Palo Alto Networks Firewall Bug Exploited, Power Pages Patch, Ivanti EPM Exploit, New DoD CISO, Ghost Ransomware & Some uncyber news

CyberHub Podcast

1×

0:00

Current time: 0:00 / Total time: -22:45

-22:45

Palo Alto Networks Firewall Bug Exploited, Power Pages Patch, Ivanti EPM Exploit, New DoD CISO, Ghost Ransomware & Some uncyber news

My heart is broken this morning, while we cover cyber news, my heart is with my tribe as we mourn the murder of the Bibas Family by Hamas, & Critical Security Patches to Geopolitical Realities

James Azar

Feb 20, 2025

Transcript

In this Thursday, February 2025, edition of the CyberHub Podcast, host James Azar returns to the studio to deliver an extensive update on pressing cybersecurity headlines—ranging from newly disclosed vulnerabilities in Palo Alto’s PAN-OS to the ongoing Ghost ransomware campaign.

He then concludes with personal reflections on the tragic events unfolding in Gaza, highlighting the emotional impact of hostage situations and urging compassion and understanding.

Palo Alto Vulnerabilities Under Active Exploitation

Palo Alto Networks issued a warning on a file-read vulnerability, CVE-2025-0111, which is being chained with two additional flaws (CVE-2025-0108 and CVE-2024-9474) in active attacks. When combined, these three vulnerabilities allow threat actors to bypass authentication and gain root-level privileges on unpatched PAN-OS firewalls. GreyNoise has identified multiple IP addresses scanning for these flaws, indicating a swift rise in exploitation attempts. Security researchers estimate that roughly 65% of 2,200 publicly accessible devices remain vulnerable, primarily located in the U.S., India, Thailand, China, and Mexico. U.S. federal agencies have until March 11 to apply patches, and organizations are urged to coordinate with Palo Alto Networks or escalate support requests if patching complexities arise.

Microsoft PowerPages Vulnerability

Microsoft announced a patch for a critical access control flaw (CVE-2025-24989) in PowerPages, its low-code platform for building and managing business websites. Attackers exploiting this vulnerability could potentially elevate privileges over a network and bypass user registration controls. Because PowerPages operates as a SaaS (Software as a Service), Microsoft has pushed the fix automatically; nevertheless, customers who notice unusual activity in their PowerPages instances should conduct post-patch investigations to confirm no compromise occurred.

Ivanti Endpoint Manager Flaws and Horizon3 Research

Security firm Horizon3 disclosed technical details and proof-of-concept exploits for four critical Ivanti Endpoint Manager vulnerabilities, all carrying CVSS scores nearing 9.8. These flaws involve path traversal and credential relaying, potentially allowing an attacker to add new machine accounts to a domain and impersonate administrators. Although Ivanti patched the vulnerabilities in January 2025 (after a three-month disclosure period), many organizations may not have applied updates. James Azar underscores Ivanti’s history of critical bugs and suggests organizations consider rip-and-replace strategies if patching remains persistently difficult.

OpenSSH Vulnerabilities Patched

OpenSSH, widely used for secure file transfers and administrative access, patched two noteworthy security issues. One involves a man-in-the-middle exploit (CVE-2025-26465) in the OpenSSH client, potentially allowing attackers to spoof server identities without user interaction, even if DNS records are absent. The second flaw can be exploited with no authentication to trigger a denial of service, consuming CPU and memory resources on both client and server. OpenSSH version 9.9p2 addresses both vulnerabilities, and administrators should upgrade immediately to thwart potential exploits.

NetScaler Council Agent Update

Cloud Software Group released critical updates for NetScaler Council and NetScaler Council Agent, addressing command injection vulnerabilities with a CVSS score of 8.8. Exploits require an authenticated user, but once access is gained, attackers can execute unauthorized commands. James reiterates that identity remains the perimeter—meaning reliable authentication practices and strong privilege management are essential to mitigate risk.

Ghost Ransomware Advisory

A joint advisory from CISA and the FBI warns of Ghost ransomware—also known under various names (e.g., “Cringe,” “Cryptor,” “Hello,” “Rapture”)—which has targeted organizations in over 70 countries since early 2021, including critical infrastructure in healthcare, government, and education. Ghost ransomware frequently rotates its executables and changes file extensions to hinder detection. Defenders are advised to maintain offline backups, patch software (notably Fortinet, ColdFusion, and Exchange), segment networks, and enforce phishing-resistant multi-factor authentication (MFA).

Australian Intelligence Projections

Mike Burgess, Director-General of the Australian Security Intelligence Organisation (ASIO), presented an annual threat assessment highlighting intensified foreign threats aiming to sabotage Australia’s critical infrastructure. Burgess warns of AI-enabled disinformation, cyberattacks against vital utilities, and increased espionage from major powers. James Azar remarks that while disinformation remains a concern, government trust deficits can complicate official narratives. He emphasizes forging robust public-private partnerships and proactive defense measures for critical industries.

DoD Welcomes Back Katie Arrington

Katie Arrington, former Air Force CISO and prominent cybersecurity leader, has returned to the Pentagon. Known for advancing multiple cyber initiatives in her previous service, Arrington’s reappointment hints at renewed energy in the Department of Defense’s cyber efforts, despite overall budgetary constraints. Her experience could prove vital in modernizing older systems and securing future defense technologies.

Beyond Cyber: Reflections on The Brutal Murder of the Bibas Family by Hamas

In the latter part of the episode, James addresses the deeply emotional topic of Israeli hostages, focusing on the Bibas family’s tragic story. Their kidnapping from Israel and subsequent killing in captivity underscores the human cost of ongoing conflicts. James shares personal grief, anger, and frustration over the failure to secure hostages’ release earlier.

Highlighting that many children and elderly were taken, he criticizes international response efforts and calls for accountability. The harrowing details—especially concerning two young Bibas children who died without ever returning home—reinforce the devastating implications of civilian-targeted violence by hamas targeting Jews without any regard.

Action Items List

Patch Vigilantly: Ensure Palo Alto PAN-OS, Ivanti Endpoint Manager, and OpenSSH vulnerabilities are addressed promptly.
Monitor SaaS Platforms: Watch for irregularities in Microsoft PowerPages, especially following the recent critical patch.
Enforce Strong Authentication: Adopt phishing-resistant MFA and monitor privileged account usage closely.
Plan for Ransomware Resilience: Implement offline backups, network segmentation, and active threat detection for Ghost ransomware.
Strengthen Public-Private Partnerships: Coordinate with vendors and government agencies when patching or seeking support.
Focus on Awareness: For cross-border conflicts and hostage situations, stay informed, remain empathetic, and offer support to affected colleagues.

Stay safe out there—both online and off. Remember to apply patches, safeguard identities, and, just as importantly, look out for one another.

Thanks for reading CISO Talk by James Azar! This post is public so feel free to share it.

✅ Story Links:

https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/

https://www.securityweek.com/microsoft-patches-exploited-power-pages-vulnerability/

https://www.securityweek.com/poc-exploit-published-for-critical-ivanti-epm-vulnerabilities/

https://www.securityweek.com/openssh-patches-vulnerabilities-allowing-mitm-dos-attacks/

https://thecyberexpress.com/cve-2024-12284-security-update/

https://www.bleepingcomputer.com/news/security/cisa-and-fbi-ghost-ransomware-breached-orgs-in-70-countries/

https://www.darkreading.com/ics-ot-security/australian-critical-infrastructure-acute-foreign-threats

https://www.bankinfosecurity.com/katie-arrington-returns-to-pentagon-as-dod-ciso-a-27558

https://www.wsj.com/world/middle-east/hamas-turns-handover-of-dead-hostages-into-a-spectacle-d6049540?mod=hp_lead_pos8

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.