Welcome to the latest issue of ONSEC Cyber Daily, your one-stop source for all the major cybersecurity updates. Today, we delve into the alarming details of Ivanti VPN's major vulnerability, as revealed by Mandiant. This critical zero-day vulnerability has been exploited since December 2024, prompting an urgent alert from the Australian Cyber Security Centre (ACSC) to all organizations using Ivanti Connect Secure. In the market update, we highlight Quorum Cyber's strategic acquisition of Kivu for Incident Response, a move that underscores the escalating need for robust cybersecurity measures. We also bring to light the final cyber order by President Biden, aimed at tackling digital weaknesses and fortifying the nation's cybersecurity infrastructure. This comes amid reports of fake exploits for Microsoft vulnerabilities and a data breach affecting over 360,000 at a medical billing company. Our coverage continues with the addition of Mitel and Oracle flaws to the KEV list by CISA, a move that underscores the growing threat of cybercriminals exploiting these vulnerabilities. In the realm of patches and updates, Ivanti has issued a patch for a Connect Secure remote code execution vulnerability, while Google and Samsung have rolled out critical security updates for millions of Android device users. We wrap up with insights into the ongoing exploitation of Ivanti Connect Secure zero-day and the urgent call for emergency patches. Stay tuned for more updates and remember, in the world of cybersecurity, staying informed is your first line of defense.

Exploits Alert

1. Mandiant Unveils Critical Ivanti VPN Vulnerability: Mandiant has disclosed a major zero-day vulnerability in Ivanti Connect Secure VPN appliances. The flaw has been exploited since December 2024 by suspected threat actors. Organizations are urged to patch immediately. Source: SecurityBrief Australia
2. ACSC Advisory Warns of Critical Ivanti Vulnerabilities: The Australian Cyber Security Centre (ACSC) has issued an alert to Australian organizations using Ivanti Connect Secure and Ivanti Policy Secure, warning of critical vulnerabilities. Immediate action is recommended. Source: Australian Cyber Security Magazine
3. Quorum Cyber Acquires Kivu for Incident Response: In a significant market update, Quorum Cyber has acquired Kivu to bolster its incident response capabilities. This move highlights the growing importance of robust cybersecurity measures. Source: MSSP Alert
4. Fake Exploits for Microsoft Vulnerabilities Lure Security Researchers: Cybercriminals are using fake exploits for Microsoft vulnerabilities to trick security researchers. This tactic underscores the need for vigilance and thorough verification of exploit sources. Source: CyberWire
5. CISA Adds Critical Mitel and Oracle Vulnerabilities to Exploited List: The Cybersecurity and Infrastructure Security Agency (CISA) has added critical vulnerabilities in Mitel and Oracle to its exploited list. These bugs, exploited through the Internet Inter-Orb Protocol (IIOP) or T3 protocols, remain attractive targets for cybercriminals. Source: Computing UK

Vulnerabilities & Patches

1. Palo Alto Networks Patches High-Severity SQL Injection Flaw: Palo Alto Networks has addressed multiple vulnerabilities in its retired Expedition migration tool, including a high-severity SQL injection flaw. Users are advised to apply the patches immediately. Source: CyberWire
2. Google Issues Critical Security Warnings for Android Users: Google has issued a two-part security update for millions of Android device users. The update addresses multiple vulnerabilities, including CVE-2024-49747. Users are urged to install the updates promptly. Source: HotHardware
3. Stored Cross-site Scripting in BigId PrivacyPortal: A stored cross-site scripting vulnerability (CVE-2024-44771) has been discovered in BigId PrivacyPortal. A patch has been provided and users are encouraged to update their systems. Source: Appgate
4. SonicWall Patches Authentication Bypass Vulnerabilities: SonicWall has issued patches for authentication bypass vulnerabilities in its firewalls, including CVE-2024-40762. Users are advised to apply the patches immediately. Source: SecurityWeek
5. Microsoft Updates Surface Devices with Security Improvements: Microsoft has released patches for several security vulnerabilities related to Nvidia advisories, including CVE-2024-0117 and CVE-2024-0118, on its Surface devices. Users are urged to install the updates promptly. Source: Neowin

Podcasts

1. AGG Talks: Cross-Border Business Podcast - Episode 24: In this episode, Mike Burke, an AGG Corporate partner, discusses international business practices with Teri Simmons, an AGG Global partner. They focus on preparing employers for the challenges of operating in a global market. Source: JD Supra.
2. CyberWire Daily Podcast: This episode highlights a critical vulnerability discovered in Kerio Control firewall software and the measures taken by Palo Alto Networks to patch multiple vulnerabilities in its retired software. Source: CyberWire.
3. CyberWire Daily Podcast: The Biden administration is finalizing an executive order to strengthen U.S. cybersecurity. This episode also covers the emergency updates released by Ivanti to address a critical vulnerability. Source: CyberWire.
4. The Debrief on Tesla Cybertruck Explosion Investigation: This episode delves into the strange new details emerging from the ongoing investigation into the New Year's Day Tesla Cybertruck explosion in Las Vegas. Source: The Debrief.
5. Project Catalyst: An Economic Development Podcast - Episode 11: Tina and Tom welcome Mike Oatridge, Executive Director of the Alabama Mobility and Power Center (AMP), to discuss the EV industry in Alabama and its economic implications. Source: JD Supra.

Final Words

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We hope you found these updates insightful and helpful in staying ahead of the curve in the ever-evolving world of cybersecurity. Remember, knowledge is power, and sharing this power can make a world of difference. So, don't forget to share this newsletter with your friends and colleagues to keep them in the loop too. In the world of cybersecurity, every day brings new challenges, and every challenge is a story waiting to unfold. So, stay tuned for tomorrow's edition where we'll bring you more stories from the frontlines of cyber defense. Until then, stay safe, stay secure.

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn