Critical Cisco ISE bug can let attackers run commands as root
Cisco has released patches to fix two critical vulnerabilities in its Identity Services Engine (ISE) security policy management platform. Enterprise administrators use Cisco ISE as an identity and access management (IAM) solution that combines authentication, authorization, and accounting into a single appliance.
The two security flaws (CVE-2025-20124 and CVE-2025-20125) can be exploited by authenticated remote attackers with read-only admin privileges to execute arbitrary commands as root and bypass authorization on unpatched devices. These vulnerabilities impact Cisco ISE and Cisco ISE Passive Identity Connector (ISE-PIC) appliances, regardless of device configuration.
„This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software,“ Cisco said, describing the CVE-2025-20124 bug tagged with a 9.9/10 severity rating.
Source: Bleeping computer / Securityweek
Navigating the Future: Key IT Vulnerability Management Trends
As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws.
Staying informed on these trends can help MSPs and IT teams remain one step ahead of potential cyber-risks. The Kaseya Cybersecurity Survey Report 2024 navigates this new frontier of cyber challenges. The data is clear: Organizations are becoming increasingly reliant on vulnerability assessments and plan to prioritize these investments in 2025.
Source: The hacker news
Link: https://thehackernews.com/2025/02/navigating-future-key-it-vulnerability.html
What Is Attack Surface Management?
Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what’s exposed and where attackers are most likely to strike.
With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker’s perspective has never been more important.
In this guide, we look at why attack surfaces are growing and how to monitor and manage them properly with tools like Intruder. Let’s dive in.
First, it’s important to understand what we mean when we talk about an attack surface. An attack surface is the sum of your digital assets that are ‚reachable‘ by an attacker – whether they are secure or vulnerable, known or unknown, in active use or not.
You can also have both internal and external attack surfaces – imagine for example a malicious email attachment landing in a colleague’s inbox, vs a new FTP server being put online.
Your external attack surface changes continuously over time, and includes digital assets that are on-premises, in the cloud, in subsidiary networks, and in third-party environments. In short, your attack surface is anything that a hacker can attack.
Source: The hacker news
Link: https://thehackernews.com/2025/02/what-is-attack-surface-management.html
CISA orders agencies to patch Linux kernel bug exploited in attacks
CISA has ordered federal agencies to secure their systems within three weeks against a high-severity Linux kernel flaw actively exploited in attacks. Tracked as CVE-2024-53104, the security bug was first introduced in kernel version 2.6.26 and was patched by Google for Android users on Monday.
„There are indications that CVE-2024-53104 may be under limited, targeted exploitation,“ the Android February 2025 Android security updates warn. According to Google’s security advisory, this vulnerability is caused by an out-of-bounds write weakness in the USB Video Class (UVC) driver, which allows „physical escalation of privilege with no additional execution privileges needed“ on unpatched devices.
Source: Bleeping computer
Open Source AI Models: Perfect Storm for Malicious Code, Vulnerabilities
Attackers are finding more and more ways to post malicious projects to Hugging Face and other repositories for open source artificial intelligence (AI) models, while dodging the sites‘ security checks. The escalating problem underscores the need for companies pursuing internal AI projects to have robust mechanisms to detect security flaws and malicious code within their supply chains.
Hugging Face’s automated checks, for example, recently failed to detect malicious code in two AI models hosted on the repository, according to a Feb. 3 analysis published by software supply chain security firm ReversingLabs. The threat actor used a common vector — data files using the Pickle format — with a new technique, dubbed „NullifAI,“ to evade detection.
Source: Dark reading
How red teaming helps safeguard the infrastructure behind AI models
Artificial intelligence (AI) is now squarely on the frontlines of information security. However, as is often the case when the pace of technological innovation is very rapid, security often ends up being a secondary consideration. This is increasingly evident from the ad-hoc nature of many implementations, where organizations lack a clear strategy for responsible AI use.
Attack surfaces aren’t just expanding due to risks and vulnerabilities in AI models themselves but also in the underlying infrastructure that supports them. Many foundation models, as well as the data sets used to train them, are open-source and readily available to developers and adversaries alike.
According to Ruben Boonen, CNE Capability Development Lead at IBM: “One problem is that you have these models hosted on giant open-source data stores. You don’t know who created them or how they were modified, and there are a number of issues that can occur here. For example, let’s say you use PyTorch to load a model hosted on one of these data stores, but it has been changed in a way that’s undesirable. It can be very hard to tell because the model might behave normally in 99% of cases.”
Source: IBM Security intelligence
Guidance and Strategies Protect Network Edge Edvices
CISA and other agencies created a guidance document outlining how to protect edge devices like firewalls, vpn concentrators and other similar devices.
Source: SANS internet storm center / CISA Gov. ressource
Link: https://www.cisa.gov/resources-tools/resources/guidance-and-strategies-protect-network-edge-devices
Infostealers: An Overview
An infostealer is malicious software designed to infiltrate computer systems and extract valuable information from compromised devices. These malware programs operate covertly (not like some malware that perhaps gives pop-ups or noticeably hamper system performance) to collect sensitive data.
For a shorter description, an infostealer is malware that covertly steals secret information from a computer.
Source: Secjuice