Your Daily Dose of Cybersecurity Updates (11/22) Hello there, Welcome to another edition of ONSEC Cyber Daily, where we bring you the most critical cybersecurity updates from around the globe. Today, we're diving into a series of vulnerabilities and patches that have been making headlines. First up, we have multiple end-of-life D-Link routers that have been found to have vulnerabilities, allowing attackers to execute remote code. The EPA has issued a similar warning for millions of water utility customers, citing alarming cybersecurity vulnerabilities. Meanwhile, the Indian government's cybersecurity wing has issued a critical warning about a Chrome bug that could potentially allow hackers to gain access. In other news, NVIDIA has addressed a critical vulnerability in its Base Command Manager, and Google has disclosed several security vulnerabilities for Android and Google Pixel. Over 2,000 Palo Alto firewalls have been compromised due to new vulnerabilities, and Apple has patched two zero-day attack vectors. We also have reports of a worrying security flaw in Ubuntu Linux that may have gone unnoticed for a decade. Apple has urged users to update to iOS 18.1.1 and iOS 17.7.2 to address critical exploits, and macOS users are also advised to update their systems immediately to mitigate the risk of active zero-day exploits. In our podcast corner, we have a new episode of Cyber Uncut featuring Genetec's Asia-Pacific sales engineering and services manager, Lee Shelford. We also have a range of other podcasts discussing topics from AI and cybersecurity to cross-border business and national security. Stay tuned for more updates and remember, knowledge is the first line of defense in cybersecurity. Stay safe, ONSEC Cyber Daily Team

Exploits Alert

1. Multiple D-Link End-of-Life Routers Vulnerabilities: A warning has been issued about multiple vulnerabilities in D-Link routers that are no longer supported by the manufacturer. These vulnerabilities could allow attackers to execute remote code. Users are advised to replace these end-of-life routers to mitigate the risk. Source: cybersecuritynews.com
2. Drinking Water Warning Issued by EPA: The Environmental Protection Agency (EPA) has issued a warning to millions of water utility customers about alarming cybersecurity vulnerabilities. This follows a similar alert issued by the EPA in May, emphasizing the need for improved cybersecurity measures in the water utilities sector. Source: newsweek.com
3. Indian Government Warns of Chrome Bug: The Indian Computer Emergency Response Team (CERT-In), the cybersecurity wing of the Indian government, has issued a critical warning about a vulnerability in Google Chrome. This vulnerability could potentially allow malicious hackers to gain unauthorized access. Users are advised to update their Chrome browsers to the latest version to mitigate the risk. Source: republicworld.com

Vulnerabilities & Patches

1. NVIDIA Base Command Manager Vulnerability: NVIDIA has released a security advisory to address a critical vulnerability that could allow attackers to execute remote code. Users are urged to update their systems to mitigate the risks. Source: cybersecuritynews.com
2. Android and Google Pixel Security Vulnerabilities: Several security vulnerabilities have been disclosed for Android and Google Pixel. Some of these issues have been addressed, but others took longer to patch. Users are advised to keep their devices updated. Source: cyberkendra.com
3. Palo Alto Firewalls Hacked: Over 2000 Palo Alto firewalls have been compromised due to a campaign exploiting new vulnerabilities. Users are advised to patch their firewalls to prevent further breaches. Source: cybersecuritynews.com
4. Apple Patches Two Zero-Day Attack Vectors: Apple has patched two zero-day vulnerabilities, CVE-2024-44308 and CVE-2024-44309. The details of the vulnerabilities have not been disclosed, but users are urged to update their systems. Source: techrepublic.com
5. Ubuntu Linux Security Flaw: A worrying security flaw that may have gone unnoticed for a decade has been discovered in Ubuntu Linux. A patch is available and users are urged to apply it. Source: techradar.com

Podcasts

1. Cyber Uncut: In this episode, Lee Shelford from Genetec discusses the future of physical security, SaaS, and Australia's leadership in physical security. The conversation provides insights into the evolving landscape of security and the role of technology in it. Source: Cyber Daily
2. AGG Talks: Cross-Border Business Podcast: This episode explores the impact of the 2024 U.S. Election on cross-border business. It also discusses the new guidance issued by the Bureau of Industry and Security to financial institutions. Source: JD Supra
3. 35 West: In this episode, Henry Ziemer and Abigail Hunter discuss the importance of mineral security to national security. The conversation provides insights into the strategic importance of critical minerals. Source: CSIS
4. CHIME 2024: This episode provides perspectives on AI, cybersecurity, leadership and more at CHIME 2024. It also discusses the recommendations made by CHIME on medical device cybersecurity to FDA. Source: Healthcare IT Today
5. She Said Privacy/He Said Security: This episode discusses the role of mothers in tackling cyber threats at home. It blends storytelling with practical insights, making cybersecurity awareness accessible to everyone. Source: iHeartRadio

Final Words

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We've covered everything from D-Link router vulnerabilities to the latest patches for Apple and Android devices. Remember, staying informed is your first line of defense in the ever-evolving world of cybersecurity. If you found this information useful, please consider sharing our newsletter with your friends and colleagues. It's through collective awareness and action that we can better secure our digital world. Stay safe, stay updated, and we'll see you in the next edition of 'ONSEC Cyber Daily'. Until then, keep your data secure and your systems patched.