CISO Talk by James Azar
CyberHub Podcast
Another Ivanti Zero Day, Russian ISP Network Destroyed, Green Bay Packers Store Hacked, CyberHaven Breach Details with Jamie Blasco
0:00
Current time: 0:00 / Total time: -21:38
-21:38

Another Ivanti Zero Day, Russian ISP Network Destroyed, Green Bay Packers Store Hacked, CyberHaven Breach Details with Jamie Blasco

Breaking Down the Latest Cybersecurity Threats and Mitigation Strategies with another Ivanti Zeroday, Japan links China to cyberattacks and more

It’s Thursday morning, and we’re already nine days into 2025! A lot has been happening in the cybersecurity world, and today’s episode is packed with crucial updates and actionable insights. Let’s dive right into it.

Another Ivanti Zero-Day Vulnerability — The Never-Ending Saga

Ivanti is back in the spotlight with yet another zero-day vulnerability. This time, attackers have exploited a critical stack-based buffer overflow bug in the Ivanti Connect Secure platform. The flaw, tracked as CVE-2025-0282, impacts several versions of Ivanti’s products, including:

  • Ivanti Connect Secure (pre-version 22.7R2.5)

  • Ivanti Policy Secure (pre-version 22.7R1.2)

  • Ivanti Neurons for Zero Trust Gateways (ZTA version 22.7R2.3)

This vulnerability allows unauthenticated attackers to remotely execute code on devices, putting users at significant risk. Ivanti has confirmed that some customers have already been exploited, though they claim it’s a “limited number.”

The patch for this vulnerability won’t be available until January 21. Until then, organizations are urged to implement mitigations or, better yet, completely remove Ivanti products from their environments.

Actionable Insight: If you’re still using Ivanti products, it might be time to reconsider. The best course of action? Take the devices out back and smash them with a hammer (metaphorically, of course).

Palo Alto Patches Vulnerabilities in Expedition Migration Tool

Palo Alto Networks has issued patches for multiple vulnerabilities in their Expedition Migration Tool, which officially retired on December 31, 2024. Despite its retirement, the tool still has vulnerabilities that need addressing, including:

  • CVE-2025-0103

If your organization still uses the Expedition Tool to migrate firewall policies, ensure it’s patched immediately.

SonicWall Urges Firewall Firmware Updates

SonicWall is alerting customers to update their SonicOS firmware to patch an authentication bypass vulnerability. The flaw affects SSL VPN and SSH management and has been actively exploited.

The vulnerability, tracked as CVE-2024-53704, has a CVSS rating of 8.2 and impacts multiple generations of SonicWall firewalls. SonicWall urges customers to patch immediately to prevent exploitation.

Key Takeaway: If your firewall is vulnerable, patch it immediately or risk becoming an easy target for attackers.

Thanks for reading CISO Talk by James Azar! This post is public so feel free to share it.

Share

Green Bay Packers' Pro Shop Hit by Payment Skimming Attack

The Green Bay Packers Pro Shop website fell victim to a payment skimming attack, affecting over 8,500 fans. The attack involved injecting a malicious script that harvested payment data from customers.

The attack leveraged a JSNOP callback and YouTube’s OEmbed feature to bypass content security policies, highlighting how sophisticated skimming attacks have become.

What to Do: If you’ve shopped at the Packers’ Pro Shop recently, check your bank statements for suspicious transactions.

Ukrainian Hacktivists Take Down Russian ISP NoDocs

The Ukrainian Cyber Alliance has claimed responsibility for completely taking down St. Petersburg-based ISP NoDocs. The hacktivist group wiped the ISP’s systems and stole sensitive documents before making the network go dark.

NoDocs has confirmed the attack and is working to restore services. The incident marks an escalation in cyber activities tied to the Russia-Ukraine conflict.

Implications: This attack highlights the ongoing cyberwarfare between Ukraine and Russia and the potential impact on critical infrastructure.

Japan Links Cyber Attacks to Chinese Group Mirror Face

Japan has publicly accused a Chinese hacking group known as Mirror Face of carrying out over 200 cyber attacks targeting national security and high-tech data. The attacks focused on government agencies, politicians, and advanced technology sectors like aerospace and semiconductors.

Japan is urging organizations to bolster their defenses and has shared TTPs and IOCs to help prevent further attacks.

Action Item: Organizations in high-tech sectors should review their security measures and ensure their VPNs are secure to prevent unauthorized access.

Special Segment: CyberHaven Breach — Interview with Jaime Belasco

Jaime Belasco, CTO and co-founder of Nudge Security, joined the show to discuss the recent CyberHaven breach. The incident occurred on Christmas Day when a malicious update to CyberHaven’s Chrome extension led to the compromise of cookies and credentials, primarily targeting Facebook Business accounts.

The breach originated from a spear-phishing attack that tricked a developer into granting the attacker access to modify the Chrome extension. The malicious update collected sensitive data from users’ browsers.

Key Points from Jaime Belasco:

  • Companies must have visibility into all browser extensions used across their environments.

  • Implementing risk scoring systems for browser extensions can help identify malicious updates.

  • Organizations should treat security vendors with the same level of scrutiny as any other vendor.

All CyberHub Podcast community members can get a free 14-day trial of their solution for securing SaaS and genAI at https://www.nudgesecurity.com/cyberhub

Cyber Command Overhaul Approved by Secretary Austin

Outgoing Secretary of Defense Lloyd Austin has approved a significant overhaul of U.S. Cyber Command, just weeks before leaving office. The move comes as lawmakers are considering creating a new branch of the military focused solely on cyber operations.

The proposed “Cyber Force” would become the seventh branch of the military, joining the Army, Navy, Marine Corps, Air Force, Coast Guard, and Space Force.

With a new administration set to take office soon, it remains to be seen how these changes will be implemented. Pete Hegseth, the likely incoming Secretary of Defense, has expressed strong views on cybersecurity and national security priorities.

Action List for Cybersecurity Practitioners:

  1. Patch Avanti Products or Remove Them Entirely: Don’t wait for January 21. Implement mitigations or phase out Avanti products.

  2. Update SonicWall and Palo Alto Devices: Ensure your firewall and migration tools are up to date.

  3. Check Bank Statements: If you or your employees have used the Packers Pro Shop website, verify there are no unauthorized charges.

  4. Review Browser Extension Policies: Ensure your organization has visibility into all browser extensions and can quickly respond to incidents.

  5. Strengthen VPN Security: Protect your organization from unauthorized access by securing VPN endpoints.

  6. Stay Informed on Geopolitical Cyber Threats: Monitor the evolving cyberwarfare landscape, especially nation-state attacks.

That’s a wrap for today’s CyberHub Podcast Summary. We’ll be back Monday at 9 AM Eastern with more insights and updates. Until then, stay safe and secure, folks!

Coffee Cup Cheers 🍵

Connect with us on social media and subscribe to our podcast on your favorite platform!

Leave a comment

✅ Story Links:

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-connect-secure-flaw-used-in-zero-day-attacks/

https://www.securityweek.com/palo-alto-networks-patches-high-severity-vulnerability-in-retired-migration-tool/

https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-exploitable-sslvpn-bug-immediately/

https://www.darkreading.com/cyberattacks-data-breaches/green-bay-packers-online-pro-shop-payment-skimmer

https://www.bleepingcomputer.com/news/security/russian-isp-confirms-ukrainian-hackers-destroyed-its-network/

https://www.securityweek.com/japan-links-chinese-hacker-mirrorface-to-dozens-of-cyberattacks-targeting-security-and-tech-data/

https://therecord.media/cyber-command-overhaul-secdef-approval

https://therecord.media/lawmakers-expected-to-push-for-cyber-force-study

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

👉Listen here: https://linktr.ee/cyberhubpodcast

Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.

Discussion about this podcast

CISO Talk by James Azar
CyberHub Podcast
Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines and how these stories help keep practitioners sharp and ready.