Welcome to the latest issue of ONSEC Cyber Daily, your one-stop source for the most impactful cybersecurity news. Today, we're diving into a groundbreaking discovery by Google's Project Zero and DeepMind, who have uncovered their first real-world vulnerability using a large language model. This marks a significant milestone in AI's role in cybersecurity. In other news, the Cybersecurity and Infrastructure Security Agency (CISA) has been busy issuing alerts about various vulnerabilities. From Rockwell ThinManager systems being exposed to DoS conditions, to PTZOptics cameras being exploited to escalate privileges, it's clear that no system is immune to cyber threats. Meanwhile, Samsung and Google are taking action, issuing updates and patches to address vulnerabilities in millions of Galaxy phones and Android devices. However, the cybersecurity landscape remains fraught with challenges, as evidenced by the discovery of critical ICS vulnerabilities and zero-click RCE flaws affecting millions of NAS devices. In the world of cybercrime, a Nigerian man has been sentenced to over 26 years for real estate phishing scams, while German police have shut down a DDoS-for-hire platform. As we approach the 2024 US election, Russian disinformation campaigns are ramping up, highlighting the ongoing geopolitical implications of cybersecurity. Finally, we're featuring insights from the new CEO of High Wire Networks' Overwatch, and a range of informative cybersecurity podcasts. From navigating the board of directors to managing healthcare claims backlogs following a cyberattack, these episodes offer valuable perspectives on the intersection of technology, security, and leadership. Stay tuned for more updates and remember, knowledge is the first line of defense in cybersecurity.

Exploits Alert

1. Google's Big Sleep: From Concept to Vulnerability Discovery: Google Project Zero and DeepMind researchers have discovered a real-world vulnerability using a large language model. This marks a significant step in AI-driven cybersecurity. Source: Cyber Magazine.
2. Google Claims World First As AI Finds 0-Day Security Vulnerability: Veteran cybersecurity writer, Davey Winder, reports on Google's claim of a world-first AI-discovered 0-day security vulnerability. The FBI has issued a warning about this. Source: Forbes.
3. Rockwell ThinManager Vulnerability Exposes Systems To DoS Condition: A vulnerability in Rockwell's ThinManager could expose systems to a Denial of Service (DoS) condition. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert urging organizations to prioritize this issue. Source: Cybersecurity News.
4. CISA Warns of PTZOptics Cameras Vulnerability Exploited to Escalate Privileges: CISA has issued an urgent warning about critical vulnerabilities identified in PTZOptics cameras that could be exploited to escalate privileges. Organizations are urged to address this issue promptly. Source: Cybersecurity News.
5. Samsung Updates Millions Of Galaxy Phones—New Warning Issued For All Owners: Samsung has issued updates for millions of Galaxy phones following a warning that two vulnerabilities are under active attack. The US cybersecurity agency has also issued a warning about this. Source: Forbes.

Vulnerabilities & Patches

1. Google Patches Two Android Vulnerabilities Exploited in Targeted Attacks: Google has addressed two vulnerabilities, CVE-2024-43047 and another undisclosed one, in the first part of Android's November 2024 security updates. These vulnerabilities were being exploited in targeted attacks. Source: SecurityWeek
2. Huawei Lists EMUI and HarmonyOS November 2024 Security Patch Details: Huawei has released details about its November 2024 security patch for EMUI and HarmonyOS. The patch addresses the CVE-2024-51526 vulnerability. Source: Huawei Central
3. Cyble Highlights Critical ICS Vulnerabilities this Week: Cyble Research has highlighted critical ICS vulnerabilities, including CVE-2024-7587. A patch has been released to address this flaw. Source: The Cyber Express
4. Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices: Synology is urging users to patch a critical zero-click RCE flaw, tracked as CVE-2024-10443 and dubbed RISK:STATION. The flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest. Source: The Hacker News
5. CVE-2024-8957: Critical Flaw Found in PTZOptics Cameras: A critical flaw, identified as CVE-2024-8957, has been found in PTZOptics cameras. CISA recommends that users apply the latest firmware patch from PTZOptics, which addresses this vulnerability. Source: The Cyber Express

Podcasts

1. 'Insights on Leadership and the MSSP Market from the New CEO of High Wire Networks' Overwatch: Ed Vasko, the new CEO of Overwatch by High Wire Networks, shares his leadership strategies and insights on the MSSP market on the 'Let's SOC About It' podcast. Source: MSSP Alert
2. 'Episode 2: Navigating the Board of Directors - CIO': Kristen Davies, former CISO at Unilever and The Estée Lauder Companies Inc., and Claude Knight, a managing director of cybersecurity for Ernst & Young, discuss navigating the board of directors in cybersecurity. Source: CIO
3. 'APDR Podcast Episode 70 with host Kym Bergmann': This episode of the Asia Pacific Defence Reporter podcast features a discussion on cybersecurity, IT, and simulation & training. Source: Asia Pacific Defence Reporter
4. 'Global Regulation Tomorrow Plus: EMEA Regulatory Insights Podcast Episode 16 – REMIT 2': Anna Carrier from the Brussels office discusses the recent changes to the European regulations in this episode of the EMEA regulatory insights series. Source: Regulation Tomorrow
5. 'CISO Series Podcast LIVE in Dallas, TX (11-14-24)': The CISO Series Podcast is heading to Texas for a live recording, promising a fun and insightful episode. Source: CISO Series

Wisdom from the ONSEC Founders' Vault

Sandbox escape or How to catch all servers of the company. This report outlines the discovery of three RCE vulnerabilities in Foreman, detailing how the team bypassed sandbox protections and accessed company servers through vulnerabilities in the "Provisioning Templates," "Global Parameters," and "Command Runner" modules, ultimately enabling code execution by manipulating configurations, with thanks extended to Foreman for their responsive collaboration on resolving the issues. Source.

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. From Google's AI discovering vulnerabilities to the latest patches and updates, we've covered a lot of ground. Remember, cybersecurity is a shared responsibility. So, don't keep this valuable information to yourself. Share this newsletter with your friends, colleagues, and anyone else who could benefit from staying informed about the ever-evolving world of cybersecurity. Stay vigilant, stay informed, and stay safe. See you tomorrow for another round of updates from the cyber frontlines.