this week and all US taxpayers are encouraged to enroll for added security against identity theft and fraudulent returns. https://www.bleepingcomputer.com/news/security/scammers-file-first-get-your-irs-identity-protection-pin-now

?? Attackers Exploit Max-Critical Aviatrix RCE Flaw. The vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware. https://www.darkreading.com/cloud-security/cloud-attackers-exploit-max-critical-aviatrix-rce-flaw

??? Allstate insurer sued for tracking drivers without permission. Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its data subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million Americans. https://www.bleepingcomputer.com/news/legal/allstate-car-insurer-sued-for-tracking-drivers-without-permission/

?? Malvertising campaign targeting individuals and businesses advertising via Google Ads by phish for their credentials via fraudulent ads on Google. Harvested creds are abused to sign in to victim's account, add a new admin, and utilize spending budgets. https://thehackernews.com/2025/01/google-ads-users-targeted-in.html

From Our Blog

? FINRA Warns Third-Party Risks on the Rise

As the financial industry continues to embrace external services to optimize operations, the risks associated with third-party providers have become increasingly significant. FINRA's Cybersecurity Advisory sheds light on the escalating cybersecurity risks that come with the growing reliance on third-party vendors…Read more now at https://riskigy.com/blog/f/finra-warns-third-party-risks-on-the-rise

?

? New Guidance Amid Recent High Profile Insider Threats

Organizations across various sizes and industries face the risk of insider threats, both intentional and unintentional. To address this, the Cybersecurity and Infrastructure Security Agency (CISA) has published the "Resources for Onboarding and Employment Screening Fact Sheet." This document offers recommendations and resources for vetting and screening individuals before they are hired....Read more at?https://riskigy.com/blog/f/fbi-issues-warning-about-fraudulent-emergency-data-requests

?

? How to Avoid Common Password Mistakes

Passwords play a critical role in business security, making proper management essential. At the forefront of this topic is the National Institute of Standards and Technology (NIST), which recently released updated guidelines outlining technical requirements and recommendations for password management and authentication…Read more at https://riskigy.com/blog/f/new-guidance-amid-recent-high-profile-insider-threats

?

? Defending the Human Element in Cyber Attacks

The human element in cybersecurity refers to the behaviors, interactions, and decisions made by people that impact the security of information technology systems. These can include actions as simple as choosing a password, clicking a link in an email, or sharing sensitive information… Read more at https://riskigy.com/blog/f/defending-the-human-element-in-cyber-attacks

Recent Data Breach News

?? Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed it was breached using an Ivanti VPN zero-day vulnerability. The company manages and operates over 11 million .uk, .co.uk, and .gov .uk domain names. https://www.bleepingcomputer.com/news/security/uk-domain-registry-nominet-confirms-breach-via-ivanti-zero-day-vulnerability

?? Blood-donation not-for-profit OneBlood confirms that donors' personal information was stolen in a ransomware attack last summer. OneBlood first notified the public about the attack on July 31, 2024 noting that ransomware actors had encrypted its VMs.? https://www.bleepingcomputer.com/news/security/oneblood-confirms-personal-data-stolen-in-july-ransomware-attack

?? Label giant Avery says website hacked to steal credit cards. Avery is warning it suffered a data breach after its website was hacked to steal customers' credit cards and personal information. Avery discovered they were attacked on December 9, 2024.? https://www.bleepingcomputer.com/news/security/label-giant-avery-says-website-hacked-to-steal-credit-cards ?

?? Federal Trade Commission (FTC) will require web hosting giant GoDaddy to implement basic security protections, such as multi-factor authentication and HTTPS APIs, to settle charges that it failed to secure its hosting services against attacks since 2018. https://www.bleepingcomputer.com/news/security/ftc-sues-godaddy-for-years-of-poor-hosting-security-practices/

?? Hackers leak configs and credentials FortiGate devices. A group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing sensitive technical information to cybercriminals. https://www.bleepingcomputer.com/news/security/hackers-leak-configs-and-vpn-credentials-for-15-000-fortigate-devices ?

?? Wolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers. The incident took place on December 13, 2023. https://www.bleepingcomputer.com/news/security/wolf-haldenstein-law-firm-says-35-million-impacted-by-data-breach ?

Blog Post Spotlight

Windows 10 Users Face Critical Upgrade Decision

As the digital clock ticks toward October 2025, Windows 10 users are standing at a crucial crossroads. Businesses need to be aware that Windows 10 is approaching its end-of-life, with Microsoft scheduled to terminate support for the operating system in October 2025. When this date arrives, Windows 10 will no longer receive the essential security patches and updates that protect against cybersecurity threats. This means that businesses continuing to operate with this system will be exposed to risks such as malware, ransomware, and hacking attempts, potentially endangering sensitive data and business operations.

The upgrade path from Windows 10 is not as straightforward for every business, especially considering hardware requirements like TPM for Windows 11, which may necessitate additional investments in new equipment. Companies may also need to anticipate compatibility issues and ensure that their applications and hardware peripherals will function correctly with Windows 11.

Microsoft does offer a solution in the form of Extended Security Updates (ESU), which businesses can purchase to continue receiving vital security updates beyond the retirement date. However, this is a temporary measure designed to give businesses more time to plan their transition, and it involves a cumulative cost over a maximum of three years post-retirement.

The Countdown Begins

Windows 10 is on the brink of becoming a relic, with its support curtain set to close in October 2025. After this period, Windows 10 will step into the shadows, no longer receiving the vital security updates that shield users from the ever-evolving threats that loom in the cyber sphere. This looming change exposes Windows 10 loyalists to a host of potential vulnerabilities, leaving their digital doors wide open to cyber attacks and data breaches.

The Migration Quandary

The migration from Windows 10 to Windows 11 is shadowed by a déjà vu from the Windows 7 transition but with a more pressing sense of urgency. The reluctance to upgrade is compounded by missing features and performance issues in Windows 11, alongside the stringent TPM hardware requirement, leaving some devices stranded on Windows 10.

Navigating the Upgrade Pathway

Microsoft maintains a firm stance on the necessity of the TPM requirement for Windows 11, highlighting its role in powering numerous security features. For those unable to leap directly to Windows 11, Microsoft has rolled out Extended Security Updates (ESU) as a lifeline, albeit at a cost. The ESU program extends a helping hand to businesses and consumers alike, offering three years of additional security updates for a cumulative fee.

The Critical Decision Ahead

As the deadline draws near, the urgency for Windows 10 users to evaluate their next steps intensifies. Staying on an unsupported platform is akin to playing with fire in a landscape increasingly scorched by cyber threats. The call to action is clear: upgrade to Windows 11, consider alternatives like Linux, or secure extended protection through ESU. The goal? To avoid becoming ensnared in what promises to be an unprecedented "security fiasco."

Conclusion

The clock is ticking for Windows 10 users. With the end-of-support date looming, the time to act is now. Whether it's embracing Windows 11, switching to an alternative OS, or investing in extended security, taking decisive action is imperative to navigate the evolving threats in the digital age confidently.

Making the move to Windows 11 involves preparing the IT infrastructure and possibly training staff for the new environment. A comprehensive understanding of what the end of Windows 10 support means, the potential impact on your business, and the options available, is crucial for a smooth transition. Therefore, taking proactive steps sooner rather than later is advisable to mitigate risks and avoid disruptions.

In the march toward October 2025, forward-thinking and proactive measures will be the keys to securing a safe and resilient digital future.

Cybersecurity Is Complex! We Are Here To Help

Cyberthreats are everywhere, you don’t have to face them alone. Get Cybersecurity & Tech help from Riskigy!

? Looking for an expert to assist your firm or clients?

? Need a pro to explain Tech or Cyber to your management?

? Vetting a new investment or acquisition?

? Want to build a cyber aware staff?

? Need immediate assistance with an incident?

? Considering adding a vCISO or vCTO to your team?

? Seeking help with SOC-2, SEC/FINRA, or FTC readiness?

Contact us to discuss how we can assist!

?