ONSEC Weekly Cybersecurity Newsletter

We hope everyone had a joyful and safe Christmas filled with happiness and time well spent with loved ones! As we close out the year, it's as important as ever to stay informed about the latest cyber threats and vulnerabilities. Dive into this week’s updates to keep your systems secure and ready for the new year.

?? Exploits Alert

1. PKCERT Warns of Windows Vulnerability The National Cyber Emergency Response Team has issued an advisory urging users to update Microsoft Windows to mitigate a critical security vulnerability. Source: ARY News
2. Sophos Firewall Vulnerabilities Unveiled Details of vulnerabilities in Sophos Firewall have been released. Users are advised to update their systems promptly to avoid potential breaches. Source: Information Security Newspaper
3. Adobe ColdFusion Path Traversal Attacks A critical vulnerability (CVE-2024-53961) in Adobe ColdFusion could allow path traversal attacks. Users must apply patches immediately to protect systems. Source: The Cyber Express
4. Cyberattack Disrupts Japan Airlines A cyberattack on Japan Airlines caused delays to over 40 flights, highlighting the increasing impact of cyber incidents on critical infrastructure. Source: The Cyber Express
5. D-Link Routers Exploited by Botnets FICORA and Kaiten botnets are exploiting old vulnerabilities in D-Link routers for global attacks. Regular updates and patching are essential to mitigate these threats. Source: The Hacker News

?? Vulnerabilities & Patches

1. Critical Apache SQL Injection (CVE-2024-45387) Apache Traffic Control has patched a critical SQL injection vulnerability rated 9.9 on the CVSS scale. Immediate action is recommended. Source: Hacker News
2. Palo Alto Networks Firewall Exploitation The critical PAN-OS flaw (CVE-2024-3393) allows unauthenticated DoS attacks. Organizations using Palo Alto firewalls must apply patches without delay. Source: The Hacker News
3. MacOS Login Bypass (CVE-2024-44231) A vulnerability allowing login bypass during a software update has been identified. Apple users should apply the latest updates immediately. Source: CISA
4. Apache MINA Vulnerability (CVE-2024-52046) A maximum severity vulnerability in Apache MINA demands immediate patching to secure scalable network applications. Source: Tech Monitor

?? Top Cybersecurity Podcasts This Week

1. "2024 Healthcare IT Year in Review" A comprehensive look at this year’s major healthcare IT developments and their implications for cybersecurity. Source: Healthcare IT Today
2. "FlowerStorm Hits Microsoft 365" An analysis of the FlowerStorm attack on Microsoft 365 and its impact on cloud security. Source: CISO Series
3. "Digital License Plate Vulnerabilities" A deep dive into text message scams and vulnerabilities in digital license plates. Source: iVoox
4. "ParametricArchitecture and Cybersecurity" A discussion on the intersection of cybersecurity and innovative architecture with ParametricArchitecture’s founder. Source: Interesting Engineering

Bonus from ONSEC:

Top 10 movies about Hackers for this holiday season

As the holiday season continues, we encourage you to take a proactive approach to securing your systems, ensuring a smooth and safe transition into the new year. Wishing you a wonderful holiday season and a secure and prosperous 2025 ahead!

Need expert help? Book a call with us.

Thank you for reading, and see you next week! ???