Happy Thanksgiving! 🦃🍁 We hope you’re enjoying this season of gratitude and celebration. Welcome to the latest issue of ONSEC Cyber Daily, your one-stop source for the most impactful cybersecurity news.

Today, we're diving into a series of critical vulnerabilities and the urgent actions needed to mitigate them. First up, we're looking at the Oracle Agile PLM flaw (CVE-2024-21287) that has been flagged by CERT-In. This high-risk vulnerability could potentially lead to unauthorized access, exposing sensitive data.

In other news, Google Chrome users are being urged to update their browsers immediately to protect against potential cyberattacks. This comes as part of a broader crackdown on cybercrime across Africa, which has already led to the arrest of over 1,000 suspects. Meanwhile, researchers are sounding the alarm over hackers exploiting a critical ProjectSend vulnerability. Despite a patch being available for over a year, the vulnerability was only allocated a CVE in November after evidence of exploitation was found.

In a similar vein, a critical flaw has been discovered in Windows 11, allowing attackers to gain elevated system privileges. This comes alongside warnings of zero-day security flaws in Windows and Firefox being exploited by hackers.

Lastly, we're covering the latest in cybersecurity podcasts, with insights on protecting OT from growing cyber threats, grappling with a ransomware attack, and the future of emerging global trends.

Thank you for being part of our community—this Thanksgiving, we’re especially grateful for your continued support in staying informed and secure. Stay safe, stay updated, and enjoy the holiday season!

Exploits Alert

1. CERT-In Flags on Oracle Agile PLM Flaw (CVE-2024-21287): The Indian Computer Emergency Response Team (CERT-In) has flagged a critical vulnerability in Oracle's Agile Product Lifecycle Management software. The flaw, identified as CVE-2024-21287, could allow attackers to take control of an affected system. Oracle has released patches to address the vulnerability. Source: The Cyber Express.
2. Urgent Warning for Google Chrome Users: Update Now to Protect Against Security Risks: Google Chrome users are being urged to update their browsers immediately to protect against potential cyberattacks. Cybersecurity experts emphasize the importance of downloading these updates promptly to avoid falling victim to security risks. Source: Kalimpong Online News.

Vulnerabilities & Patches

1. Critical ProjectSend Vulnerability Exploited: A critical vulnerability in ProjectSend has been exploited by hackers. The patch for this vulnerability was released in May 2024, but the CVE was only allocated in November after evidence of exploitation was found. Source: ITPro and Infosecurity Magazine
2. Oracle Agile PLM Framework Flaw Exposes Sensitive Data: A critical flaw in the Oracle Agile PLM Framework could expose sensitive data. The Computer Emergency Response Team – India (CERT-In) has flagged this high-risk vulnerability. Source: The Cyber Express and The Cyber Express
3. Windows 11 Integer Overflow Vulnerability: A critical security flaw in Windows 11 allows attackers to gain elevated system privileges through an integer overflow. Source: Cybersecurity News
4. QNAP Releases Critical Patches: QNAP has released critical patches for Notes Station 3 and QuRouter to resolve vulnerabilities and protect NAS systems. Source: Red Hot Cyber
5. D-Link Abandons Patch for Critical Vulnerability: D-Link has abandoned a patch for a critical vulnerability affecting over 60,000 routers, urging users to take other measures. Source: Gigazine

Podcasts

1. Encore Episode: Insights on Protecting OT from Growing Cyber Threats - CyberWire: This podcast episode revisits key insights from October's Threat Vector podcast series, hosted by David Moulton, Director of Thought Leadership at Unit 42. It provides a deep dive into the protection of Operational Technology (OT) from increasing cyber threats. Source: CyberWire.
2. Grappling with a ransomware attack - CyberWire: Hosted by Dave Bittner, a security podcast host and one of the founders at CyberWire, this episode explores the complexities of dealing with a ransomware attack. It provides valuable insights for those who might find themselves in such a situation. Source: CyberWire.
3. NAB Digital Next: Future of emerging global trends – AI agents: This podcast from NAB Digital Next discusses the future of emerging global trends, focusing on AI agents. It offers insights about technology and its impact on the security landscape. Source: NAB Digital Next.
4. Gym hacking, disappearing DNA, and a social lockout | Smashing Security podcast: This episode covers a range of topics, including gym hacking, disappearing DNA, and social lockouts. It provides a comprehensive look at various cybersecurity issues that affect everyday life. Source: Smashing Security podcast.
5. Hacker Heroes – Aaron Turner – PSW Vault | SC Media: This episode offers a unique perspective on digital security, making it a must-listen for professionals in the cybersecurity space. It features Aaron Turner, a renowned figure in the field, discussing his experiences and insights. Source: SC Media.

Final Words

As we wrap up today's edition of 'ONSEC Cyber Daily', we hope you found our coverage on the latest cybersecurity threats and updates informative and enlightening. From the CERT-In flagging on Oracle Agile PLM flaw to the urgent warning for Google Chrome users, it's clear that the cyber landscape is constantly evolving and the need for vigilance is more crucial than ever. Remember, staying updated is your first line of defense. So, don't forget to patch up your systems, update your applications, and most importantly, share this knowledge. If you found our newsletter helpful, we encourage you to share it with your friends, colleagues, and anyone else who might benefit from staying a step ahead in this digital world. In the end, cybersecurity is a shared responsibility. Let's continue to learn, share, and secure our digital space together. Until tomorrow, stay safe and secure! P.S. Don't forget to check out the latest episodes from various cybersecurity podcasts we've highlighted today. They offer a wealth of insights and expert perspectives on current cyber threats and trends.