Welcome to your ONSEC Cyber Daily newsletter for October 31st. Today, we're diving into a web of cyber threats and vulnerabilities that are keeping the cybersecurity world on its toes. Fortinet has discovered more malicious IPs linked to a widely exploited zero-day vulnerability, a serious threat that could allow unauthorized access to sensitive files or even complete control of an affected system. Meanwhile, the Cybersecurity and Infrastructure Security Agency (CISA) is offering key updates and guidance on manufacturing software, highlighting a unique type of cyberattack that targets AI systems by "poisoning" data. In the realm of cybersecurity awareness, AVTECH and Room Alert are stepping up their game, offering real-time monitoring and alerts to reduce vulnerabilities. However, Microsoft SharePoint users need to be on high alert as a new vulnerability has been added to CISA's catalog of known exploited vulnerabilities, potentially allowing remote code execution. HC3 has issued an alert on vulnerabilities in certain Oracle products, while Samsung users are facing an impossible deadline - update your phone within 24 hours or stop using it due to a vulnerability in multiple Qualcomm chipsets. In other news, Microsoft is grappling with a new password hack that exploits a Windows Themes zero-day flaw, and LiteSpeed Cache Plugin vulnerability poses a significant risk to WordPress websites. We'll also be touching on some of the latest cybersecurity podcasts, including discussions on building resilience in infrastructure, managing the risk of GenAI tools, and the future of cybersecurity in the changing climate. Stay tuned for these stories and more in today's ONSEC Cyber Daily. Stay safe, stay informed.

Exploits Alert

1. Fortinet Discloses More Malicious IPs Linked to Widely Exploited Zero-Day: Fortinet has disclosed additional indicators of compromise related to a missing authentication for a critical function vulnerability, which is being actively exploited. The company initially reported this vulnerability and has now found more malicious IPs linked to it. Source: Cybersecurity Dive
2. CISA Offers Manufacturing Software Guidance, Key Vulnerability Updates: The National Institute of Standards and Technology (NIST) has published details about a unique type of cyberattack that targets AI systems. Attackers can "poison" data used by these systems, leading to potential vulnerabilities. Source: Manufacturing.net
3. AVTECH and Room Alert Support Cybersecurity Awareness During Cyber Week: AVTECH and Room Alert are supporting cybersecurity awareness by offering real-time monitoring and alerts to ensure system integrity and reduce vulnerabilities. Authenticated firmware updates are a key part of their strategy. Source: Environmental Expert
4. Microsoft SharePoint Vulnerability Allows Remote Code: The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its catalog of known exploited vulnerabilities. This vulnerability affects Microsoft SharePoint and allows for remote code execution. Source: B2B Cyber Security
5. HC3 Issues Alert on Vulnerabilities in Certain Oracle Products: The Health Sector Cybersecurity Coordination Center (HC3) has issued an alert about vulnerabilities in certain Oracle products. Microsoft has also warned of a Russian spear-phishing campaign. Source: American Hospital Association

Vulnerabilities & Patches

1. Samsung's Urgent Update for Qualcomm Chipsets: The US cybersecurity agency, CISA, has added CVE-2024-43047 to its Known Exploited Vulnerability catalog. This vulnerability affects multiple Qualcomm chipsets, and Samsung Galaxy users are urged to update their devices within 24 hours. Source: Forbes
2. New Microsoft Password Hack Uses Windows Themes 0-Day: A new password hack is exploiting a Windows Themes zero-day vulnerability, CVE-2024-38030. Microsoft is currently working on a fix, but in the meantime, a free micropatch is available from 0patch/ACROS Security. Source: Forbes
3. Sophos Patches CVE 2020-12271: Sophos has issued an automatically deployed hotfix to patch CVE 2020-12271, a vulnerability that was being exploited in a series of interlocking attack campaigns. The patch also terminates and removes identified malware. Source: Sophos News
4. LiteSpeed Cache Plugin Vulnerability Poses Risk to WordPress Websites: A significant vulnerability, CVE-2024-28000, has been identified in the LiteSpeed Cache plugin for WordPress. The vulnerability has a CVSS score of 9.8, and a patch has been issued by LiteSpeed to remove the role simulation process. Source: The Hacker News
5. Google Issues Critical Security Update for Chrome: Google has issued a critical security update for Chrome, addressing two serious issues. One of these is an out-of-bounds write vulnerability, CVE-2024-10487. Source: The CyberWire

Podcasts

1. Building resilience: the future of infrastructure in a changing climate: This podcast discusses the importance of building resilience in infrastructure to adapt to the changing climate. It emphasizes the role of cybersecurity in ensuring the safety and sustainability of these infrastructures. Source: Interesting Engineering
2. Month in security with Tony Anscombe – October 2024 edition: Tony Anscombe reviews the major cybersecurity news stories of October 2024, including the role of the Cybersecurity and Infrastructure Security in the US. Source: WeLiveSecurity
3. Consumer Finance Monitor Podcast Episode: State Fair Access and Debanking Laws Bring: This episode discusses federal fair lending and anti-discrimination laws that apply in the consumer lending area. Source: JD Supra
4. Managing the Risk of GenAI Tools - CISO Series: This podcast episode discusses the risks associated with GenAI tools and how to manage them effectively. Source: CISO Series
5. Leadership during a Crisis - CyberWire: This episode provides insights on effective leadership during a crisis, with a focus on security thought leadership. Source: CyberWire

Wisdom from the ONSEC Founders' Vault

A Guide to Resource Discovery for Penetration Testing. This article outlines effective methods used by our team for discovering essential assets like IP addresses, servers, services, and domain names during both preparation and active engagement phases of penetration testing. Source.

Final Words

As we wrap up today's edition of 'ONSEC Cyber Daily', we hope you found the information valuable in staying ahead of the curve in this ever-evolving cyber landscape. Remember, knowledge is power, and sharing this power can make our digital world safer. So, don't keep it to yourself! Share this newsletter with your friends, colleagues, and anyone else who could benefit from staying informed about the latest in cybersecurity. Together, we can build a more secure digital future. Until tomorrow, stay safe and secure!