Welcome to the ONSEC Cyber Daily, your one-stop source for the latest cybersecurity news. Today, we're diving into the recent cyberattack on American Water, highlighting the vulnerabilities that continue to plague critical infrastructure sectors. We're also discussing the SharePoint flaw that's putting entire corporate networks at risk, and the new security guidelines released by the US government to help IT teams detect and mitigate common vulnerabilities. In other news, a Nigerian man has been sentenced to over 26 years for real estate phishing scams, and millions of Synology NAS devices are vulnerable to zero-click attacks. We'll also be looking at a new Windows Zero-Day vulnerability that allows attackers to steal credentials, and the shutdown of DDoS-for-hire platform Dstat.cc by German police. On the political front, we're covering the active Russian disinformation campaign ahead of the 2024 US election, and the FBI warning about fake election videos. In the tech world, we're discussing major IT vulnerabilities reported in Fortinet, SonicWall, and Grafana, and the urgent iTunes update addressing a local privilege escalation vulnerability. Finally, we're featuring the latest episodes from cybersecurity podcasts discussing health equity, school safety, and the importance of cyber transparency. Stay tuned for these stories and more in today's ONSEC Cyber Daily.

Exploits Alert

1. Cyberattack on American Water: A warning to critical infrastructure: The recent cyberattack on American Water highlights the ongoing vulnerabilities in the water and wastewater sectors. These sectors continue to be a target for cybercriminals, emphasizing the need for improved security measures. Source: Security Intelligence
2. Warning issued after SharePoint flaw puts entire corporate networks at risk: Security researchers have issued an alert following the discovery of a vulnerability in SharePoint that could put entire corporate networks at risk. The flaw is being exploited by threat actors, underlining the importance of timely patching and updates. Source: ITPro
3. Govt Issues Cyber Alert After US Agency Releases New Security Guidelines: The government has issued a cyber alert following the release of new security guidelines by a US agency. The guide aims to help IT teams detect and mitigate common Active Directory vulnerabilities that cyber attackers often exploit. Source: ProPakistani

Vulnerabilities & Patches

1. Nigerian Man Sentenced for Phishing Scams: Nigerian cybercriminal, Kolade Ojelade, has been sentenced to 26 years in U.S. prison for conducting phishing scams that stole millions by hacking email accounts. Source: Security Affairs
2. Synology NAS Devices Vulnerable to Zero-Click Attacks (CVE-2024-10443): Millions of Synology NAS devices are at risk due to a zero-click vulnerability (CVE-2024-10443). Midnight Blue researchers urge users to patch immediately, despite no known exploits in the wild. Source: Help Net Security
3. New Windows Zero-Day Vulnerability: A new zero-day vulnerability in Windows theme files, discovered last year, allows malicious actors to steal user credentials. Source: GB Hackers
4. DDoS-for-Hire Platform Dstat.cc Shut Down: German police have shut down DDoS-for-hire platform Dstat.cc, arresting two men accused of operating the site used for launching DDoS attacks. Source: Security Affairs
5. SharePoint Vulnerability (CVE-2024-38094): A vulnerability in Microsoft SharePoint (CVE-2024-38094) could potentially provide an entry point to an entire corporate network. Microsoft released a patch in July, and users are strongly advised to update as soon as possible. Source: Techzine Global

Podcasts

1. CIO Podcast – Episode 83: Health Equity with Leigh Williams: This episode of the CIO Podcast, hosted by Healthcare IT Today, features Leigh Williams discussing health equity. The conversation was recorded live at the MEDITECH conference, providing valuable insights into the intersection of healthcare and technology. Source: Healthcare IT Today.
2. Balancing Technology and Behavioral Elements and How to Improve School Safety: In this episode, Security Today and Campus Security discuss the balance between technology and behavioral elements in improving school safety. The podcast emphasizes the role of cybersecurity teams in developing safety protocols. Source: Security Today.
3. LexisNexis® Risk Solutions Launches Healthcare DataWake Podcast: This episode of the Healthcare DataWake Podcast, launched by LexisNexis Risk Solutions, explores the importance of security in healthcare data. The episode features Flavio Villanustre, Chief Information Security Officer at LexisNexis Risk Solutions. Source: HealthLeaders.
4. The Law Bytes Podcast, Episode 218: Emily Laidlaw and Taylor Owen on Saving the Online: Emily Laidlaw, the Canada Research Chair in Cybersecurity at the University of Calgary, and Taylor Owen discuss the importance of saving the online environment in this episode of The Law Bytes Podcast. Source: Michael Geist.
5. Why is cybertransparency important? - Dentons: This podcast episode by Dentons Academy Australia discusses the importance of cybersecurity practices amidst increasing data transparency demands and cyber threats. It emphasizes the need for cyber transparency in today's digital world. Source: Dentons.

Wisdom from the ONSEC Founders' Vault

Fresh Blood: Why Changing Pentest Providers Can Improve Your Security Posture. Regularly switching providers can strengthen security by reducing human error, lowering costs, and bringing fresh perspectives to identify overlooked vulnerabilities. Source.

Final Words

As we wrap up today's edition of 'ONSEC Cyber Daily', we are reminded of the ever-evolving landscape of cybersecurity. From the cyberattack on American Water, signaling a warning to our critical infrastructure, to the SharePoint flaw that puts entire corporate networks at risk, it's clear that vigilance is our strongest defense. We've also seen the consequences of cybercrime, with a Nigerian man sentenced to over 26 years for real estate phishing scams. Meanwhile, the ongoing threat of disinformation campaigns, as seen in the lead up to the 2024 US election, highlights the importance of discerning fact from fiction in our digital world. Remember, staying updated on the latest vulnerabilities, such as those found in Synology NAS devices and Windows, is crucial. Timely patch updates can be the difference between secure systems and a potential breach. We hope that 'ONSEC Cyber Daily' continues to be your go-to source for all things cybersecurity. If you find our content valuable, please consider sharing it with your friends and colleagues. Together, we can build a safer digital world. Stay safe, stay informed, and see you in the next edition of 'ONSEC Cyber Daily'.