Posted inCybersecurity News Bytes

SparTech Software – Cybersecurity News Bytes (July 22, 2025 10:41 AM)

No CommentsPosted inCybersecurity News Bytes

Cybersecurity News – July 22, 2025

Table of Contents

  • Cisco ISE Vulnerabilities Under Active Exploitation
  • Apache Jena Vulnerabilities Expose Sensitive File Access
  • TekStream Launches Whole-of-State Cybersecurity Framework
  • NTT DATA to Debut Three Open-Source Security Tools at Black Hat USA 2025

Cisco ISE Vulnerabilities Under Active Exploitation

Critical Flaws Open Door to Network Compromise

On July 22, 2025, Cisco publicly confirmed active exploitation of multiple critical vulnerabilities in its Identity Services Engine (ISE) and Passive Identity Connector. These flaws are rated CVSS 10.0—indicating the highest level of severity—and enable unauthenticated, remote attackers to execute arbitrary system commands with root privileges.

Technical Details

The vulnerabilities include:

  • CVE-2025-20281 and CVE-2025-20337: Multiple flaws in specific APIs allow unauthenticated remote code execution as root on the underlying OS.
  • CVE-2025-20282: An internal API flaw enables unauthenticated attackers to upload and execute arbitrary files as root.

Impact and Exploitation

Cisco has not specified which vulnerability is seeing exploitation, nor details on the attackers. However, exploitation at the ISE layer threatens the core of enterprise network access control. A successful breach could permit unrestricted lateral movement, bypass authentication, disable security monitoring, and facilitate data exfiltration or supply chain infections.

Mitigation

Cisco urges immediate application of provided security patches and review of access controls around ISE and any related integrations. As attackers are currently targeting these vulnerabilities in the wild, organizations using ISE should treat this as a critical incident.

Apache Jena Vulnerabilities Expose Sensitive File Access

Two Recently Disclosed Flaws Risk Data Leakage

On July 21, 2025, two important-severity vulnerabilities in Apache Jena were announced, affecting systems where administrative access has been granted.

Technical Specifics

  • CVE-2025-49656: Exploitable by users with administrative access, this vulnerability allows arbitrary file access within the context of the Jena application, leading to potential leakage of configuration and data files.
  • CVE-2025-50151: This flaw enables a similarly privileged attacker to tamper with internal file structures, elevating risks of privilege escalation and persistent compromise through file manipulation.

Attack Path and Mitigation

These vulnerabilities require attackers to have administrative-level access on the Jena instance. Once exploited, an attacker can potentially access sensitive configuration, authentication secrets, or inject malicious payloads via file replacement or tampering. Patch deployment and review of administrative account assignments are recommended to minimize exposure.

TekStream Launches Whole-of-State Cybersecurity Framework

Integrated Public Sector Security at AWS Imagine 2025

TekStream announced the launch of its whole-of-state cybersecurity framework at AWS Imagine 2025, highlighting a model that coordinates governance, risk management, and incident response across public sector organizations. The framework centralizes security operations, enabling standardized threat detection, greater information sharing, and collaborative defense.

Technical Approach and Workforce Integration

  • Central security operations center (SOC) supports continuity in monitoring and response for multiple agencies.
  • Scalable, sustainable cybersecurity programs achieved through a blend of automation and skilled personnel.
  • Partnership with Louisiana State University employs a “student-powered SOC,” providing live workforce development and supporting 38 higher education institutions with managed security services since 2023.

Strategic Objectives

By standardizing on a single operational framework, public entities can maximize efficiency, reduce costs, and defend critical infrastructure more efficiently, aligning academic workforce development with real-world security operations.

NTT DATA to Debut Three Open-Source Security Tools at Black Hat USA 2025

AI-Driven Advances in Threat Detection and Response

NTT DATA Group will present three innovative open-source cybersecurity tools at Black Hat USA 2025. The selected tools are designed to accelerate and refine detection of real-world cyberattacks, several of which leverage large language models (LLMs) for advanced analytics and automation.

Overview of Open-Source Tools

Tool Main Capability Technical Highlights
SigmaOptimizer AI-based optimization of Sigma detection rules Uses LLMs to analyze, refactor, and fine-tune detection logic for modern SOC environments.
Hayabusa Cloud threat detection and analytics High-performance parsing and analysis of large-scale cloud telemetry to surface attacker behaviors in hybrid environments.
Suzaku Visualization and correlation of attack paths Graph-based analysis to track lateral movement and privilege escalation paths based on log and alert data.

Community Collaboration and Impact

These tools are intended to improve the speed and precision of threat analyst workflows, expand accessibility of advanced security analytics to the wider security community, and foster ongoing innovation through transparent, open-source development.

Tags:

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply