The Download In response to escalating cyber threats, the U.S. Department of Homeland Security (DHS) has introduced the concept of "vulnrichment," aiming to bolster the nation's cybersecurity posture. This initiative focuses on enriching vulnerability data with contextual information to prioritize and address security flaws more effectively. By integrating threat intelligence, exploit availability, and potential impact assessments, vulnrichment enables organizations to allocate resources efficiently, mitigating risks before adversaries can exploit them. Attackers often scan for unpatched vulnerabilities, leveraging automated tools to identify and exploit weaknesses rapidly. Once a vulnerability is exploited, attackers can deploy malware, exfiltrate sensitive data, or disrupt critical services, underscoring the importance of proactive vulnerability management. What You Can Do To safeguard their networks, IT administrators should adopt vulnrichment strategies by incorporating comprehensive threat intelligence feeds into their vulnerability management processes. This approach allows for a nuanced understanding of which vulnerabilities pose the most significant threats based on real-world exploitation trends. Implementing automated patch management systems ensures timely remediation of critical flaws, reducing the window of opportunity for attackers. Regularly conducting security assessments and penetration testing can identify potential weaknesses, enabling organizations to fortify their defenses proactively. By embracing these practices, IT administrators can enhance their organization's resilience against evolving cyber threats. ThreatMate automatically enriches discovered vulnerabilities with threat intelligence risk assessment and presents the vulnerabilities that pose material risk to your networks. Sign up for a demo today! To Learn More: https://www.forbes.com/sites/daveywinder/2025/02/24/us-government-supercharges-security-vulnerabilities/

The Download A critical vulnerability, designated as CVE-2024-53704, has been identified in SonicWall's SonicOS SSLVPN authentication mechanism. This flaw allows remote attackers to bypass authentication and hijack active SSLVPN sessions without valid credentials. Exploitation of this vulnerability grants unauthorized access to the victim's network, enabling malicious activities such as data exfiltration, deployment of malware, and lateral movement within the compromised environment. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed active exploitation of this vulnerability in the wild, underscoring the urgency for immediate remediation. What You Can Do To protect against this threat, IT administrators should promptly update their SonicOS firmware to the latest versions provided by SonicWall, which address this vulnerability. If immediate patching is not feasible, it is advisable to disable the SSLVPN feature temporarily to prevent potential exploitation. Additionally, restricting management access to trusted IP addresses, enforcing strong authentication mechanisms, and monitoring network traffic for unusual activities can further enhance security posture. Regularly reviewing and updating security configurations will help mitigate risks associated with such vulnerabilities. Scan your network attack surfaces proactively with ThreatMate to find vulnerabilities before adversaries exploit them. To Learn More: https://www.bleepingcomputer.com/news/security/sonicwall-firewall-exploit-lets-hackers-hijack-vpn-sessions-patch-now/ https://www.theregister.com/2025/02/14/sonicwall_firewalls_under_attack_patch/

The Download Chinese hacking group Salt Typhoon has been actively targeting U.S. telecommunications providers by exploiting unpatched vulnerabilities in Cisco IOS XE devices. Notably, they have leveraged the CVE-2023-20198 privilege escalation and CVE-2023-20273 Web UI command injection flaws to gain unauthorized access to network infrastructure. Once these vulnerabilities are exploited, attackers can establish persistent access through reconfigured devices, often using generic routing encapsulation (GRE) tunnels to communicate with command-and-control servers. This method allows them to intercept communications, exfiltrate sensitive data, and potentially disrupt critical services. The campaign has affected multiple U.S. ISPs and telecom affiliates, as well as providers in South Africa, Italy, and Thailand. What You Can Do To mitigate these threats, IT administrators should immediately assess their network devices for exposure to the identified vulnerabilities. Ensuring that all Cisco devices are updated with the latest firmware and security patches is paramount. Additionally, administrators should disable unnecessary services, restrict web UI access to trusted IP addresses, and implement robust monitoring to detect unusual activity. Regular security audits and network segmentation can further reduce the attack surface, limiting the potential impact of any breaches. Proactive measures and adherence to security best practices are essential to protect against such sophisticated cyber-espionage campaigns. Use ThreatMate to proactively scan all your network attack surfaces for vulnerabilities adversaries exploit. Sign up for a demo today! To Learn More: https://www.bleepingcomputer.com/news/security/chinese-hackers-breach-more-us-telecoms-via-unpatched-cisco-routers/

The Download Threat actors, suspected to be Russian, are leveraging Microsoft's Device Code Authentication mechanism to gain unauthorized access to Microsoft 365 (M365) accounts. This method involves social engineering tactics where attackers impersonate officials or researchers and engage targets via platforms like Signal. They send fake invitations containing links to Microsoft's legitimate device login page. When targets enter the provided code along with their credentials, attackers intercept the resulting access and refresh tokens, enabling persistent access to the victim's M365 account. This approach is particularly insidious as it exploits a legitimate authentication feature, making detection challenging. What You Can Do To defend against this threat, IT administrators should consider disabling Device Code Authentication if it's not essential for operations. If disabling isn't feasible, implementing conditional access policies to restrict its use to trusted devices or locations is advisable. Regular monitoring of sign-in logs for unusual authentication patterns, especially those involving device code flow, can aid in early detection. Educating users about this specific phishing technique is crucial, emphasizing the importance of verifying unexpected authentication requests and being cautious with unsolicited communications. Use ThreatMate to monitor your M365 tenants' attack surface. Sign up for a demo today. To Learn More: https://www.helpnetsecurity.com/2025/02/14/microsoft-device-code-authentication-phishing-m365-account-compromise/

The Download A critical vulnerability, identified as CVE-2025-0108, has been discovered in Palo Alto Networks' PAN-OS, the operating system powering their firewalls. This flaw allows unauthenticated attackers with network access to the management web interface to bypass authentication and execute specific PHP scripts. While this does not permit remote code execution, it significantly compromises the system's integrity and confidentiality. Exploiting this vulnerability, especially when combined with others like CVE-2024-9474, enables attackers to gain unauthorized access to unpatched and unsecured firewalls, potentially leading to data breaches and network infiltration. What You Can Do To safeguard against this threat, IT administrators should promptly update their PAN-OS to the latest versions: 11.2.4-h4, 11.1.6-h1, 10.2.13-h3, or 10.1.14-h9. It's crucial to restrict access to the management web interface, ensuring only trusted internal IP addresses can connect, thereby minimizing exposure to potential attacks. Regularly monitoring network traffic for unusual activities and adhering to Palo Alto Networks' best practice security guidelines will further enhance the security posture against such vulnerabilities. ThreatMate helps you identify vulnerabilities in your attack surface. Sign up today to demo ThreatMate. To Learn More: https://www.bleepingcomputer.com/news/security/hackers-exploit-authentication-bypass-in-palo-alto-networks-pan-os/

The Download The Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Food and Drug Administration (FDA) have issued a warning regarding hardcoded backdoor vulnerabilities in Contec CMS8000 and Epsimed MN-120 patient monitors. These devices, which monitor vital signs such as heart rate and blood oxygen saturation, are susceptible to unauthorized remote access due to insecure design. Attackers can exploit this backdoor to remotely control the monitors, potentially causing them to malfunction, exfiltrate sensitive patient data, and use the compromised devices as entry points to broader healthcare networks. Such exploitation could lead to incorrect patient monitoring, unauthorized disclosure of protected health information, and further network compromises. What You Can Do To mitigate these risks, IT administrators in healthcare settings should immediately assess whether these vulnerable devices are present within their networks. If so, it is crucial to implement network segmentation to isolate the monitors from critical systems and apply available security patches or firmware updates provided by the manufacturers. Additionally, disabling unnecessary internet connectivity for these devices can reduce exposure to potential attacks. Regularly monitoring network traffic for unusual activity and conducting thorough security assessments can further help in identifying and addressing vulnerabilities before they are exploited. ThreatMate will identify vulnerable assets on networked systems including IoT. Sign up for a demo today! To Learn More: https://www.darkreading.com/vulnerabilities-threats/agencies-sound-alarm-patient-monitors-hardcoded-backdoor

The Download In 2024, cyber threat actors exploited 768 Common Vulnerabilities and Exposures (CVEs), marking a 20% rise from the 639 CVEs exploited in 2023. Notably, 23.6% of these vulnerabilities were weaponized on or before their public disclosure date, underscoring the speed at which attackers leverage new weaknesses. A significant example is CVE-2021-44228, known as Log4Shell, associated with 31 different threat actors. Attackers often exploit these vulnerabilities to gain unauthorized access, execute arbitrary code, or disrupt services, leading to data breaches, system compromises, and financial losses. What You Can Do To mitigate these risks, IT administrators should implement a robust vulnerability management program that includes continuous monitoring and timely patching of systems. Prioritizing patches for vulnerabilities known to be actively exploited is crucial. Additionally, reducing the exposure of critical systems to the internet can limit potential attack vectors. Employing intrusion detection systems, maintaining up-to-date threat intelligence, and conducting regular security assessments can further strengthen an organization's defense against such exploits. Get started using ThreatMate to protect your client networks from exploitable vulnerabilities. ThreatMate will monitor all your network attack surfaces, prioritize the vulnerabilities based on threat intelligence, and then create simple mission plans to remediate and reduce risk. Schedule your demo today! To Learn More: https://thehackernews.com/2025/02/768-cves-exploited-in-2024-reflecting.html?m=1

Dover, Delaware - Feb 6, 2025 - ThreatMate, the AI-powered cybersecurity startup revolutionizing attack surface management for Managed Service Providers (MSPs), today announced it raised $3.2 million in a seed funding round led by Top Down Ventures’ Founders Fund I, with participation from Runtime Ventures and Blu Ventures. This investment marks a significant milestone for ThreatMate as it expands its mission to empower MSPs with enterprise-grade cybersecurity solutions tailored for the SMB market. Strategic Backing to Accelerate Growth The funding round brings together investors with deep expertise in scaling cybersecurity and MSP-focused software companies. Top Down Ventures, known for its focus on high-impact SaaS businesses within the MSP space, joins Runtime Ventures and Blu Ventures in backing ThreatMate’s vision to transform attack surface management. "ThreatMate is tackling one of the most pressing challenges in cybersecurity today: giving MSPs the tools to manage and secure their customers' rapidly expanding attack surfaces,”  Chris Day, Founding Partner at Top Down Ventures Chris Day notes, “Their approach combines AI, machine learning, and automation into a seamless platform that MSPs can operationalize immediately. We see a massive opportunity for ThreatMate to become an essential part of the cybersecurity stack for service providers.” Bringing Enterprise-Grade Cybersecurity to the SMB Market ThreatMate was founded by a team of experienced entrepreneurs and cybersecurity experts with a track record of successful exits and deep expertise in DoD/National Security, cybersecurity, and artificial intelligence. Recognizing the increasing complexity of cyber threats, the company was built to make enterprise-grade security accessible to the small and mid-sized business market while using AI to eliminate the complexity of operating legacy enterprise solutions. By leveraging advances in AI and automation, ThreatMate’s platform gives MSPs unparalleled visibility into attack surfaces, allowing them to identify, prioritize, and mitigate vulnerabilities before they can be exploited. This unified approach enables MSPs to deliver proactive, high-impact security solutions without the complexity and cost traditionally associated with enterprise cybersecurity tools. “We are thrilled to have the support of Top Down Ventures, Runtime Ventures, and Blu Ventures as we enter this next stage of growth,” said Anup Ghosh, Co-founder and CEO of ThreatMate. “This investment validates our vision and equips us with the resources and expertise to scale our platform, grow our team, and strengthen our partnerships with MSPs to meet the increasing cybersecurity demands of SMBs.” As cyberattacks surge globally and MSPs become prime targets for threat actors, ThreatMate is filling a critical gap in the market. The platform’s AI-powered analytics, continuous monitoring, and multi-tenant design ensure that MSPs have the tools to proactively manage their customers’ attack surfaces—without adding unnecessary complexity. “Security isn’t a one-size-fits-all solution. Different businesses have varying resources, unique tech stacks, and distinct partner ecosystems,” said Michael Sutton, Co-Founder and General Partner of Runtime Ventures. “ThreatMate has recognized this need and offers a world-class, multi-tenant solution that enables MSPs to deliver enterprise-grade Continuous Threat Exposure Management to small and mid-sized businesses.” Use of Funds ThreatMate is committed to making cybersecurity more streamlined, proactive, and actionable for MSPs. With this funding, ThreatMate will accelerate product development, expand its go-to-market strategy, and deepen industry partnerships, ensuring that MSPs have the tools they need to stay ahead of emerging threats and deliver best-in-class security to their clients. As the cybersecurity landscape continues to evolve, ThreatMate is poised to become an essential part of the MSP security stack—providing real-time intelligence, automation, and scalable protection for the businesses that rely on them. For more information about ThreatMate and its attack surface management platform, visit www.threatmate.com  or follow them on LinkedIn . Media Contact: Anup Ghosh ThreatMate info@threatmate.com 302-213-3480

#ASM #ransomware The Download In case you thought ransomware was a fad that faded out, think again. Research firm Chainalysis published its annual crime report showing they counted $1.1 billion dollars in ransomware payments made to ransomware gangs in 2023. One reason why this number is more credible than anecdotal evidence is Chainalysis tracks payments across blockchains, which are publicly visible and also almost exclusively the way ransomware gangs demand payment through Bitcoin and other digital currencies. This massive payout follows a down year in 2022 attributed to the distraction of eastern European cyber gangs to the war in Ukraine. In particular, prolific ransomware gang Conti was disbanded over diverging loyalties to Russian and Ukraine. There were two big drivers of the big increase in ransomware payments. First was targeting firms that were particularly vulnerable to the inability to tolerate a crippling ransomware attack while also having the ability to pay larger ransomware sums. Examples of these firms include hospitals where life and death depends on networks operating and financial services firms that must continue to trade and manage assets or risk losing the faith and trust of their customers. The second big driver was the emergence of the C10p ransomware gang and publicly exposed vulnerabilities such as the MOVEit file transfer web application that was susceptible to exploitation by cyber criminals. MOVEit ransomware attacks affected over 62 million people and over $100M in ransomware payments attributed to C10p. What's Ahead Given this resurgence of ransomware in 2023 what can we expect in 2024? In short, more ransomware attacks. Ransomware constitutes a low-risk, high payout crime, which means it will attract more new actors into the industry. What MOVEit demonstrated is externally facing attack surfaces are rich and ripe for the taking. We expect more vulnerabilities both externally facing and behind the firewall as well as account takeover attacks will contribute to more successful ransomware campaigns this year. While the cyber insurance industry tends to lag attacks in instituting new controls, we can expect new cyber insurance requirements are coming down the pike to minimize attack surfaces and raise the bar on security controls. See https://www.wired.com/story/ransomware-payments-2023-breaks-record/ for more analysis.