Welcome to your ONSEC Cyber Daily dose for November 18th. Today, we're diving into the world of cybersecurity, where the stakes are high and the threats are ever-evolving. Palo Alto Networks is in the spotlight, patching a critical zero-day firewall bug and dealing with two more bugs in PAN-OS under exploitation. As cyberattacks increase, businesses in Arkansas are recognizing the growing need for cyber insurance. Meanwhile, the Five Eyes Alliance has released a list of the 15 most exploited cyber vulnerabilities of 2023, a must-read for network defenders. As we approach Black Friday, the UK's National Cyber Security Centre is warning of increased fraud risks. In the MSSP market, vulnerability assessment and managed vulnerability are the top services offered, highlighting the importance of staying ahead of potential threats. In other news, PostgreSQL has released a security update patching multiple vulnerabilities, and the NSA is saying no to smartphones and texting but yes to podcasts. Finally, we'll look at some intriguing cybersecurity podcasts, from an episode featuring the director of the NSA's National Security Operations Center to a deep dive into the power of AI in cybersecurity. Stay tuned for these stories and more in today's ONSEC Cyber Daily. Stay safe, stay informed.

Exploits Alert

1. Palo Alto Networks Patches Critical Zero-Day Firewall Bug: Palo Alto Networks has issued an advisory warning about a critical zero-day bug in their firewalls. The company has released patches to address this vulnerability. Source: Dark Reading
2. Palo Alto Reports Two More Bugs In PAN-OS Being Exploited: Palo Alto has reported two more bugs in its PAN-OS that are currently being exploited. The company has responded to the rising cyberattacks by launching its first 60-hour cybersecurity drill. Source: The Cyber Express
3. Arkansas Businesses Face Growing Need for Cyber Insurance as Cyberattacks Increase: As cyberattacks increase, businesses in Arkansas are recognizing the growing need for cyber insurance. Cyber insurance, once a specialty product, has become nearly as fundamental as other forms of business insurance. Source: 5 News Online
4. The 15 Most Exploited Cyber Vulnerabilities of 2023, According to Five Eyes Alliance: The Five Eyes Alliance has released a list of the 15 most exploited cyber vulnerabilities of 2023. The report emphasizes that threat actors are focusing their attacks on zero days and urges network defenders to pay careful attention. Source: Clearance Jobs
5. MSSP Market Update: MSSP 250 Research – the State of the Market 2024: The top service offered by Managed Security Service Providers (MSSPs) is vulnerability assessment. The CyberRisk Alliance's channel brands, MSSP Alert, has released a market update for 2024. Source: MSSP Alert

Vulnerabilities & Patches

1. Palo Alto Networks Patches Critical Zero-Day Firewall Bug: Palo Alto Networks has issued patches for a critical zero-day bug (CVE-2024-0012, CVSS 9.3) in its Expedition product. The company has not specified when it became aware of the vulnerability. Source: Dark Reading
2. PostgreSQL Security Update, Patch For Multiple Vulnerabilities: PostgreSQL has released a security update to patch multiple vulnerabilities, including a Row Security Vulnerability (CVE-2024-10976). This vulnerability affects PostgreSQL versions 12 to 17. Source: Cybersecurity News
3. CISA flags two more major Palo Alto security issues, so patch now: The Cybersecurity and Infrastructure Security Agency (CISA) has flagged two more significant security issues with Palo Alto. The flaws include an unauthenticated command injection bug (CVE-2024-9463) and an SQL injection flaw (CVE-2024-9465). Source: MSN

Podcasts

1. Why N.S.A. Rules Say No to Smartphones, No to Texting, Yes to Podcasts: This podcast episode features Doug Nieman, the director of the N.S.A.'s National Security Operations Center, and Yemi Rotimi, a systems analyst, discussing the N.S.A.'s rules regarding smartphones and texting. Source: The New Yorker
2. Old Brewery Shut Down; Mattel's Packaging Problem; Nissan's Layoffs: This episode, sponsored by Orkin, discusses a variety of topics including a security breach. Source: Manufacturing.net
3. Unknown Attacker Tries To Frame Security Researcher: Cyber Security Today for Monday: In this episode, host Jim Love highlights critical cybersecurity updates, including an attempt to frame a security researcher. Source: iVoox
4. T-Mobile confirms breach, AnnieMac data stolen, NewGlove threat: This episode of the CISO Series discusses recent cybersecurity news, including a confirmed breach at T-Mobile. Source: CISO Series
5. Keeping it Real: Housing.com podcast Episode 60: This episode provides a comprehensive look at cybersecurity challenges in the housing industry and how they are addressed to maintain a smooth consumer experience. Source: Housing.com
6. Outsmart Hackers: The Power of AI in Cybersecurity and AI Impersonations: This episode dives deep into how AI in cybersecurity is changing the way we protect against threats. Source: iHeart.com

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. From the critical zero-day firewall bug patched by Palo Alto Networks to the rising need for cyber insurance in Arkansas, we've covered the most pressing cybersecurity news of the day. As we continue to navigate the ever-evolving digital landscape, remember that knowledge is power. By staying informed about the latest threats and vulnerabilities, we can all play a part in fortifying our cyber defenses. If you found today's newsletter helpful, why not share it with your friends and colleagues? After all, cybersecurity is a team sport, and we're all in this together. Until tomorrow, stay safe and stay vigilant. Remember, the cyber world never sleeps, but with ONSEC Cyber Daily, you'll always be one step ahead.