In this week’s Neeve Newsletter, CISA flags new zero-day vulnerabilities in Fortinet and Microsoft systems, a critical UEFI Secure Boot flaw is uncovered, and the FCC mandates telecom cybersecurity upgrades to counter nation-state threats.

This Week’s Cyber Insights

• 🛡️ CISA Adds Fortinet, Microsoft Zero-Days

• ⚠️ UEFI Secure Boot Vulnerability Exposed

• 🔓 FCC Demands Telecoms Fortify Networks

• 📰 Further Alerts & Insights

🛡️ CISA Adds Fortinet, Microsoft Zero-Days

CISA has issued an urgent alert, adding two new zero-day vulnerabilities affecting Fortinet and Microsoft systems to its Known Exploited Vulnerabilities (KEV) catalog.

• Fortinet FortiOS Bypass: Allows unauthenticated attackers to gain super-admin privileges via crafted WebSocket requests (CVE-2024-55591). Mitigation deadline: January 21, 2025.

• Microsoft Hyper-V Vulnerabilities: Three critical use-after-free and buffer overflow flaws (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335) enable SYSTEM-level privilege escalation. Mitigation deadline: February 4, 2025.

🤔 The Bigger Picture:

These vulnerabilities target core infrastructure—Fortinet for enterprise networks and Microsoft Hyper-V for virtualization—posing a dual threat to organizations' operations and data integrity. Failure to address these exploits can lead to severe consequences, including ransomware attacks. Security teams must review and update systems using the KEV catalog, ensuring mitigations are promptly applied or vulnerable products are discontinued.

Read the full article

⚠️ UEFI Secure Boot Vulnerability Exposed

A critical flaw in UEFI Secure Boot allows attackers to bypass protections and deploy undetectable, persistent malware at the firmware level.

• CVE-2024-7344 Vulnerability: A flaw in signed UEFI applications allows attackers to bypass Secure Boot and deploy malicious bootkits.

• Persistent Threat: Exploited bootkits can evade detection, persist after OS reinstallations, and load malicious kernel extensions.

• Mitigation Measures: Microsoft revoked affected binaries on January 14, 2025. Additional defenses include UEFI revocations, Secure Boot customization, and remote attestation using TPM.

🤔 The Bigger Picture:

This vulnerability underscores weaknesses in Secure Boot mechanisms, especially in third-party UEFI software. Persistent malware at the firmware level is difficult to detect or remove, making it essential to apply revocations, manage EFI system access, and review UEFI firmware security practices. Organizations should ensure rapid updates to avoid long-term exposure.

Read the full article

🔓 FCC Demands Telecoms Fortify Networks

New FCC Ruling: Telecom carriers must secure networks under the Communications Assistance for Law Enforcement Act (CALEA), effective immediately.

• Annual certifications and cybersecurity risk management plans are under consideration to enhance protection against cyberattacks.

• Measures respond to breaches linked to Chinese state-sponsored hackers targeting U.S. communication networks.

🤔 The Bigger Picture:

The FCC’s actions aim to modernize telecom cybersecurity, addressing growing threats from sophisticated nation-state actors. Carriers must act swiftly to meet compliance, while organizations reliant on these networks should review and strengthen their own incident response plans. These measures are vital for securing critical infrastructure, from national defense to public safety.

Read the full article

Further Alerts & Insights