Laatste Verhalen

Blijf op de hoogte van alles bij Approach

Blog article

Weekly Digest Week 16 – 2025

Publicatiedatum

18.04.2025

Featured Story

CISA extends CVE program contract with MITRE for 11 months amid alarm over potential lapse

 

The MITRE Corporation will continue operating the CVE program for at least another 11 months after CISA extended the contract to avoid a lapse in critical CVE services. The move follows warnings about a possible shutdown and a push toward multi-stakeholder control via the CVE Foundation and the EUVD initiative.

SOC Analysis: The short-term contract extension ensures continuity, but long-term dependency on a single sponsor remains a risk. The creation of the CVE Foundation and the EUVD initiative reflect a necessary shift toward global, multi-stakeholder vulnerability coordination critical for maintaining trust, resilience, and independence in the vulnerability management ecosystem.

Other Stories

Over 16,000 Fortinet devices compromised with symlink backdoor

More than 16,000 internet-facing Fortinet devices were compromised using a symlink backdoor that remained even after patching. Attackers exploited zero-days and used symbolic links to gain persistent access to systems, evading detection.

SOC Analysis: This case demonstrates how persistence mechanisms can outlast vulnerability patching, highlighting the need for full compromise assessments. Even patched systems can remain at risk if post-exploitation changes aren’t identified and addressed.

Apple Quashes Two Zero-Days With iOS, MacOS Patches

Apple has patched two zero-day vulnerabilities in CoreAudio and RPAC that were used in targeted attacks. These flaws allowed attackers to execute arbitrary code and bypass pointer authentication. The patches were issued urgently outside the regular update cycle.

SOC Analysis: These zero-days underscore the continued focus of advanced threat actors on iOS, likely for targeted surveillance. Despite limited exploitation, organizations should apply these patches urgently, particularly for high-risk users.

Payment settlement: beware of fraudulent emails

Phishing emails are circulating, falsely claiming to be from FPS Finance and requesting a €42 payment for the 2024 tax year. The messages appear official but are sent by fraudsters using non-official email addresses and urgent language to prompt action.

SOC Analysis: Attackers exploit tax season to impersonate official entities like FPS Finance and lure users into fraudulent payments. Always verify financial communications via secure government platforms like MyMinfin.

ANDERE VERHALEN

Weekly Digest Week 32 – 2025

Weekly Digest Week 30 – 2025

Weekly Digest Week 29 – 2025

Neem contact met ons op voor meer informatie over onze diensten en oplossingen

Ons team helpt je op weg naar cybersereniteit

Stuur je ons liever een e-mail?

info@approach-cyber.com

Facebook-f Linkedin-in Youtube

Onze certificeringen en labels

Facebook-f Linkedin-in Youtube
Facebook-f Linkedin-in Youtube