Newsletter
Advisories, Vulnerabilities & Alerts
Ethan Grammer
Senior Infrastructure
& Cybersecurity Engineer
Guillermo Sanchez
Senior Cybersecurity Engineer
Apple Announces Zero Day Vulnerabilities for Mac
Description: Apple has announced two zero-day vulnerabilities targeting Intel-based Mac computers. The vulnerabilities allow threat actors to perform remote code execution via web content on Sequoia-based systems.
Apple has confirmed that the there have been reports of the vulnerabilities being exploited in the wild and recommends that users upgrade their operating system immediately.
Recommended Actions:
- Update MacOS machines to Sequoia 15.1.1 immediately.
- Perform third-party application patching during OS update process.
- Inventory MacOS devices for vulnerable versions based on Intel vs Apple Silicon CPU architecture.
External Links:
Chinese Hackers Exploit Fortinet VPN Zero-Day
Description: Chinese threat actors have recently been exploiting a zero-day vulnerability found within the FortiClient Windows VPN client across the globe. The zero-day allows threat actors to dump credentials stored in memory after a user authenticates into the VPN client, thus allowing the threat actors to receive login information in plaintext that can then be used for further exploitation against an individual or organization. As of time of writing, there is currently no available patch for the FortiClient vulnerability, and Fortinet has not confirmed the zero-day.
Recommended Actions:
- Restrict Fortinet VPN access to only individuals who require immediate access until a patch has been deployed.
- Monitor VPN authentication attempts and successes for suspicious login attempts.
External Links:
Zero-Day Exploitation Targeting Palo Alto Network Firewall Management Interfaces
Description: Cybersecurity firm Palo Alto Networks (PAN) published a bulletin advising firewall customers to take steps to secure their firewall management interfaces. The vulnerability enables an unauthenticated attacker with network access to the management web interface to gain administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities.
Palo Alto Networks is aware of an increasing number of attacks that leverage the exploitation of this vulnerability.
Recommended Actions:
- Make sure that only trusted internal IP addresses are allowed to access the management interface.
- Update affected devices to the published fixed versions.
- Follow the best practice deployment guidelines provided by the vendor.
External Links:
Microsoft Windows Server 2022 Unexpected Upgrades
Description: Microsoft released an update to Windows Server 2022 versions in early November 2024 that caused the potential for servers to be automatically and inadvertently updated to Microsoft Windows Server 2025. Affected users reported that there was no notification or alert to the upgrade, and users could not opt out of the version upgrade if it was initiated.
Microsoft has reported that this issue affected machines that were being managed and updated by third-party tools. The issue was fixed on Microsoft’s end, but users still need to ensure that updates are not being automatically deployed for this patch version of Windows Server 2022.
Recommended Actions:
- Pause automatic updates via patching tools for Windows Server 2022 machines.
- Confirm that all Windows Server 2022 machines are online and functioning properly as of November 2024.
- Limit the deployment of automatic updates to critical servers and instead focus on manual patch installation after testing and validation.
External Links:
Cisco Event Response: October 2024 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication
Description: At the end of October 2024, Cisco released the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication includes 35 Cisco Security Advisories that describe 51 vulnerabilities in Cisco ASA, FMC, and FTD.
Cisco has released software updates that address these vulnerabilities.
Recommended Actions:
- Review the Security Advisory Table to check if any vulnerability affects your environment and patch accordingly.
External Links:
Celito is a team of experienced IT Executives, Industry Professionals, and Business Consultants focused on the life sciences industry.
Products
Consulting
Company
Celito Tech, Inc.
CORPORATE HEADQUARTERS
2100 Geng Road Suite #210
Palo Alto, CA 94303
US OFFICE LOCATION
842 Main St.
Redwood City, CA 94063
+1 650.374.2121
Celito Tech, Inc.
INDIA OFFICE LOCATION
Celito Tech India Pvt Ltd.
Flat No.A105, 1st Floor
Aditya's Imperial Heights,
Hyderabad, Rangareddi-500049
Telangana, India
+91 984.902.4174
Privacy Policy | Cookie Policy | Terms of Service | Copyright 2021 © Celito Technology Inc