FISA

  The CVE Crisis: When the Backbone of Global Cybersecurity Nearly Broke By: Gjylka Kavaja Date: April 18, 2025 What Happens When the Internet’s Immune System Falters? In the early weeks of April 2025, the cybersecurity world quietly edged toward a cliff. At the center of this tension was the Common Vulnerabilities and Exposures (CVE) Program — the digital world's immune system that enables everyone from security analysts to Fortune 500 companies to track and address software vulnerabilities. If you've ever read a cybersecurity bulletin, applied a CVSS score, or patched a vulnerability labeled “CVE-2024-12123,” you've encountered this system in action. Now imagine this system losing funding, collapsing under bureaucratic chaos — and potentially going dark. That scenario almost played out this month. What Is the CVE Program? The Common Vulnerabilities and Exposures Program, maintained by the MITRE Corporation and overseen by the Cybersecurity and Infrastructur...

  The Hidden Dangers of IoT: Security Vulnerabilities in a Connected World The Internet of Things (IoT) is revolutionizing the way we live and interact with technology. From smart homes and wearables to industrial control systems and connected vehicles, IoT is embedded into nearly every aspect of modern life. While this interconnectedness brings innovation and convenience, it also opens up new security vulnerabilities that pose significant risks to individuals, businesses, and critical infrastructure. What Makes IoT Vulnerable? Unlike traditional computing devices, IoT devices often lack robust security features due to limited processing power, low cost, and minimal oversight. These vulnerabilities arise from: Default Credentials : Many devices are shipped with default usernames and passwords that users often fail to change, leaving them open to brute-force attacks. Infrequent Updates : Manufacturers may not provide regular firmware updates, leaving devices vulnerable to kn...

  Executive Summary CPR ( Check Point Research)  has been observing a sophisticated phishing campaign conducted by Advanced Persistent Threat (APT) 29, a Russian-linked threat group. The operation targeted diplomatic organizations throughout Europe. The campaign appears to continue a previous operation called Wineloader, which impersonates a major European foreign affairs ministry to distribute fake invitations to diplomatic events, most commonly wine-tasting events. The campaign, which was spread via phishing emails, used a new malware dubbed Grapeloader. A new variant of Wineloader was also discovered, likely used in a later stage of the campaign. Introduction CPR identified a significant wave of targeted phishing attacks beginning in January 2025. These attacks specifically target government officials and diplomats across Europe, employing sophisticated techniques, tactics, and procedures (TTPs) that closely resemble those associated with a previous phishing campaign called...

There is a newly identified vulnerability in Microsoft Windows, designated as CVE-2025-24054, and it is currently being exploited in the wild. This flaw pertains to the NTLM (New Technology LAN Manager) authentication protocol and allows unauthorized attackers to perform spoofing attacks over a network by exploiting external control of file names or paths.​ Understanding CVE-2025-24054 CVE-2025-24054 is a spoofing vulnerability that arises from improper handling of file names or paths in Windows NTLM. An attacker can exploit this vulnerability by sending specially crafted network requests, potentially leading to the disclosure of sensitive information such as NTLM hashes. This could allow the attacker to impersonate legitimate users or services, leading to unauthorized access to network resources.​ The vulnerability has been assigned a CVSS v3.1 base score of 6.5, indicating a medium severity level. The attack vector is over the network, requires low attack complexity, and does not nec...

 A chilling reminder that patching isn’t always the end of the story— over 16,000 Fortinet devices are still compromised by a crafty symlink backdoor, according to fresh insights from The Shadowserver Foundation. This isn't your typical zero-day exploit. No fresh vulnerabilities here. Instead, attackers are using a persistence mechanism that lurks in the shadows after the original exploit has been patched. That’s right—patched but still exposed. Here’s how it works: Threat actors compromised FortiGate devices starting in 2023 using zero-days. They planted symbolic links in the folder used to store SSL-VPN language files . These symlinks quietly pointed back to the root filesystem . Since language files are publicly accessible on FortiGates with SSL-VPN enabled, attackers retained read-only remote access to sensitive files— even after patching. As of today, 16,620 Fortinet devices have been detected with this stealthy backdoor. And unless sysadmins take actio...

Upgraded Versions of BPFDoor Linux Backdoor Employ Controller for Reverse Shell Access and Network Control Trend Micro has reported that newly identified variants of the BPFDoor Linux backdoor utilize a controller module to establish a reverse shell and manage additional compromised hosts within a network. Originally disclosed in 2021, BPFDoor is attributed to a Chinese state-sponsored threat group tracked as Red Menshen and Earth Bluecrow. The malware is designed with a strong focus on evading detection, enabling attackers to maintain persistent access to targeted environments. Believed to have been active for nearly a decade, BPFDoor has recently been involved in cyberattacks targeting entities in telecommunications, financial services, and retail sectors across Hong Kong, Egypt, Malaysia, Myanmar, and South Korea. Engineered for cyberespionage, BPFDoor is particularly notable for its use of Berkeley Packet Filters (BPF) to stealthily monitor network traffic and facilitate command-an...

  Video conferencing platform Zoom on Wednesday said it has restored service for the tens of thousands of users after the platform went down in the middle of their workday. Internet monitoring site Downdetector said user complaints about problems with the platform began trickling in around the world at about 2:30 p.m. Eastern Time. “Tried to log onto Zoom and it was down an hour ago. Not a single person on my team could get in. It was the most productive Zoom meeting we ever had,” one X user made light of the mid-day break. Downdetector.com. “We are experiencing an outage that is impacting some users, but a restore is underway,” the California-based company first posted on X about 4:30 p.m. Twenty minutes later, Zoom announced it had fixed the unidentified problem. “Service has now been restored after the earlier outage, and we sincerely appreciate your patience and understanding,” it said on X. At its peak, just after 3:00 p.m., Zoom was reported down by about 70,000 users in the ...

Late last week, in a hearing that seemed ripped from a political thriller, former Facebook policy executive Ms. Sarah Wynn-Williams testified about what she calls the “misleading” actions of Mark Zuckerberg and his company. If you haven’t heard her name yet, buckle up—her story has all the ingredients of a corporate drama: hidden partnerships, potentially secret data-sharing, and quiet alignments with the Chinese Communist Party (CCP). Wynn-Williams started at Facebook in the early 2010s, working her way up to a role where she dealt directly with international regulatory matters. That job put her in the room with top executives whenever the company had to handle a foreign government’s demands—whether those demands were about censorship, user data, or compliance with local laws. In other words, when Zuckerberg needed insight on delicate global issues, her phone likely rang. So, when she told lawmakers she had personally witnessed misleading statements to past congressional committees, ...