Security Roundup January 2025

January 2025: DeepSeek AI Causes Privacy and Security Concerns, Trump Administration Reforms CISA, Configs and VPN Credentials for Fortinet Devices Leaked, and More!

DeepSeek AI Causes Privacy and Data Concerns

This month, Chinese artificial intelligence company DeepSeek launched its latest R1 model. The model, which offers advanced reasoning capabilities which can be run on much smaller infrastructure, caused global tech stocks to plummet, with Nvidia’s share price dropping by 18%. DeepSeek’s iOS app also surpassed OpenAI’s ChatGPT to become the most downloaded app on the iOS App Store. However, industry experts quickly started voicing concerns about the model regarding security, privacy, and censorship.

DeepSeek’s privacy policy caused concerns by stating that they collect device information and chat history, which is then stored in the People’s Republic of China – potentially giving the Chinese government access to the data. Data protection regulators across Europe have already started to take action, with the Dutch Autoriteit Persoonsgegevens (AP) announcing an investigation into the AI platform. Other users have taken to social media, posting videos of DeepSeek censoring topics such as the Tiananmen Square massacre in 1989 and giving a very pro-Chinese view on the status of Taiwan.

The security of DeepSeek’s infrastructure has also become a concern. Wiz cyber security researchers identified publicly accessible databases that could allow full control over database operations and access to internal data. DeepSeek fixed the issues after Wiz disclosed them to the organisation.

Trump Administration Seeks CISA Reform

On January 20th, Donald Trump was sworn in as the 47th President of the United States, returning to the White House after a four-year hiatus. The President did not waste time enacting his agenda, signing over 20 executive orders on his first day. President Trump, with the assistance of X owner Elon Musk, has stated he wants to reduce the size of the US bureaucracy and make it more efficient. Musk has been appointed to lead a new Department of Government Efficiency (DOGE).

The US Cybersecurity and Infrastructure Security Agency (CISA) soon came into the firing line of the new administration. Trump’s new Secretary of Homeland Security, Kristi Noem, said during her senate confirmation hearing that it had strayed “far off mission” amid claims that CISA had conspired with social media platforms to censor conservative voices. Since CISA was created in 2018 under Trump’s first term as President, the organisation’s scope has expanded to examine issues such as election security and online misinformation. The new administration wants CISA to focus on protecting the United States’ critical national infrastructure.

Trump has yet to appoint a new director at CISA; in 2020, he fired its then-director, Chris Krebs, after Krebs disputed claims that the 2020 election was rigged.

Configs and VPN Credentials for Fortinet Devices Leaked

Fortinet is an old friend of our monthly security roundup, but this month, the network security company has encountered new woes. Blogger Kevin Beaumont published an article on January 16th stating that a group calling itself ‘Belsen Group’ had leaked 15,474 configuration dumps onto the dark web. The dump includes usernames, passwords, digital certificates, and all firewall rules.

In a post on a hacking forum, a post by Belsen Group says, “At the beginning of the year, and as a positive start for us, and in order to solidify the name of our group in your memory, we are proud to announce our first official operation: Will be published of sensitive data from over 15,000 targets worldwide (both governmental and private sectors) that have been hacked and their data extracted.”

The breached data is believed to be linked to CVE-2022-40684, a vulnerability identified in October 2022. This vulnerability is an authentication bypass flaw that enabled remote access to several Fortinet appliances, including firewalls and web proxies. A GitHub post by Amram Englander provides a raw list of IP addresses that have been breached.

Some of This Month’s Other Vulnerabilities

Microsoft Patch Tuesday

As reported by our partners at CrowdStrike, Microsoft’s January 2025 Patch Tuesday includes security updates addressing 159 vulnerabilities. This batch features 10 classified as Critical and eight zero-day flaws, impacting components such as Windows Hyper-V NT Kernel Integration VSP, Microsoft Access, Windows App Package Installer, and Windows Themes.

SonicWall SMA

SonicWall has advised on a critical vulnerability, CVE-2025-23006, which impacts SonicWall’s Secure Mobile Access (SMA) 1000 series appliances. The pre-authentication deserialisation flaw affects the Appliance Management Console (AMC) and Central Management Console (CMC), potentially allowing remote, unauthenticated attackers to execute arbitrary operating system commands. SonicWall has confirmed active exploitation of this zero-day vulnerability in the wild. It is recommended that the affected devices be patched to firmware version 12.4.3-02854 or later to mitigate the risks. Additionally, administrators should restrict access to the AMC and CMC interfaces to trusted sources only.

Cisco ClamAV

A medium-severity vulnerability, tracked as CVE-2025-20128, has been discovered in ClamAV’s Object Linking and Embedding 2 (OLE2) decryption routine. This flaw arises from an integer underflow during bounds checking, leading to a heap-based buffer overflow. Remote, unauthenticated attackers can exploit this by submitting specially crafted files containing OLE2 content, causing the ClamAV scanning process to crash and resulting in a denial-of-service (DoS) condition. Cisco has released software updates for affected products, including Secure Endpoint Connectors for Linux, Mac, and Windows, to address this issue.

2025 is off with a bang!