Bipartisan push for renewal of cyberthreat information sharing law
Two senators, Gary Peters (D-MI) and Mike Rounds (R-SD) have introduced a bill “designed to extend for another decade the provisions of pivotal cybersecurity legislation from 2015 that encouraged businesses to share information about ongoing cybersecurity threats with the federal government.” The original law — the Cybersecurity Information Sharing Act of 2015 — expires in September. It was “hailed by federal agencies and cybersecurity experts as key to protecting personal information and ensuring that both the federal government and companies can take collaborative steps to prevent data breaches or attacks from cybercriminals and foreign adversaries.”
ClickFix becoming a favorite amongst state-sponsored hackers
This technique gets users to infect their own machine by performing series of tasks, either by being fooled by spoofed prompts into correcting a Windows glitch, completing a CAPTCHA verification, or registering their device. It has become prevalent in recent months, and Proofpoint is now stating that “multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been deploying over the three-month period from late 2024 through the beginning of 2025. This is an escalation of sorts from simply being a tool for cybercrime groups.
GoDaddy puts Zoom on mute for about 90 minutes
Attendees of Zoom meetings on Wednesday had more opportunity than usual to ask, “can you hear me now?” as a domain registry error shut down the popular video chat platform for about 90 minutes. Cisco’s ThousandEyes observability group, who analyzed the incident, identified it as a DNS problem that meant top-level domain nameservers did not have the records for zoom.us. Even after service returned, users who had been online at the time of the outage had to use command line skills to flush their DNS caches. The official report states that “the domain zoom.us was not available due to a server block by GoDaddy Registry. This block was the result of a communication error between Zoom’s domain registrar, Markmonitor, and GoDaddy Registry, which resulted in GoDaddy Registry mistakenly shutting down the zoom.us domain.” Markmonitor is a domain management and security outfit. GoDaddy Registry manages the entire .us namespace.
Critical Erlang/OTP SSH flaw exposes devices to remote hacking
As posted in Security Week, “Erlang/OTP is a collection of libraries, middleware and other tools designed for creating scalable soft real-time systems that require high availability, such as e-commerce, banking, and communications applications.” Now, according to a team of researchers from Ruhr University Bochum in Germany, the collection’s SSH implementation is “affected by a critical vulnerability for which they calculated a CVSS score of 10.” Tracked with a CVE number, “the flaw is related to the SSH protocol message handling, which allows an attacker to send connection protocol messages prior to authentication.” The researchers added that “all SSH servers that leverage the Erlang/OTP SSH library are likely to be impacted, and they drew attention to ones used for remote access.”
Huge thanks to our sponsor, Vanta
We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta.
Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI.
Now that’s…a new way to GRC. Get started at Vanta.com/headlines.
SonicWall warns of old vulnerability now actively exploited
This warning refers to a security advisory for an SMA 100 series vulnerability that was patched in 2021. It is described as an authenticated arbitrary command execution vulnerability. According to Security Week, “when the patches were announced in September 2021, the vulnerability went largely unnoticed, likely because it was assigned a ‘medium severity’ rating (CVSS of 5.5) and due to its exploitation requiring authentication.” It now turns out that the flaw has been exploited in the wild, forcing Sonic Wall to assign a new CVSS score of 7.2, making it ‘high severity’.
Mustang Panda sallies forth
According to a report from Zscaler, the Chinese espionage-focused APT has used an updated backdoor and several new tools in a recent attack. Already proficient in using Windows zero-days, Zscaler says, “the APT is relying on DLL sideloading to execute its malicious payloads and evade detection, deploying all tools as libraries within archives that also contain a vulnerable executable to load them.” The group is “known for targeting government and military entities, as well as NGOs and minority groups, mainly in East Asia, but also in Europe.”
Over 16,000 Fortinet devices compromised with symlink backdoor
Discovered and reported by The Shadowserver Foundation, this exposure states that 16,000+ internet-exposed Fortinet devices “have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices.” It follows a warning from Fortinet issued last week, in which the company said it had “discovered a new persistence mechanism used by a threat actor to retain read-only remote access to files in the root filesystem of previously compromised but now patched FortiGate devices.” Fortinet has released an updated AV/IPS signature to detect and remove the symlink and the latest version of its firmware “has also been updated to detect and remove the link.”
Microsoft: Office 2016 and 2019 reach end of support in October
Microsoft is reminding customers that these two products will reach the end of extended support six months from now, on October 14. The platforms reached the end of mainstream support in 2020 and 2023 respectively. Per a Microsoft 365 Admin Center update, after October 14 of this year, “no further updates, security fixes, or technical support will be available for these versions of Office…[adding]…while the applications may continue to function, using unsupported software could lead to potential security risks, compliance risks, system incompatibilities, and other issues.”