Today’s Topics:

• Trump’s Executive Order Halts TikTok Ban, Sparks Legal Debate
• Fortinet Confirms Zero-Day Exploitation, Releases Patches for Critical Vulnerabilities
• How can Netizen help?

Trump’s Executive Order Halts TikTok Ban, Sparks Legal Debate

TikTok restored service to U.S. users on Sunday, just hours after the platform went dark in response to a federal ban. This abrupt shutdown came as President-elect Donald Trump announced his intention to issue an executive order on his first day in office to pause the ban, thereby granting TikTok’s parent company, ByteDance, more time to find an approved buyer for its U.S. operations.

The federal ban, passed with bipartisan support in April, was rooted in national security concerns over TikTok’s connections to China. The law mandated that ByteDance divest its U.S. operations by a specific deadline or face a complete ban, a move seen as a significant escalation in the ongoing scrutiny of Chinese technology companies operating in the U.S. However, the statute also provided a 90-day extension option if a viable sale was underway—a provision that Trump aims to utilize through his executive order.

On his social media platform, Truth Social, Trump emphasized that the order would ensure no penalties for companies that supported keeping TikTok operational during the negotiation period. Despite these assurances, TikTok remained unavailable for download in Apple and Google’s app stores as of Sunday afternoon. Current users could still access the platform, but the uncertainty left many wondering about the app’s long-term availability.

The Supreme Court had recently upheld the ban, adding a layer of complexity to Trump’s proposed intervention. Legal experts have pointed out that while the president has certain executive powers, the judiciary’s ruling may present significant obstacles. Representative Mike Gallagher, the bill’s author, stated that the extension Trump proposed was no longer applicable, stressing that any delay would require concrete evidence of a pending divestiture.

In response to the ban, TikTok issued a message to users thanking them for their support and attributing the platform’s quick restoration to Trump’s efforts. Analysts have described the brief shutdown as a strategic move to highlight the platform’s popularity and the potential backlash against its banning.

ByteDance has consistently resisted selling its U.S. operations, arguing that such a move would not alleviate the national security concerns cited by U.S. lawmakers. Meanwhile, TikTok’s CEO, Shou Chew, is expected to attend Trump’s inauguration, indicating ongoing negotiations between the company and the incoming administration.

Fortinet Confirms Zero-Day Exploitation, Releases Patches for Critical Vulnerabilities

Fortinet has disclosed several critical vulnerabilities, including a zero-day flaw actively exploited since November 2024. The vulnerability, identified as CVE-2024-55591, affects FortiOS and FortiProxy and allows remote attackers to gain super-admin privileges via crafted requests to the Node.js websocket module.

CVE-2024-55591 impacts FortiOS versions 7.0.0 to 7.0.16 and FortiProxy versions 7.0.0 to 7.0.19, with patches available in FortiOS 7.0.17, FortiProxy 7.2.13, and 7.0.20. Fortinet’s advisory provides indicators of compromise (IoCs) to help security teams identify and mitigate potential breaches.

Arctic Wolf, a cybersecurity firm, flagged a campaign targeting FortiGate firewalls exposed on the internet, noting unauthorized administrative logins and SSL VPN exploitation. Fortinet acknowledged receiving a report from Arctic Wolf in mid-December, which led to their investigation confirming the zero-day exploitation.

In addition to CVE-2024-55591, Fortinet addressed CVE-2023-37936, a critical flaw in FortiSwitch, which could allow remote code execution through malicious cryptographic requests. Thirteen advisories were also published for vulnerabilities across FortiManager, FortiAnalyzer, FortiClient, FortiRecorder, FortiSASE, and other products. These vulnerabilities could lead to persistent account access, arbitrary file writing, and denial-of-service (DoS) conditions.

While not all vulnerabilities have been confirmed as exploited, Fortinet stresses the importance of timely patching. Organizations are advised to implement the latest updates to protect against these potential attack vectors and to closely monitor their systems for any signs of compromise.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.