Litzsey Tech - Client Cybersecurity Newsletter

June 29, 2025

Dear Valued Clients,

We're committed to keeping you informed about the latest in cybersecurity. Here's a summary of recent important updates:

1. CISA Releases New Industrial Control Systems Advisories

The Cybersecurity and Infrastructure Security Agency (CISA) recently released two new advisories on June 26, 2025, concerning Industrial Control Systems (ICS). These advisories provide crucial information on current security issues, vulnerabilities, and exploits affecting ICS. We encourage all organizations to review these advisories for technical details and recommended mitigations.

2. CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. These include:

  • CVE-2024-54085: AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability
  • CVE-2024-0769: D-Link DIR-859 Router Path Traversal Vulnerability
  • CVE-2019-6693: Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
These types of vulnerabilities are common targets for cyberattacks and pose significant risks. While a Binding Operational Directive (BOD 22-01) mandates federal agencies to remediate these, CISA strongly advises all organizations to prioritize addressing KEV Catalog vulnerabilities to reduce their exposure to cyber threats.

3. New Guidance on Reducing Memory-Related Vulnerabilities

CISA, in partnership with the National Security Agency (NSA), released a joint guide on June 24, 2025, focusing on reducing memory-related vulnerabilities in modern software development. Memory safety vulnerabilities are serious risks to national security and critical infrastructure. Adopting memory-safe languages (MSLs) is presented as the most comprehensive way to mitigate these vulnerabilities, as they offer built-in safeguards. This guide highlights challenges and approaches for transitioning to more secure software development practices.

4. CISA Releases Eight Industrial Control Systems Advisories

On June 24, 2025, CISA released eight additional Industrial Control Systems (ICS) advisories. These advisories offer timely information on security issues, vulnerabilities, and exploits related to ICS. Organizations should review these for technical details and mitigation strategies.

5. Texas Enacts Right to Repair Law

Texas recently became the 8th U.S. state to pass a right-to-repair law for consumer electronics, with Governor Greg Abbott signing House Bill 2963 into law on June 20th. This law requires manufacturers to provide spare parts, manuals, and repair tools to consumers and independent repair shops at a fair price. This is a significant step towards reducing electronic waste and empowering consumers to fix their devices. The law, however, does not cover home appliances.

6. The "16 Billion Password Breach" Story is Debunked

An email from Chris Wiser of 7 Figure MSP™ addresses the recent "16 billion password breach" story, stating it is "BS." The email emphasizes that continued hard work in business growth, much like in weightlifting, leads to breakthroughs, even if results aren't immediately visible. Activities like cybersecurity briefings, cold outreach, public speaking, and email newsletters are highlighted as leading indicators of future success.

We hope this summary is helpful. Please reach out if you have any questions or require further assistance with your cybersecurity needs.

Sincerely,

Kenneth Litzsey
Litzsey Tech
--
This is Kenneth Litzsey's card. Their email is kenneth@litzseytech.com. Their phone number is +1 773 977 7960.

Popular Posts