🛡️𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗡𝗲𝘄𝘀 & 𝗜𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝗦𝘂𝗺𝗺𝗮𝗿𝘆

🔍 𝗧𝗵𝗿𝗲𝗮𝘁 𝗟𝗮𝗻𝗱𝘀𝗰𝗮𝗽𝗲 𝗢𝘃𝗲𝗿𝘃𝗶𝗲𝘄
Overall Severity: 🟠 MEDIUM
Key Trends:
• Increased sophistication in phishing attacks, particularly device code phishing.
• Active exploitation of critical vulnerabilities in widely used firewall and network devices.
• Targeting of remote workers and insider threats by state-sponsored groups.
Most Targeted Sectors: Telecommunications, Healthcare, Government

𝗞𝗲𝘆 𝗧𝗮𝗸𝗲𝗮𝘄𝗮𝘆𝘀
🔴 𝗠𝗶𝘁𝗶𝗴𝗮𝘁𝗲 𝗗𝗲𝘃𝗶𝗰𝗲 𝗖𝗼𝗱𝗲 𝗣𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗥𝗶𝘀𝗸𝘀
𝗗𝗲𝘀𝗰𝗿𝗶𝗽𝘁𝗶𝗼𝗻:
Implement Conditional Access policies in Microsoft Entra ID to restrict device code authentication to trusted devices and networks. Monitor sign-in logs for suspicious activities and revoke refresh tokens if device code phishing is suspected.
𝗥𝗮𝘁𝗶𝗼𝗻𝗮𝗹𝗲:
Storm-2372’s device code phishing attacks have successfully targeted multiple sectors around the world. It’s been i have gained unauthorised access to Microsoft services and harvesting sensitive data.
𝗧𝗶𝗺𝗲𝗳𝗿𝗮𝗺𝗲: Urgent Action Required
𝗦𝗼𝘂𝗿𝗰𝗲𝘀:
• https://www.bleepingcomputer.com/news/security/microsoft-hackers-steal-emails-in-device-code-phishing-attacks/
• https://cyberscoop.com/russia-threat-groups-device-code-phishing-microsoft-accounts/

🔴 𝗨𝗿𝗴𝗲𝗻𝘁 𝗣𝗮𝘁𝗰𝗵 𝗳𝗼𝗿 𝗣𝗮𝗹𝗼 𝗔𝗹𝘁𝗼 𝗡𝗲𝘁𝘄𝗼𝗿𝗸𝘀 𝗣𝗔𝗡-𝗢𝗦
𝗗𝗲𝘀𝗰𝗿𝗶𝗽𝘁𝗶𝗼𝗻:
Upgrade all PAN-OS firewalls to the latest versions (11.2.4-h4 or later) to address the critical authentication bypass vulnerability (CVE-2025–0108) that is actively being exploited.
Rationale:
Exploitation attempts have already been detected against unpatched PAN-OS devices, risking unauthorized access and potential data breaches.
𝗧𝗶𝗺𝗲𝗳𝗿𝗮𝗺𝗲: Action Required This Week
𝗦𝗼𝘂𝗿𝗰𝗲𝘀:
• https://www.bleepingcomputer.com/news/security/hackers-exploit-authentication-bypass-in-palo-alto-networks-pan-os/

🔴 𝗣𝗮𝘁𝗰𝗵 𝗦𝗼𝗻𝗶𝗰𝗪𝗮𝗹𝗹 𝗙𝗶𝗿𝗲𝘄𝗮𝗹𝗹𝘀 𝗜𝗺𝗺𝗲𝗱𝗶𝗮𝘁𝗲𝗹𝘆
𝗗𝗲𝘀𝗰𝗿𝗶𝗽𝘁𝗶𝗼𝗻:
Update SonicWall firewalls to SonicOS versions 8.0.0–8037 or 7.1.3–7015 to mitigate the critical authentication bypass vulnerability (CVE-2024–53704) that is being actively exploited.
Rationale:
The vulnerability allows attackers to hijack SSL VPN sessions, posing a significant risk to organisational security.
𝗧𝗶𝗺𝗲𝗳𝗿𝗮𝗺𝗲: Immediate Action Required
𝗦𝗼𝘂𝗿𝗰𝗲𝘀:
• https://www.bleepingcomputer.com/news/security/sonicwall-firewall-bug-leveraged-in-attacks-after-poc-exploit-release/
• https://cybersecuritynews.com/sonicwall-firewall-authentication-bypass-vulnerability-exploited-in-wild/

🟠 𝗠𝗼𝗻𝗶𝘁𝗼𝗿 𝗳𝗼𝗿 𝗣𝗼𝘀𝘁𝗴𝗿𝗲𝗦𝗤𝗟 𝗭𝗲𝗿𝗼-𝗗𝗮𝘆 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝘀
𝗗𝗲𝘀𝗰𝗿𝗶𝗽𝘁𝗶𝗼𝗻:
Ensure that PostgreSQL systems are patched against CVE-2024–12356 and CVE-2025–1094 to prevent potential exploitation linked to the BeyondTrust breach.
𝗥𝗮𝘁𝗶𝗼𝗻𝗮𝗹𝗲:
These vulnerabilities have been exploited in a high-profile breach, indicating a need for immediate attention to prevent similar incidents.
Timeframe: :date: Action Required This Week
𝗦𝗼𝘂𝗿𝗰𝗲𝘀:
• https://www.bleepingcomputer.com/news/security/postgresql-flaw-exploited-as-zero-day-in-beyondtrust-breach/

🟠 𝗦𝘁𝗿𝗲𝗻𝗴𝘁𝗵𝗲𝗻 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗔𝗴𝗮𝗶𝗻𝘀𝘁 𝗡𝗼𝗿𝘁𝗵 𝗞𝗼𝗿𝗲𝗮𝗻 𝗖𝘆𝗯𝗲𝗿 𝗧𝗵𝗿𝗲𝗮𝘁𝘀
𝗗𝗲𝘀𝗰𝗿𝗶𝗽𝘁𝗶𝗼𝗻:
Implement robust identity verification processes for remote hires and enhance monitoring for insider threats to mitigate risks from North Korean IT workers infiltrating international companies.
𝗥𝗮𝘁𝗶𝗼𝗻𝗮𝗹𝗲:
These operatives use sophisticated tactics to plant backdoors and steal sensitive information, posing a significant threat to organisations.
𝗧𝗶𝗺𝗲𝗳𝗿𝗮𝗺𝗲: Action Required This Quarter
𝗦𝗼𝘂𝗿𝗰𝗲𝘀:
• https://cybersecuritynews.com/north-korean-it-workers-infiltrate-international-companies-to-plant-backdoors-on-systems/

🟠 𝗕𝗲𝘄𝗮𝗿𝗲 𝗼𝗳 𝗦𝗼𝗰𝗚𝗵𝗼𝗹𝗶𝘀𝗵 𝗠𝗮𝗹𝘄𝗮𝗿𝗲
𝗗𝗲𝘀𝗰𝗿𝗶𝗽𝘁𝗶𝗼𝗻:
Educate users on avoiding fake browser update prompts and verify updates from official sources to prevent SocGholish infections.
𝗥𝗮𝘁𝗶𝗼𝗻𝗮𝗹𝗲:
This malware is distributed through deceptive update notifications and can lead to severe security breaches.
𝗧𝗶𝗺𝗲𝗳𝗿𝗮𝗺𝗲: Action Required This Month
𝗦𝗼𝘂𝗿𝗰𝗲𝘀:
• https://cybersecuritynews.com/beware-of-malicious-browser-updates/