Welcome to the ONSEC Cyber Daily for November 19th, 2024. Today's issue is packed with critical updates and insights on the ever-evolving cybersecurity landscape. Ionix has unveiled a new tool to streamline cloud security alert management, while the PTA has issued a cyber alert over a critical PHP vulnerability in Windows servers. In a concerning development, a million websites are now vulnerable to dangerous 'sitting duck' cyber attacks, and VMware vCenter and Kemp LoadMaster flaws are under active exploitation. The Czech National Bank's adoption of TIBER-EU signals a new era in cybersecurity, but it also increases exposure to cyberattacks. Meanwhile, the EPA Office of Inspector General warns that more than 200 drinking water systems have been targeted by cyberattacks. Palo Alto Networks has addressed four critical security flaws in its Expedition Firewall, and a critical Windows Kerberos flaw exposes millions of servers to attack. In the world of patches, Palo Alto Networks, Oracle, and VMware have all released critical patches to address various vulnerabilities. And in the podcast world, don't miss the latest episodes discussing everything from crypto crime fighting to the chances of intelligent life beyond Earth. Stay tuned for more updates and remember, in the world of cybersecurity, staying informed is your first line of defense.

Exploits Alert

1. Ionix Unveils Cloud Exposure Validator to Streamline Cloud Security Alert Management: Ionix has launched a new tool that enhances security alerts with exploitable vulnerability and contextual attack surface data. This allows security teams to prioritize alerts that pose the most significant threats. Source: SiliconANGLE
2. PTA Issues Cyber Alert Over Critical PHP Vulnerability in Windows Servers: The Pakistan Telecommunication Authority (PTA) has issued a critical alert regarding a PHP vulnerability in Windows servers. The advisory emphasizes the urgent need for mitigation to prevent exploitation by cybercriminals. Source: ProPakistani
3. 1 Million Websites Vulnerable To Dangerous Sitting Duck Cyber Attacks: A new report reveals that one million websites are vulnerable to 'sitting duck' cyber attacks. The vulnerability is widespread and requires immediate attention. Source: Forbes
4. Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation: Cybercrime actors are actively exploiting a critical flaw in Veeam Backup & Replication. The development comes after Sophos revealed the vulnerability, prompting an urgent warning for users. Source: The Hacker News
5. Czech Banks on Alert: Czech National Bank's Adoption of TIBER-EU Signals New Era in Cybersecurity: The Czech National Bank's adoption of TIBER-EU has increased exposure to cyberattacks, presenting potential vulnerabilities for financial institutions. The move signals a new era in cybersecurity. Source: Taylor Wessing

Vulnerabilities & Patches

1. Critical Windows Kerberos Flaw Exposes Millions of Servers to Attack: Microsoft has addressed a critical flaw in Windows Kerberos, tracked as CVE-2024-43639, which exposed millions of servers to potential attacks. The vulnerability was patched in the recent Patch Tuesday updates. Source: Hackread
2. Chinese APT exploited unpatched Fortinet zero-day flaw: A Chinese APT has exploited an unpatched zero-day flaw in Fortinet. The company has yet to release a patch, and therefore, no CVE has been assigned. Source: TechTarget
3. Previously patched vCenter vulnerabilities actively exploited: A previously patched vulnerability in vCenter, CVE-2024-38812, is being actively exploited. The vulnerability is a heap overflow issue in the DCERPC protocol implementation. Source: Techzine Global
4. Security Alert CVE-2024-21287 Released: Oracle has released a security alert for CVE-2024-21287, a vulnerability in its Agile PLM Framework. Customers are advised to refer to the Security Alert Advisory for information on how to apply the required security patch. Source: Oracle Blogs
5. Galaxy S24 FE grabs November 2024 security update in the US: The November 2024 update for Galaxy S24 FE has fixed 52 vulnerabilities in Android and Samsung software, including 38 high-level issues. Google has patched one CVE. Source: Sammy Fans

Podcasts

1. Transforming Crypto Crime Fighting Across Borders - Ep. 137 - Chainalysis: Special agent Jason Conboy of the Cyber Investigations Team within the Homeland Security Investigations discusses the transformation of crypto crime fighting across borders. Source: Chainalysis
2. Once You Show Me Your Diploma, I'll Explain Why We Don't Gatekeep - CISO Series: This episode explores how to find the talent needed for security programs beyond looking for candidates with technical degrees. Source: CISO Series
3. EPA warns of critical risks, Four million WordPress sites exposed - CISO Series: This podcast discusses the increasing sophistication of sextortion scams and how they are bypassing Microsoft security filters. Source: CISO Series
4. A new era for CISA under Trump? - CyberWire: CISA's Director Easterly plans to step down in the coming year. The episode also discusses DHS's recommendations for AI in critical infrastructure. Source: CyberWire
5. Episode 3 - Kent Marais and Ontiretse Modise discuss how Standard Bank has improved its...: In this Business Talk with Michael Avery interview, Standard Bank's Kent Marais and Ontiretse Modise discuss how South Africa's payment ecosystem. Source: BusinessTech

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. We've covered a lot of ground, from Ionix's new Cloud Exposure Validator to the urgent need for mitigation against critical PHP vulnerabilities in Windows servers. We've also touched on the increasing vulnerability of websites to cyber attacks and the active exploitation of VMware vCenter and Kemp LoadMaster flaws. Remember, staying informed is the first step in protecting your digital assets. Share this newsletter with your friends and colleagues to help them stay ahead of the curve too. In tomorrow's edition, we'll delve deeper into the world of cybersecurity, bringing you the latest news and insights. Stay safe, stay secure, and stay tuned.