Welcome to the ONSEC Cyber Daily for November 20th. Today, we're diving into a whirlwind of cyber threats and vulnerabilities that have been making headlines. First up, Google has confirmed a critical 20-year-old security flaw, which it's addressing using a new Fuzzy AI. This AI-powered fuzzing technique is a significant evolution in the fight against cyber threats. Meanwhile, Apple has rolled out an update for Mac users who have been targeted in a zero-day cyber attack. This comes as a crucial move to address security flaws that have been actively exploited by cybercriminals. In other news, the U.S. Cybersecurity and Infrastructure Security Agency has issued a warning about the vulnerability of water utilities to hackers, following a recent attack in Pennsylvania. We also discuss the overload in vulnerability management and how to break free from outdated practices. On the mobile front, a warning has been issued to all iPhone users to update to iOS 18.1.1 due to a vulnerability. Oracle has also been in the spotlight, issuing an urgent security alert regarding a critical vulnerability in its Agile Product Lifecycle Management (PLM) Framework. Finally, we'll touch on the escalating attacks of 2024, highlighting the threats and cybercrimes from nation-states. Stay tuned for more updates on these stories and other trending cybersecurity news. Stay safe, stay updated with ONSEC Cyber Daily.

Exploits Alert

1. Google Confirms Critical 20-Year-Old Security Flaw Using New Fuzzy AI: Google has confirmed a critical security flaw that has been present for 20 years, using a new AI-powered fuzzing technique. This technique was first announced to the world by Google and has been used to identify the flaw. Source: Forbes
2. Apple issues update for Mac users targeted in zero-day cyber attack: Apple has released a software update to address security vulnerabilities that have been actively exploited by cybercriminals to target Intel-based Mac systems. Source: Indulgexpress
3. Cybersecurity agency warns that water utilities are vulnerable to hackers after Pennsylvania attack: The U.S. Cybersecurity and Infrastructure Security Agency has issued a warning that water utilities are vulnerable to hackers, following a recent attack on a Pennsylvania water authority. Source: MSN
4. Vulnerability Management Overload: How to Break Free From Outdated Practices: This article discusses the overload of vulnerability management and how to break free from outdated practices. It emphasizes the importance of updating cybersecurity practices to keep up with the evolving threat landscape. Source: CPO Magazine
5. iOS 18.1.1—Update Now Warning Issued To All iPhone Users: A warning has been issued to all iPhone users to update to iOS 18.1.1 due to a security vulnerability. The update is crucial to protect users from potential cyber threats. Source: Forbes

Vulnerabilities & Patches

1. Progress Kemp LoadMaster, PAN-OS bugs added to CISA exploited vulnerabilities catalog: The KEV catalog has been updated to include a maximum severity LoadMaster flaw, tracked as CVE-2024-7591, which was addressed by Progress Software months ago. Source: SC World
2. CVE-2024-10924, authentication bypass vulnerability in WordPress - Kaspersky: This vulnerability poses a significant risk, and it is recommended to update the plugin as soon as possible to avoid potential security breaches. Source: Kaspersky
3. Apple Releases Urgent Updates To Patch Actively Exploited Zero-Day macOS Vulnerabilities: Apple has released patches for two vulnerabilities, CVE-2024-44308 and CVE-2024-44309, which could lead to arbitrary code execution when processing malicious content. Source: Techworm
4. Oracle patches software security flaw which could have let hackers steal business files: Oracle has released a patch for a high-severity bug, CVE-2024-21287, which could have been exploited remotely without authentication to steal business files. Source: Techradar
5. Samsung Galaxy Deadline—7 Days To Update Or Stop Using Your Phone - Forbes: Samsung Galaxy users are urged to update their phones within seven days due to a security vulnerability, CVE-2024-43047. Updates have been rolling out since October. Source: Forbes

Podcasts

1. Cyvers launches institutional crypto security tool for $4B vulnerability - Cointelegraph: This podcast discusses the launch of Cyvers' new institutional crypto security tool, designed to address a $4B vulnerability in the crypto market. The conversation with Cyvers provides insights into the tool's development and its potential impact on the crypto industry. Source: Cointelegraph
2. The challenges to energy security in Europe - POLITICO.eu: This podcast explores the challenges of energy security in Europe, particularly in the context of the net-zero transition. It highlights the need for a significant overhaul of infrastructure and supply chains amidst rising geopolitical tensions. Source: POLITICO.eu
3. Yondu says resilient cybersecurity urgently needed - Malaya Business Insight: This podcast features Yondu's call for urgent improvements in cybersecurity, following high-profile breaches that exposed vulnerabilities in some of the country's largest organizations. The discussion emphasizes the need for stronger cybersecurity measures. Source: Malaya Business Insight
4. Inside the FBI: Introducing the Ahead of the Threat Podcast - YouTube: This special episode of Inside the FBI introduces the new podcast, Ahead of the Threat. Co-hosts Bryan Vorndran, assistant director of the FBI, discuss the podcast's focus on staying ahead of security threats. Source: YouTube
5. The AI Fix #25: Beware of the superintelligence, and a spam-eating AI super gran - Graham Cluley: Episode 25 of The AI Fix discusses the creation of a satellite called Skynet and its subsequent loss. The episode also features a discussion on protein folding and the potential of AI in this field. Source: Graham Cluley

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. From Google's AI-powered fuzzing to Apple's urgent updates, we've covered the latest in the world of cybersecurity. Remember, staying informed is the first step towards staying secure. In a world where cyber threats are evolving faster than ever, it's crucial to stay on top of the latest news and updates. So, don't forget to share this newsletter with your friends and colleagues to help them stay safe in the digital world. As we sign off, remember that the battle against cybercrime is a collective effort. Let's continue to learn, share, and secure. Until next time, stay safe and stay informed.