Tevora Cybersecurity News

Curated by Anir Desai and Hai-Trang Nguyen

?? Health Net Federal Services Agree to $11 Million Settlement Over Alleged Cybersecurity Lapses

Health Net Federal Services (HNFS) and its parent company, Centene Corporation, have agreed to pay an $11 million settlement to address allegations concerning falsely certifying cybersecurity compliance to its Defense Health Agency (DHA) TRICARE contract. According to the DOJ, HNFS fraudulently certified their compliance with DHA requirements regarding vulnerability scanning, remediation efforts, asset management, access control, firewall protections, and more. HNFS has denied all allegations, stating that the organization has not experienced any data breaches or loss of servicemember information.

More information regarding HNFS's $11 million settlement can be found here.

?? Salt Typhoon Exploits Known Vulnerabilities to Target Telecom Networks

The Chinese-backed threat group Salt Typhoon is exploiting known, older vulnerabilities in Cisco devices to infiltrate telecommunications infrastructure. The attackers use unpatched, compromised routers and VPN appliances for persistence and espionage. Their tactics involve manipulating firmware and stealing credentials to maintain long-term access. Cisco advises organizations to apply patches, restrict admin access, and monitor network traffic for unusual activity to mitigate risks.

More information regarding Salt Typhoon's recent attack patterns can be found here.

The PCI Security Standards Council has mandated that all organizations handling payment data implement DMARC (Domain-based Message Authentication, Reporting & Conformance) by March 31, 2025. This requirement applies to all organizations, systems, personnel, and processes that handle or process cardholder and sensitive authentication data. Failure to comply may result in financial penalties, increased email fraud risk, and deliverability issues. As the deadline to implement DMARC implementation?approaches, it is critical for organizations to assess the current environment and protection capabilities to ensure compliance.

More information regarding DMARC requirements for PCI DSS 4.0 can be found here.

?? Microsoft Patches Actively Exploited Power Pages Vulnerability

Microsoft has patched a vulnerability in Power Pages, its low-code web development platform, that was being actively exploited. The flaw allowed attackers to access and manipulate sensitive data in improperly configured sites. Organizations using Power Pages should review security settings, apply the latest updates, and restrict access to critical resources. Enabling logging and monitoring for suspicious activity can help detect potential breaches.

More information regarding Microsoft's Power Pages vulnerability can be found here.

?? Palo Alto Networks Patches Exploited Firewall Vulnerability

Palo Alto Networks has confirmed active exploitation of a critical vulnerability in its firewall products. The flaw, which affects PAN-OS, allows remote attackers to bypass authentication and execute arbitrary commands. While patches are available, affected organizations should immediately apply updates, restrict management interface access, and monitor for unusual activity to prevent potential compromise.

More information regarding Palo Alto Network's firewall vulnerability can be found here.

Stay vigilant, stay alert, and please reach out if you have any questions!