CyberWeekly 11' Jan | Issue #17
US Cyber Trust Mark, medical data leak, Ivanti zero-days, vulnerability patches, Palo Alto Networks, EoL tools, SonicWall vulnerabilities, education data breach, PowerSchool hack, SSLVPN flaws.
TL;DR
The US Cyber Trust Mark launches to certify IoT device security, while delayed notifications from Medusind and PowerSchool breaches highlight ongoing data protection issues. Critical vulnerabilities in Ivanti, SonicWall, and Palo Alto tools prompt urgent patches and updates, underscoring the need for stronger cybersecurity measures and faster threat responses.
US Cyber Trust Mark Program Goes Live
The US Cyber Trust Mark Program, greenlit by the FCC in March 2024, officially launched this week. Think of it as the Energy Star for cybersecurity: IoT devices can now earn a Cyber Trust Mark if they meet rigorous NIST cybersecurity standards. These include strong default passwords, incident detection, and robust software update protocols. A QR code on the label will direct consumers to detailed security info.
The program, backed by 11 accredited cyber security labeling administrators, is expected to set a new baseline for secure IoT products. Anne Neuberger, Deputy National Security Director, anticipates the Trust Mark becoming a requirement for government tech procurement, with broader consumer adoption on the horizon. Critics, however, caution that similar efforts in the past suffered from lax enforcement and steep compliance costs.
Big picture: The label’s success hinges on government and market commitment. As with past programs, enforcement could make or break its impact.
Medical Billing Firm Takes a Year to Notify of Data Breach
Medusind, a medical billing firm, revealed that a December 2023 data breach compromised the sensitive information of over 360,000 individuals. The exposed data includes Social Security numbers, medical histories, and even payment account details. A year after detection, the company is just now notifying victims.
Critics are slamming the delayed response, which left affected individuals vulnerable to identity theft. Experts urge consumers to take proactive steps, such as monitoring credit, enabling MFA, and staying alert for phishing attempts. Meanwhile, the breach has reignited discussions on regulatory timelines for breach disclosures.
Zoom out: With healthcare data breaches on the rise, organizations must reevaluate data retention policies and invest in robust cybersecurity measures.
Ivanti Zero-Days Demand Urgent Action
Ivanti's Connect Secure VPN and related products face two actively exploited zero-day vulnerabilities (CVE-2025-0282 and CVE-2025-0283), one of which scored a critical 9.0 CVSS rating. Attackers can exploit these stack-based buffer overflows for arbitrary code execution or privilege escalation.
Mandiant has linked some attacks to Chinese threat actors, with exploitation suspected since December 2024. Ivanti urges immediate updates to affected products or, for the most critical cases, a factory reset. A patch for Policy Secure and ZTA Gateways is set for January 21, and security experts advise taking these devices offline until updates are available.
Bottom line: With these devices widely used by governments and enterprises, swift action is crucial to avoid widespread fallout.
Palo Alto Networks Patches EoL Tool Despite Vulnerabilities
Palo Alto Networks has issued updates for its now-end-of-life (EoL) Expedition migration tool after identifying five vulnerabilities. These include a critical SQL injection flaw (CVE-2025-0103) that could expose database contents and allow arbitrary file creation. Although Expedition reached EoL on December 31, 2024, Palo Alto prioritized releasing fixes before ceasing support entirely.
Organizations still using Expedition are advised to apply updates, restrict access, and transition to alternative tools. Palo Alto’s decision to patch despite EoL highlights their acknowledgment of the tool's widespread use in critical network migrations.
Takeaway: While the company deserves credit for the updates, users must move swiftly to decommission unsupported tools to mitigate long-term risks.
SonicWall Updates: Patch or Face the Music
SonicWall has addressed four critical vulnerabilities affecting its SSLVPN, SonicOS, and SSH interfaces. The flaws include improper authentication (CVE-2024-53704) and cryptographic weaknesses (CVE-2024-40762), both of which could enable attackers to bypass authentication mechanisms.
SonicWall advises limiting interface access to trusted sources or disabling vulnerable protocols entirely. Admins are urged to apply patches immediately and review their remote access security strategies.
Zoom out: With firewall vulnerabilities regularly targeted, prioritizing secure configurations and rapid patching is key to maintaining perimeter defenses.
PowerSchool Breach: Data of 50M at Risk
Edtech giant PowerSchool disclosed that attackers accessed its School Information System (SIS) in late December 2024, stealing sensitive data of students, parents, and teachers. Exposed details include Social Security numbers, grades, and medical information. While PowerSchool claims no malware remains and that stolen data has been deleted, the company admitted to paying cybercriminals to prevent dissemination.
Critics have raised questions about PowerSchool’s data protection practices and its response to the breach. The incident also compounds existing scrutiny, as the company faces ongoing litigation over alleged unauthorized data sales.
What’s next: Expect increased pressure for stronger data privacy and breach response protocols in the education sector.
Liked this post or want to chat about cybersecurity? Have suggestions? Reach out to the
Sponsored
Learning how the function prologue works is the first step to understanding calling conventions. Think of the prologue as a routine that preps the system for the task ahead ensuring that once the function is called everything operates seamlessly. Well also explore different calling conventions cdecl stdcall & fastcall each with its unique mechanism for managing arguments & maintaining system stability
Without the community partners, hacklido wouldn't be where it is now, So we would like to thank them.
If you wish to Sponsor / Partner with hacklido and get benefitted? Reach out to us via email@hacklido.com / discord / telegram group / Author’s LinkedIn to discuss with us!