This week’s cybersecurity newsletter highlights critical vulnerabilities in Fortinet and BeyondTrust products, the exploitation of multiple zero-day flaws by Microsoft, and emerging ransomware tactics targeting AWS. Additionally, it discusses a significant data breach at Stiiizy, the impact of healthcare data breaches in the US, and various government responses to cyber threats. Affected: Fortinet, BeyondTrust, Microsoft, AWS, Stiiizy, US Healthcare Sector, Turks and Caicos Government, UK Public Sector
Keypoints :
- Fortinet disclosed multiple critical vulnerabilities, including a zero-day flaw (CVE-2024–55591) affecting FortiOS and FortiProxy.
- CISA warned federal agencies about a second vulnerability (CVE-2024–12686) in BeyondTrust’s solutions, linked to attacks on the US Department of Treasury.
- Microsoft’s January 2025 Patch Tuesday addressed 159 flaws, including eight zero-days actively exploited in attacks.
- Malicious packages targeting Cursor were discovered on NPM, raising concerns about Snyk’s involvement.
- A new ransomware tactic by the “Codefinger” group targets AWS S3 buckets using encryption tools.
- A critical vulnerability (CVE-2024–50603) in Aviatrix Controller is being actively exploited for cryptomining and backdoor deployment.
- A Russian botnet exploited DNS misconfigurations to deliver malware via hijacked MikroTik routers.
- A critical flaw in Google’s OAuth system exposes millions of accounts to unauthorized access.
- Over 4 million internet-connected systems are vulnerable due to tunneling protocol flaws.
- Stiiizy reported a data breach affecting 380,000 individuals, with ransom threats from the Everest ransomware group.
- In 2024, over 580 healthcare data breaches compromised nearly 180 million user records in the US.
- The EU plans to launch a Cybersecurity Support Centre for healthcare by 2026.
- The UK government is considering a ban on ransomware payments by public bodies.
- A location data broker reported a breach affecting millions of users’ historical smartphone location data.
- The FBI removed PlugX malware from over 4,250 hacked computers in a major operation.
- Scammers are exploiting California wildfires to launch phishing campaigns.
MITRE Techniques :
- Execution (T1203) – Exploitation of vulnerabilities in Fortinet products to gain super-admin privileges.
- Command and Control (T1071) – Exploitation of BeyondTrust’s vulnerability for remote access and control.
- Exploitation for Client Execution (T1203) – Active exploitation of zero-day vulnerabilities in Microsoft products.
- Data Encrypted for Impact (T1486) – Ransomware tactics used by “Codefinger” to encrypt AWS S3 buckets.
- Remote File Copy (T1105) – Deployment of cryptomining malware through Aviatrix Controller vulnerability.
- Credential Dumping (T1003) – Exploitation of Google’s OAuth flaw to access sensitive user accounts.
- Phishing (T1566) – Scammers creating fake domains related to California wildfires to steal personal information.