ONSEC Weekly Cybersecurity Newsletter

Welcome to this week's edition of ONSEC's Cybersecurity Newsletter! Stay informed on the latest exploits, critical vulnerabilities, patches, and podcasts to stay one step ahead in the evolving cybersecurity landscape.

?? Exploits Alert

CISA Alert on CVE-2024-8934: Critical Systems at Risk CISA has issued a critical alert regarding CVE-2024-8934, a vulnerability threatening critical infrastructure systems. Immediate patching is essential to avoid potential exploitation. Source: VPNRanks

SEO Poisoning: A Growing Threat to Internet Users Cybercriminals are manipulating search engine results to elevate malicious sites, leaving users vulnerable to attacks when searching for specific keywords. Source: NDTV

Palo Alto PAN-OS Remote Code Execution Warning Palo Alto Networks has flagged a critical RCE vulnerability in PAN-OS. Cybercriminals could exploit this flaw to gain unauthorized system access. Users must patch immediately. Source: Cybersecurity News

Zero-Day Surge: Federal Authorities Warn Authorities have reported a sharp rise in zero-day exploits, with attackers targeting unknown vulnerabilities in enterprise systems. Businesses are urged to stay vigilant and updated. Source: Consumer Affairs

UK and Allies Highlight Zero-Day Exploit Shift The UK and its international allies have warned of increasing cyberattacks leveraging zero-day vulnerabilities, urging stronger defenses and rapid updates. Source: Wired Gov

?? Vulnerabilities & Patches

Chrome Zero-Day Fixed (CVE-2023-6345) Google has patched a Chrome zero-day vulnerability being actively exploited. Update your browser to the latest version to protect against attacks. Source: IT Security News

Palo Alto PAN-OS Vulnerability Patched CISA urges immediate updates for a critical PAN-OS Expedition Tool vulnerability. This flaw, patched in July, remains a target for cybercriminals. Source: Hackread

Microsoft November Patch Tuesday: 90+ Fixes Microsoft addressed over 90 vulnerabilities, including six zero-days (e.g., CVE-2024-43451). Users should install updates immediately. Source: Bleeping Computer

Dell Enterprise SONiC Multiple Vulnerabilities Dell has patched several vulnerabilities in its SONiC software, including high-risk flaws that could allow attackers to compromise systems. Source: heise online

D-Link Modems Left Unpatched D-Link has announced it will not patch CVE-2024-10914 in 60,000 older modems, leaving users vulnerable to command injection attacks. Consider upgrading to secure devices. Source: TechRadar

?? Top Cybersecurity Podcasts This Week

1. "CISO Series: Prioritizing Data Privacy Before Incidents" Insights into the importance of proactive data privacy measures to mitigate security risks. Source: CISO Series
2. "Advanced Persistent Teenagers: A New Threat?" Episode 354 explores the rise of young, highly skilled cyber attackers and an Okta bug allowing unauthorized logins. Source: SecurityBoulevard
3. "Threat Vector: North Korea’s Cybercrime Evolution" A deep dive into North Korea’s dual threat of cyber espionage and financial crimes. Source: CyberWire
4. "ESET Research: Gamaredon APT Group" ESET researchers unpack the tactics of the Gamaredon group, a persistent cyber threat actor. Source: We Live Security
5. "Smashing Security: Firestick Hacking Risks" This episode highlights unconventional hacking tools like Firesticks and the dangers of emergency data request scams. Source: YouTube

?? Wisdom from the ONSEC Founders' Vault "Lab for Pentesting iOS Applications" A step-by-step guide to setting up a pentesting lab for iOS apps, including tools like Frida, BurpSuite, and the DVIA-v2 application. Source: ONSEC

That’s all for this week! Stay informed, stay vigilant, and enhance your cybersecurity posture with timely updates and strategies.

Need assistance with your cybersecurity? Book a call with ONSEC

Thank you for reading, and see you next week!