By the CyberWire staff
At a glance.
- US court rules that the FBI’s warrantless FISA searches violated Fourth Amendment.
- The Trump Administration's cyber-related moves.
- CISA and the FBI issue advisory on Ivanti CSA exploit chains.
- Critical SonicWall vulnerability may be under exploitation.
- Education technology company PowerSchool discloses breach.
US court rules that the FBI’s warrantless FISA searches violated Fourth Amendment.
A federal court in New York has ruled that the FBI violated a US resident's Fourth Amendment rights by using communications collected under Section 702 of the Foreign Intelligence Surveillance Act (FISA) as evidence to prosecute him, Ars Technica reports. FISA authorizes the warrantless gathering of communications data from non-US residents outside the United States, but often involves incidental collection of US residents' conversations. The government's use of these communications has been a major point of controversy, with digital rights groups like the EFF and ACLU asserting that the law has led to widespread privacy violations.
Federal district Judge LaShann DeArcy Hall, in a decision made last month and unsealed this week, agreed with an appeals court ruling that "the government cannot circumvent application of the warrant requirement simply because queried information is already collected and held by the government." DeArcy Hall wrote. "To hold otherwise would effectively allow law enforcement to amass a repository of communications under Section 702, including those of US persons that can later be searched on demand without limitation. While communications of US persons may nonetheless be intercepted, incidentally or inadvertently, it would be paradoxical to permit warrantless searches of the same information that Section 702 is specifically designed to avoid collecting." The ruling stops short of banning all warrantless searches but emphasizes the need for tighter controls.
The case in question involved Albanian citizen and US resident Agron Hasbajrami, who was arrested at JFK airport in New York in 2011 and convicted of attempting to provide material support to terrorists. The Register notes that DeArcy Hall denied a request to suppress the evidence in this case for separate reasons, so Hasbajrami will remain in prison.
Elevate your Cybersecurity Posture with ‘Visible Ops’: Insights from Experts
Order your copy of VisibleOps Cybersecurity now to unlock essential strategies for combating advanced threats. This comprehensive guide offers actionable frameworks, proven methodologies, and insights to help you build a resilient cybersecurity culture within your organization. Designed for leaders and teams alike, it equips you with the knowledge to drive operational excellence to both proactively guard and stay ahead of emerging cybersecurity risks. Strengthen your defenses and lead with confidence. VisibleOps Cybersecurity, available at Amazon.
The Trump Administration's cyber-related moves.
US President Donald Trump has revoked a 2023 Biden executive order that required AI companies to share the results of safety tests with the US government if their systems potentially posed risks to national security, Reuters reports. Critics of the order, including the Chamber of Commerce and several major tech industry groups, had argued that the law would hinder private sector innovation, FedScoop notes.
Trump also signed an executive order extending the deadline for TikTok to remain active in the United States, mentioning that he might pursue a deal in which the US gets fifty percent of the company, BleepingComputer reports. TikTok briefly shut down in the US late Saturday night before returning online on Sunday.
Additionally, President Trump fired all advisory committee members within the Department of Homeland Security, including the members of the Cybersecurity and Infrastructure Security Agency's (CISA's) Cyber Safety Review Board (CSRB), Dark Reading reports. Acting Secretary of the Department of Homeland Security Benjamine C. Huffman said in a brief letter to advisory committee members, "Future committee activities will be focused solely on advancing our critical mission to protect the homeland and support DHS's strategic priorities." The letter added that the dismissed committee members are welcome to reapply to the DHS in the future.
Finally, the president issued a full and unconditional pardon for Ross Ulbricht, founder of the dark web marketplace Silk Road, the BBC reports. Ulbricht was sentenced to life in prison in 2015 for charges including conspiracy to commit drug trafficking, money laundering, and computer hacking. Between 2011 and 2013, Silk Road was used by more than 100,000 people to buy and sell over $200 million worth of drugs and other illegal services, Reuters notes. The Libertarian Party in the US maintains that Ulbricht's imprisonment was an example of government overreach, and Trump announced plans to commute his sentence at the Libertarian National Convention last year.
CISA and the FBI issue advisory on Ivanti CSA exploit chains.
The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint advisory outlining two exploit chains used by threat actors to compromise Ivanti Cloud Service Appliances (CSAs), SecurityWeek reports. The advisory states, "According to CISA and trusted third-party incident response data, threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials, and implant webshells on victim networks. The actors’ primary exploit paths were two vulnerability chains. One exploit chain leveraged CVE-2024-8963 in conjunction with CVE-2024-8190 and CVE-2024-9380 and the other exploited CVE-2024-8963 and CVE-2024-9379."
All of the flaws affect Ivanti CSA 4.6x versions before 519, and CVE-2024-9379 and CVE-2024-9380 affect CSA versions 5.0.1 and below. Ivanti CSA 4.6 is end-of-life, and the agencies "strongly encourage network administrators to upgrade to the latest supported version of Ivanti CSA."
Critical SonicWall vulnerability may be under exploitation.
SonicWall has disclosed a critical remote code execution vulnerability (CVE-2025-23006) affecting its Secure Mobile Access (SMA) 1000 series products. The company warns that the flaw may be under active exploitation, and strongly advises users to upgrade to the hotfix release version of the SMA1000 product. SonicWall added, "To minimize the potential impact of the vulnerability, please ensure that you restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC)." The flaw has been assigned a CVSS score of 9.8.
Education technology company discloses breach.
US-based education technology company PowerSchool is notifying students and educators that their personal information was accessed during a December 2024 data breach, SecurityWeek reports. The incident involved PowerSchool's Student Information System (SIS) environments, which were accessed through its customer support portal. The breach involved "names, contact details, dates of birth, medical information, [and] Social Security numbers," although the types of compromised information vary from person to person.
PowerSchool hasn't shared how many customers were impacted, but SecurityWeek notes that many schools across the US and Canada have confirmed they were affected. The hacker who allegedly breached the platform claims to have stolen data belonging to 62.4 million students and 9.5 million teachers, BleepingComputer reports.
Crime and punishment.
Conor Brian Fitzpatrick, the 21-year-old founder of BreachForums, will be resentenced after a Federal appeals court ruled that his previous sentencing was too light, HackRead reports. Fitzpatrick had received a 17-day time-served term of imprisonment, with the district court citing his autism spectrum disorder and young age. The Fourth Circuit Court of Appeals deemed this sentence "substantively unreasonable," stating, "The district court failed to impose a sentence that accounted for the severity of Fitzpatrick’s offenses, the need to punish and provide respect for the law, the need to adequately deter criminal conduct, and the need to protect the public from further crimes."
The US Justice Department has indicted five people for their alleged involvement in a scheme that allowed North Korean nationals to gain employment with at least 64 US companies, SecurityWeek reports. North Korean nationals Jin Sung-Il and Pak Jin-Song, US citizens Erick Ntekereze Prince and Emanuel Ashtor, and Mexican national Pedro Ernesto Alonso De Los Reyes allegedly generated over $866,000 between 2018 and 2014.
The DOJ alleges, "[T]he defendants used forged and stolen identity documents, including U.S. passports containing the stolen personally identifiable information of a U.S. person, to conceal the true identities of Jin, Pak, and other North Korean co-conspirators, so that these North Korean nationals could circumvent sanctions and other laws to obtain employment with U.S. companies. Ntekereze and Ashtor received laptops from U.S. company employers at their residences, downloading and installing remote access software on them, without authorization, to facilitate IT worker access and to perpetuate the deception of U.S. companies. The defendants further conspired to launder payments for the remote IT work through a variety of accounts designed to promote the scheme and conceal its proceeds."
Courts and torts.
Texas Attorney General Ken Paxton has sent letters to Ford, Hyundai Motor America, Toyota Motor North America, and Fiat Chrysler Automobiles U.S., demanding information about how they collect, share, and sell consumer data, the Record reports. Paxton filed a lawsuit against General Motors in August, alleging that the automaker pushed drivers to enroll in programs that collected their data, then sold that data to insurance companies.
Paxton also sued Allstate earlier this month, accusing the insurance giant of violating the Texas Data Privacy and Security Act (TDPSA) by collecting and selling drivers' cell phone location and movement data.