CCTR.40.SEP.25

Monday morning cyber coffee read CCTR.40.SEP.25

Microsoft, SentinelOne and Palo Alto Networks have withdrawn from MITRE’s 2025 Engenuity ATT&CK Evaluations for endpoint detection and response (EDR), with Microsoft pulling out in June and the others following in September. According to CrowdStrike, recent administration changes and budget cuts on MITRE and CISA may have encouraged vendors to withdraw.

https://www.infosecurity-magazine.com/news/cyber-vendors-pull-out-mitre/

Cisco confirms active exploitation of multiple vulnerabilities in Secure Firewall Adaptive Security Appliance (5500-X Series) edge systems, with attackers targeting Australian networks.

  • CVE-2025-20333 (Critical): Authenticated RCE via VPN web server.

  • CVE-2025-20363 (Critical): Web services RCE; unauthenticated exploit possible on ASA/FTD, or low-privileged authenticated exploit on IOS/IOS XE/IOS XR.

  • CVE-2025-20362 (Medium): Unauthenticated access to restricted VPN web endpoints.

What now?

  • Apply Cisco’s security updates immediately

  • Limit VPN/web access to trusted sources

  • Watch for suspicious VPN/web activity in logs

https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/multiple-vulnerabilities-affecting-cisco-asa-5500-x-series-devices

https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices

Koi uncovered the first real-world malicious MCP server, hidden in the npm package postmark-mcp. Since version 1.0.16, it has silently exfiltrated emails (including sensitive data) from hundreds of organisations.

This marks a new class of supply chain threat: MCP servers. These extensions, used by AI assistants, operate with broad permissions yet sit outside traditional enterprise security controls:

  • No vendor risk assessments

  • Not included in asset inventories

  • Bypass DLP and email gateways

Audit MCP usage – Identify all MCP servers connected to AI assistants in your environment.

Educate developers – Reinforce that MCP servers can bypass security perimeters and must be treated as critical third-party software.

https://www.koi.security/blog/postmark-mcp-npm-malicious-backdoor-email-theft

Wiz research highlights growing abuse of the Instance Metadata Service (IMDS) , the mechanism in AWS, Azure, and GCP that provides temporary credentials to applications. IMDS exists on every cloud compute instance; if hijacked, attackers can steal credentials and pivot across environments.

Say, an AWS EC2 app retrieves temporary S3 credentials from IMDS. The same path, if intercepted, gives threat actors direct access. Abused for credential theft, lateral movement, and privilege escalation, making IMDS a prime target in modern cloud attacks.

Lock down IMDS – Enforce IMDSv2 in AWS, equivalent secure configs in Azure/GCP.

Restrict access – Ensure only trusted applications and users can query metadata.

Monitor anomalies – Flag unusual IMDS access patterns with threat detection tools.

Harden apps – Validate configurations to prevent privilege escalation through IMDS misuse.

Relevant TTPs to look out

https://www.wiz.io/blog/imds-anomaly-hunting-zero-day

PreviousCCTR.41.OCT.25NextCCTR.39.SEP.25

Last updated