Cyber Daily 1/30: Tenable Acquires Vulcan, Apple's Urgent iOS Update, Zyxel Zero-Day Exploits, and Cybersecurity Podcast Insights

Welcome to your daily dose of ONSEC Cyber Daily! Today, we're diving into the world of vulnerability management and remediation. Tenable has just acquired Vulcan for a whopping $150M, a move set to enhance its vulnerability remediation platform. This acquisition is a game-changer, as Vulcan's resources help IT teams identify potential hacking tactics that cybercriminals might use to exploit vulnerabilities in their networks. In other news, Apple has released an urgent iOS 18.3 security update to combat cyberthreats due to a flaw. This update addresses vulnerabilities that are being exploited by cybercriminals. Remember, an Apple update a day keeps the hacker away! Meanwhile, the MSSP market is buzzing with BackBox launching its Network Cyber Resilience Platform. This platform is designed to provide vulnerability intelligence, a crucial tool in today's cyber landscape. And speaking of vulnerabilities, Apple's iOS 18.3 fixes a hefty list of 29 vulnerabilities, one of which has already been used in attacks. On the other hand, new vulnerabilities have been disclosed that could enable the theft of sensitive data from web browsers on Apple devices. In government news, the NAO has sounded an alert over government cyber resilience, highlighting key weaknesses in the government's security posture. Lastly, we've got a slew of updates and patches rolling out. From Samsung's January 2025 security patch for the Galaxy A55 to Apple's security updates patching its first zero-day vulnerability of 2025, it's clear that companies are taking cybersecurity seriously. Stay tuned for more updates and remember, stay safe in the cyber world!
Exploits Alert
- Tenable Acquires Vulcan for $150M: Tenable, a cybersecurity company, has acquired its rival Vulcan for $150M to enhance its vulnerability remediation platform. This acquisition will help IT teams identify potential hacking tactics that cybercriminals might use to exploit vulnerabilities in their network. Source: SiliconANGLE
- Transforming Vulnerability Management with Threat Intelligence: A new vision for Managed Security Service Providers (MSSPs) involves transforming vulnerability management with threat intelligence. This approach aims to improve the experience of users, provide social media features, and deliver targeted advertising. Source: MSSP Alert
- Apple Releases Urgent iOS 18.3 Security Update: Apple has released an urgent security update, iOS 18.3, to address vulnerabilities being exploited by cybercriminals. Users are advised to update their devices immediately to protect against these threats. Source: AOL
- BackBox Launches Network Cyber Resilience Platform: BackBox, a cybersecurity company, has launched a new Network Cyber Resilience Platform. This platform aims to provide vulnerability intelligence and improve the resilience of networks against cyber threats. Source: MSSP Alert
- NAO Raises Alert Over Government Cyber Resilience: The National Audit Office (NAO) has raised concerns over the government's cyber resilience. The NAO highlighted key weaknesses in the government's security posture, including at least 228 legacy IT systems that are more vulnerable to cyber threats. Source: UKAuthority
Vulnerabilities & Patches
- January 2025 Security Patch Rolling Out for Samsung Galaxy A55: Samsung has released a security patch for the Galaxy A55, addressing a CVE that was previously resolved in earlier updates. Two other CVEs were found to be not applicable to Samsung devices. Source: PUNE.NEWS
- SimpleHelp RMM Software Leveraged in Exploitation Attempt to Breach Networks: Threat actors are exploiting vulnerabilities in SimpleHelp RMM software, tracked as CVE-2024-57726 and CVE-2024-57727, emphasizing the importance of patch management. Source: AHA
- Microsoft Urges Updates to Outdated Exchange Servers: Microsoft is urging updates to outdated Exchange servers to address vulnerabilities CVE-2023-46805 and CVE-2024-21887, which have been resolved in over 92% of affected Ivanti devices. Source: SC Media
- Patch Coming for Reported Firmware Bugs in Palo Alto Firewalls: Researchers at Horizon3 have disclosed vulnerabilities in Palo Alto firewalls, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, with a patch expected soon. Source: SC Media
- Apple Releases Security Updates to Patch First Zero-Day Vulnerability of 2025: Apple has released critical security updates to address its first zero-day vulnerability of 2025, CVE-2025-24085, which is a security flaw in Apple devices. Source: Mac Observer
Podcasts
- Smashing Security Podcast #402: The episode discusses how hackers themselves got hacked, the IT shutdown at the British Museum, and instances of social media kidnaps. The hosts are Graham Cluley and Carole Theriault. Source: here.
- Taking the Pulse, A Health Care and Life Sciences Video Podcast Episode 221: Heather and Lauren welcome Scott Davis, the Managing Director of Provident Healthcare Partners, to discuss the leading healthcare issues. Source: here.
- The Hardest Problems in Security Aren't "Security Problems" - CISO Series: The episode, sponsored by the Conversant Group, discusses that the most challenging issues in security are not directly related to security. Source: here.
- Simplify your security toolkit: Corey Nachreiner, CISO at WatchGuard, discusses the emerging and developing threats that organizations face and how to simplify their security toolkit. Source: here.
- Cybersecurity podcast: Understanding and managing cyber risks in the private equity sector: Laurie-Anne Ancenys and Michel Tournier discuss understanding and managing cyber risks in the private equity sector. Source: here.
Final Words
And that's a wrap for today's edition of ONSEC Cyber Daily. We've covered some major moves in the cybersecurity industry, urgent security updates, and the latest vulnerabilities that are being exploited. Remember, staying informed is the first step in staying secure. If you found today's newsletter helpful, why not share it with your friends and colleagues? Let's work together to spread awareness and strengthen our defenses against cyber threats. Stay safe, stay updated, and see you in the next edition of ONSEC Cyber Daily.