federal agencies Archives

AppWizard

April 6, 2025

Pentagon inspector general investigating Hegseth’s use of Signal messaging app

DoD's acting Inspector General, Steven Stebbins, is reviewing Defense Secretary Pete Hegseth's use of the Signal app for operational airstrike discussions in Yemen to evaluate compliance with policies on commercial messaging for official communications and classification mandates. Concurrently, House Oversight Committee Democrats are investigating the Department of Government Efficiency's data usage, while OPM is directing agencies to revise performance review processes to prioritize adherence to presidential policies. The Defense Department has mandated public reporting of canceled contracts linked to Trump's efficiency initiatives. The SSA is tightening identity-proofing requirements for benefit applications, discontinuing phone verification options. During a nomination hearing, Trump’s nominees for OPM and OMB faced questions regarding federal workforce reductions. The Army has abandoned plans for a billion-dollar software development contract after feedback on draft RFPs. Employees at the IMLS have been placed on administrative leave amid concerns over the agency's future and grant disbursement obligations following Trump's executive order aimed at eliminating smaller entities.

Winsage

March 26, 2025

Hackers Exploit Windows MMC Zero-Day Vulnerability to Execute Malicious Code

Russian threat actors are exploiting a zero-day vulnerability in the Microsoft Management Console (MMC), identified as CVE-2025-26633, allowing them to bypass security features and execute harmful code. The hacking group Water Gamayun, also known as EncryptHub and Larva-208, is behind this campaign, using a weaponized version of the vulnerability called “MSC EvilTwin” to deploy various malicious payloads, including information stealers and backdoors. The vulnerability affects multiple Windows versions, particularly older systems like Windows Server 2016. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-26633 to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch affected systems by April 1, 2025. Microsoft included this vulnerability in its March 2025 Patch Tuesday update. Recommended mitigations include applying security patches, restricting network access to MMC ports, and monitoring for unusual MMC activity.

Winsage

March 12, 2025

CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild

CISA has identified a critical vulnerability in Microsoft Windows Management Console (MMC), designated as CVE-2025-26633, which allows remote attackers to execute arbitrary code due to improper input sanitization. This vulnerability is included in CISA's Known Exploited Vulnerabilities catalog, and federal agencies must address it by April 2, 2025, as per Binding Operational Directive 22-01. Microsoft has released an out-of-band patch on March 10, 2025, to improve input validation in mmc.exe. Organizations are advised to prioritize patching, restrict MMC access, and monitor for exploitation.

Winsage

March 12, 2025

Microsoft patches Windows Kernel zero-day exploited since 2023

ESET has identified a zero-day vulnerability in the Windows Win32 Kernel Subsystem, designated as CVE-2025-24983, which has been exploited since March 2023. This vulnerability, stemming from a use-after-free weakness, allows low-privileged attackers to escalate access to SYSTEM privileges without user interaction. It primarily affects older Windows versions, including Windows Server 2012 R2 and Windows 8.1, but also poses risks to newer versions like Windows Server 2016 and Windows 10 (build 1809 and earlier). The exploit was first seen in the wild in March 2023, targeting systems compromised by the PipeMagic malware. Microsoft has addressed this vulnerability in the recent Patch Tuesday updates. Additionally, five other zero-day vulnerabilities were also patched, and CISA has mandated that Federal Civilian Executive Branch agencies secure their systems by April 1st.

Winsage

March 4, 2025

Feds add Windows, router vulnerabilities to actively exploited list

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its list of actively exploited vulnerabilities, highlighting several critical exploits. Key vulnerabilities include: - CVE-2023-20118: Affects specific Cisco Small Business Router models (RV016, RV042, RV042G, RV082, RV320, RV325), allowing hackers to remotely execute arbitrary commands via specially crafted HTTP requests, potentially granting root-level privileges. - CVE-2023-20025: Could enable hackers to bypass admin credential requirements for CVE-2023-20118. - CVE-2018-8639: Affects various Windows operating systems (Windows 7, Windows Server 2012 R2, Windows 10) due to the Win32k component's failure to manage memory objects, allowing local attackers to execute arbitrary code in kernel mode. Neither Microsoft nor Cisco has issued specific security advisories regarding these vulnerabilities.

Winsage

March 4, 2025

CISA Alerts on Active Exploitation of Cisco Small Business Router Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert about a command injection vulnerability (CVE-2023-20118) affecting Cisco Small Business RV Series Routers, which are end-of-life. This vulnerability, rated 6.5 on the CVSSv3.1 scale, allows authenticated attackers to execute arbitrary commands with root privileges. The affected models include RV016, RV042, RV042G, RV082, RV320, and RV325, running firmware versions released before April 2023. Cisco will not provide patches for these devices. CISA mandates that federal agencies either implement mitigations or stop using the routers by March 24, 2025. Private organizations are also encouraged to address the issue, especially due to exploitation attempts linked to the PolarEdge botnet campaign. Administrators are advised to restrict administrative access, monitor logs for unusual activity, and consider decommissioning affected devices. The continued use of unpatched routers poses significant risks to critical infrastructure, particularly in small business and remote work environments.

Winsage

March 4, 2025

CISA tags Windows, Cisco vulnerabilities as actively exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory for U.S. federal agencies to enhance their defenses against cyberattacks targeting vulnerabilities in Cisco and Windows systems. Two specific vulnerabilities have been identified: 1. CVE-2023-20118, which allows attackers to execute arbitrary commands on certain VPN routers, requiring valid administrative credentials for exploitation. This vulnerability can be combined with CVE-2023-20025, an authentication bypass that grants root privileges to attackers. Cisco acknowledged this issue in an advisory in January 2023, with proof-of-concept exploit code publicly available. 2. CVE-2018-8639, a Win32k elevation of privilege flaw that allows local attackers to execute arbitrary code in kernel mode, enabling data manipulation and unauthorized account creation. Microsoft issued a security advisory regarding this vulnerability in December 2018, affecting both client and server platforms. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch agencies to secure their networks against these vulnerabilities by March 23, as per the Binding Operational Directive 22-01. Additionally, CISA has alerted federal agencies to another critical vulnerability, CVE-2024-21413, in Microsoft Outlook, requiring patches by February 27.