TrustedSec Tech Brief - January 2025
Carlos Perez walks us through several major vulnerabilities and patches from early 2025, including a critical Fortinet FortiGate zero-day vulnerability.
January 21, 2025
Tech Brief
Watch our first Tech Brief for 2025 with Carlos Perez! This security update video covers several major vulnerabilities and patches from early 2025, including:
- A critical Fortinet FortiGate zero-day vulnerability with details about exploitation and mitigation strategies
- Information about a leak of 15,040 FortiGate firewall configurations
- New Ivanti vulnerabilities affecting Connect Secure and other products
- Details about the largest Microsoft Patch Tuesday since 2017, featuring 157 CVEs including 8 zero-days, with special focus on critical Hyper-V vulnerabilities (CVE-2025-21333 and CVE-2025-21334)
References:
- https://www.cisa.gov/news-events/alerts/2025/01/14/cisa-adds-four-known-exploited-vulnerabilities-catalog
- https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day
- https://raw.githubusercontent.com/arsolutioner/fortigate-belsen-leak/refs/heads/main/affected_ips.txt
- https://www.fortiguard.com/psirt/FG-IR-24-535