Welcome to your ONSEC Cyber Daily dose for 11/11. Today, we're diving into a whirlwind of cybersecurity alerts and vulnerabilities that are making waves across the globe. First up, we're looking at the urgent alert issued by CISA regarding the critical vulnerability CVE-2024-8934 threatening our critical systems. This vulnerability has been exploited by known cybercriminal groups, including the notorious 8220 Gang, causing disruptions in credit card systems in Israel and beyond. Next, we're turning our attention to the alarming rise of "SEO poisoning." Cybercriminals are manipulating search engine results to their advantage, leaving unsuspecting users vulnerable to attacks. This trend is gaining traction, with Australia being the latest victim. We're also discussing the urgent cybersecurity alerts issued by PTA regarding a critical vulnerability in Oracle WebLogic Server. This vulnerability is being exploited by cybercriminals, emphasizing the importance of robust security measures. In other news, Palo Alto Networks has issued a warning about a potential remote code execution vulnerability in PAN-OS. Meanwhile, Google has patched an actively exploited Android vulnerability, CVE-2024-43093, highlighting the ongoing battle against cyber threats. Finally, we're wrapping up with a roundup of the latest cybersecurity podcasts. From discussions on 'Advanced Persistent Teenagers' as a new cybersecurity threat to post-WWE Cyber Sunday PPV roundtables, there's plenty to keep you informed and entertained. Stay safe, stay informed, and stay tuned for more updates in tomorrow's edition of ONSEC Cyber Daily.

Exploits Alert

1. CISA Alerts: CVE-2024-8934 Threatens Critical Systems: The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical vulnerability, CVE-2024-8934, that threatens critical systems. The vulnerability could potentially be exploited by cybercriminals to compromise these systems. Source: VPNRanks
2. Typing These 6 Words On Google Could Leave You Vulnerable To Hackers: Cybercriminals are increasingly using a tactic known as "SEO poisoning," manipulating search engine results to elevate their malicious sites. Typing certain keywords could lead users to these compromised sites, leaving them vulnerable to attacks. Source: NDTV
3. CISA Warns of CVE-2024-8934 and Critical ICS Vulnerabilities: A recent cyberattack on credit card systems in Israel has highlighted the growing vulnerabilities in critical infrastructure systems. CISA has issued a warning about these vulnerabilities, including CVE-2024-8934, which could be exploited by cybercriminals. Source: The Cyber Express
4. PTA Issues Cybersecurity Alert on Critical Oracle WebLogic Vulnerability: Known cybercriminal groups, including the 8220 Gang, have exploited a critical vulnerability in Oracle WebLogic. The Pakistan Telecommunication Authority (PTA) has issued a cybersecurity alert about this vulnerability, advising affected users to take necessary precautions. Source: PhoneWorld
5. Palo Alto Networks Warns Of Critical PAN-OS Remote Code Execution Vulnerability: Palo Alto Networks has issued an urgent warning about a potential remote code execution vulnerability in PAN-OS. The vulnerability could be exploited by cybercriminals to gain unauthorized access to systems. Source: Cybersecurity News

Vulnerabilities & Patches

1. Google fixes Chrome zero day exploited in the wild (CVE-2023-6345): Google has patched a zero-day vulnerability in Chrome that was being actively exploited. Users are advised to update their browsers to the latest version to protect against potential attacks. Source: IT Security News
2. CISA Urges Patching of Critical Palo Alto Networks' Expedition Tool Vulnerability: The Cybersecurity and Infrastructure Security Agency (CISA) has urged users to patch a critical vulnerability in Palo Alto Networks' Expedition Tool. Palo Alto had released a patch for this vulnerability in July. Source: Hackread
3. Security updates: Dell Enterprise SONiC vulnerable to multiple attacks: Dell's Enterprise SONiC software, used for configuration and monitoring, has been found to be vulnerable to multiple attacks. The company has listed three vulnerabilities and users are advised to update their software. Source: heise online
4. Hackers Exploiting Veeam RCE Flaw to Deploy New Frag Ransomware: Hackers are exploiting a remote code execution (RCE) flaw in Veeam software to deploy a new strain of Frag ransomware. Users are urged to patch their systems to mitigate this threat. Source: Cybersecurity News
5. Google patches actively exploited Android vulnerability (CVE-2024-43093): Google has patched two vulnerabilities in Android that were being actively exploited. Users are advised to update their devices to the latest version to protect against potential attacks. Source: IT Security News

Podcasts

1. Secret Junkyard Discovery; Raccoon Meatballs; Boeing's Military Gouging - Manufacturing.net: This episode of the Today in Manufacturing Podcast discusses a variety of topics, including a secret junkyard discovery, raccoon meatballs, and Boeing's military gouging. The podcast is brought to you by the editors of Manufacturing.net and Industrial Equipment News (IEN). Source: Manufacturing.net
2. Marketing Minute Video with NP Strategy: How to Reach More of the Right People on LinkedIn: The Taking the Pulse podcast episode focuses on how to reach more of the right people on LinkedIn. It provides insights into the Health Infrastructure Security and Accountability Act and its implications for a new era. Source: JDSupra
3. DEFENCE PROPERTY PODCAST: Investing in property from post to post: This podcast episode discusses the importance of foresight and a resourceful approach in property investment, particularly for soldiers transitioning from military to civilian life. Source: DefenceConnect
4. Advanced Persistent Teenagers, Okta Bug Allowed Logins Without a Correct Password: Episode 354 of this cybersecurity podcast discusses the emergence of 'Advanced Persistent Teenagers' (APT) as a new cybersecurity threat and an Okta bug that allowed logins without a correct password. Source: SecurityBoulevard
5. VIP Podcast Vault – 18 Yrs Ago (11-5-2006): Post-WWE Cyber Sunday PPV Roundtable: This episode from the VIP Podcast Vault series revisits the post-WWE Cyber Sunday PPV Roundtable from 18 years ago, providing a nostalgic look back at the event. Source: PWTorch

Final Words

And that's a wrap for today's ONSEC Cyber Daily! We've covered a lot of ground, from the urgent CISA alerts about critical vulnerabilities to the rise of SEO poisoning tactics by cybercriminals. We've also touched on the importance of patching and the latest cybersecurity news from around the globe. Remember, knowledge is power, especially when it comes to cybersecurity. By staying informed, you're already one step ahead of the cybercriminals. If you found today's newsletter helpful, why not share it with your friends and colleagues? They might find it useful too. After all, in the digital world, we're all in this together. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily!