Welcome to the latest issue of ONSEC Cyber Daily. Today, we delve into the world of cyber vulnerabilities and the critical need for robust security measures. We kick off with a warning from a minister about the potential risks that cyber vulnerabilities pose to our people and critical infrastructure. In a significant breach, Chinese APT exploited a vulnerability in BeyondTrust to infiltrate U.S. Treasury Systems. Meanwhile, Assam's Morigaon Police have cracked down on a major cybercrime racket, arresting 11 scammers. We also bring you updates on the latest patches and exploits. Windows LDAP vulnerability has gained a POC exploit, and a popular open source vulnerability scanner, Nuclei, was forced to patch a worrying security flaw. A PoC exploit has been released for a critical OpenSSH vulnerability, and a Windows Registry Privilege Escalation Vulnerability PoC has also been released. In the world of WordPress, a plugin vulnerability has exposed 3 million websites to injection attacks. We also bring you the latest from the podcast world. Tune in to the 157th episode of the Healthcare IT Today Podcast for 2025 Healthcare IT Predictions. The latest episode of the Ctrl Alt Lead podcast discusses DORA the Enforcer, and the CISO Series covers Flax Typhoon sanctions, Atos ransomware, and a German airport outage. Stay tuned for more updates and remember, in the world of cybersecurity, staying informed is your first line of defense.

Exploits Alert

1. SmartScreen Defense Bypass: Cybercriminals have discovered a method to circumvent SmartScreen defenses, potentially enabling the distribution of malware. The vulnerability has been around for an average of 85 days. Source: SmartScreen Defense Bypass
2. LDAPNightmare - CVE-2024-49113: A Denial of Service flaw in Windows Lightweight Directory Access Protocol (LDAP), also known as LDAPNightmare, is targeting the Local Security Authority Subsystem Service (LSASS), causing domain controllers to crash and reboot. Source: LDAPNightmare - CVE-2024-49113
3. Minister Downplays PPP's Coalition Exit Warning: The minister emphasized the need for diligent work to ensure the security of people and critical infrastructure, highlighting that cyber vulnerabilities could pose significant risks. Source: Minister Downplays PPP's Coalition Exit Warning
4. Chinese APT Exploits BeyondTrust Vulnerability: A Chinese Advanced Persistent Threat (APT) group has exploited a vulnerability in BeyondTrust to breach U.S. Treasury Systems. Source: Chinese APT Exploits BeyondTrust Vulnerability
5. Assam's Morigaon Police Crack Down on Major Cybercrime Racket: The Morigaon Police in Assam have cracked down on a major cybercrime racket, resulting in the arrest of 11 scammers. Source: Assam's Morigaon Police Crack Down on Major Cybercrime Racket

Vulnerabilities & Patches

1. LDAPNightmare - CVE-2024-49113: This vulnerability targets the Windows Lightweight Directory Access Protocol (LDAP) Denial of Service flaw, causing domain controllers to crash and reboot. The vulnerability is remotely exploitable and has a proof-of-concept exploit released. Source: GovInfoSecurity
2. Nuclei Vulnerability Scanner - CVE-2024-43405: A high severity vulnerability in versions 3.0.0 - 3.3.2 of the popular open source vulnerability scanner Nuclei has been identified. The bug has forced Nuclei to release a patch. Source: TechRadar
3. OpenSSH Vulnerability - CVE-2024-6387: A critical vulnerability, also known as "regreSSHion," has been identified in OpenSSH. A proof-of-concept exploit for this vulnerability has been released. Source: CyberSecurityNews
4. Windows Registry Privilege Escalation Vulnerability: A critical privilege escalation vulnerability affecting Microsoft Windows has been identified. A proof of concept exploit for this vulnerability has been released. Source: GBHackers
5. Wordpress Plugin Vulnerability in UpdraftPlus: A critical vulnerability has been identified in the popular UpdraftPlus: WP Backup & Migration Plugin, potentially impacting over 3 million websites. The vulnerability exposes these websites to injection attacks. Source: GBHackers

Podcasts

1. 2025 Healthcare IT Predictions – Healthcare IT Today Podcast Episode 157: This episode, sponsored by Pure Storage, discusses predictions for the healthcare IT sector for the year 2025. Source: Healthcare IT Today
2. DORA the Enforcer - Ctrl Alt Lead podcast - Computing UK: The latest episode of the Ctrl Alt Lead podcast features a discussion with a legal and AI expert on cybersecurity, European Union regulations, financial services, and law. Source: Computing UK
3. Flax Typhoon sanctions, Atos ransomware, German airport outage - CISO Series: This episode of the Cyber Security Headlines series discusses the Flax Typhoon sanctions, Atos ransomware, and a German airport outage. Source: CISO Series
4. Threat Intelligence Hot Shots Part 3: Episodes 4-13 (Compilation) - Security Boulevard: Episode 4 of Threat Intelligence Hot Shots features a discussion with Sr. Threat Intelligence Analyst, Alex Ryan, about the recent shutdown of a breach. Source: Security Boulevard
5. Cybersecurity Today: Browser Exploits, U.S. Treasury Breach & CrowdStrike's Comeback: This episode of Cyber Security Today discusses browser exploits, a U.S. Treasury breach, and CrowdStrike's comeback. Source: ivoox

Final Words

As we wrap up another edition of ONSEC Cyber Daily, we hope that the information shared today has provided you with valuable insights into the ever-evolving world of cybersecurity. From the political implications of cyber vulnerabilities to the latest exploits and patches, we strive to keep you informed and prepared. Remember, the world of cybersecurity is like a complex puzzle, and each piece, no matter how small, contributes to the bigger picture. Whether it's a minister downplaying a coalition exit warning or a major cybercrime racket being cracked down, every event shapes the landscape of our digital world. We also hope that our podcast recommendations have given you some food for thought and sparked your interest in further exploring the fascinating world of cybersecurity. As we always say, knowledge is power, and sharing this power makes us all stronger. So, if you found today's newsletter helpful, we encourage you to share it with your friends, colleagues, and anyone else who might benefit from staying updated on the latest in cybersecurity. Stay safe, stay informed, and we'll see you in the next edition of ONSEC Cyber Daily. Until then, keep your data secure and your systems patched.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)