Cyber Daily 11/7: Google and Cisco Patch Critical Vulnerabilities, Open Redirect Attacks Exploited, Sports Sector Cyber Vulnerability, Cybersecurity in Healthcare and Elections

Cyber Daily 11/7: Google and Cisco Patch Critical Vulnerabilities, Open Redirect Attacks Exploited, Sports Sector Cyber Vulnerability, Cybersecurity in Healthcare and Elections

Welcome to the November 7th issue of ONSEC Cyber Daily. Today, we're diving into the murky waters of open redirect attacks, a versatile tool that cybercriminals are using to scale their attacks. We'll also explore the potential cyber vulnerabilities in the sports sector, particularly among volunteers. In the tech world, Cisco is making headlines with a series of high severity vulnerabilities. We'll take a closer look at the flaws and the patches released to combat them. Google is also stepping up its game, blocking two critical Android zero-days in its latest security update. We'll also discuss the importance of cyber resilience in the healthcare sector, and how new SEC rules are impacting CISOs. Plus, we've got a roundup of the latest cybersecurity podcasts and episodes to keep you informed and ahead of the threats. Lastly, we'll touch on the recent zero-day reveal from Synology and why NAS device users need to patch immediately. Stay tuned for these stories and more in today's ONSEC Cyber Daily.

Exploits Alert

  1. Understanding and Preventing Open Redirect Attacks: Open redirection is a potent tool for cybercriminals, allowing them to amplify the scale of their attacks. It's crucial to understand and prevent these attacks to safeguard your digital assets. Source: SC Media
  2. Cyber Vulnerability in the Sports Sector: The frequency of cyberattacks is on the rise, partly due to the use of artificial intelligence (AI). The sports sector, particularly volunteers, has been identified as a significant cyber vulnerability. It's essential to address this issue to protect the sector from potential threats. Source: Insurance Business America

Vulnerabilities & Patches

  1. Cisco Industrial Wireless Software Flaw: A high severity vulnerability, CVE-2024-20418, has been discovered in Cisco's Industrial Wireless Software that could allow attackers to run commands as a root user. Cisco has released a patch to address this issue. Source: Cybersecurity News
  2. Critical Vulnerabilities in Cisco URWB and HPE Aruba Access Points: Cisco has addressed a maximum severity vulnerability, CVE-2024-20418, affecting Unified Industrial Wireless Software for Cisco URWB in their recent security updates. Source: SOCRADAR
  3. Cisco Patches Vulnerability in Industrial Networking Solution: Cisco has patched a high-severity bug, CVE-2024-20536, in the Nexus Dashboard Fabric Controller (NDFC) in their latest release. Source: SecurityWeek
  4. Downgrade Attacks Open Patched Systems to Malware: A stack elevation of privilege vulnerability, CVE-2024-38202, in Windows update was addressed in the company's October Patch Tuesday. However, patched systems are still open to downgrade attacks. Source: Security Boulevard
  5. Synology Urges NAS Device Users to Patch Immediately: Synology has urged users to immediately patch a vulnerability, CVE-2024-10443, found in DiskStation and BeePhotos. The vulnerability was revealed during the recent Pwn2Own Ireland. Source: TechRadar

Podcasts

  1. Secure Your Healthcare Organization with Better Cyber Resilience: David Sampson, VP of Cyber Risk and Strategy at Thrive, emphasizes the need for healthcare organizations to reassess their cybersecurity measures. He suggests a proactive approach to cyber resilience to ensure the safety of sensitive health data. Source: Healthcare IT Today
  2. How Are New SEC Rules Impacting CISOs?: This episode of the CISO Series Podcast discusses the increasing importance of cybersecurity in light of new SEC rules. The conversation revolves around the impact of these rules on CISOs and their strategic planning. Source: CISO Series
  3. EU-Startups Podcast | Episode 94: Paulo Rodriguez, Head of International at Vanta: Paulo Rodriguez, Head of International at Vanta, highlights the need for proactive security measures and the importance of educating families about cybersecurity. Source: EU-Startups
  4. Episode 324 – 2024 Election Forecast: Divided Government On The Horizon?: This podcast episode discusses the potential impact of a divided government on cybersecurity, particularly in relation to the Cybersecurity Maturity Model Certification 2.0 Program in the United States. Source: Mondaq
  5. Ahead of the Threat Podcast: Episode Two - Kevin Mandia: In this episode, FBI Assistant Director Bryan Vorndran and FBI Strategic Engagement Advisor Jamil Farshchi speak to Kevin Mandia about the evolving cybersecurity threat landscape. Source: YouTube

Wisdom from the ONSEC Founders' Vault

GitHub commit parsing for email and fun. During security audits, sensitive information like source code, API keys, and developer emails can be uncovered using tools like GitHub Commit Parser, which analyzes commit data to establish connections with the target company and identify potential vulnerabilities, aiding penetration testing. Source

Final Words

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We hope you found these updates enlightening and useful. Remember, knowledge is power, and in the realm of cybersecurity, staying informed is your first line of defense. From understanding open redirect attacks to the latest vulnerabilities in Cisco and Google's Android, we've covered a lot of ground today. We've also touched on the increasing importance of cybersecurity in various sectors, including sports and healthcare, and the role of CISOs in navigating new SEC rules. Remember, the world of cybersecurity is ever-evolving, and it's crucial to stay one step ahead. So, don't forget to patch your systems, educate your teams, and always be on the lookout for potential threats. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to create a safer digital world. Until tomorrow, stay safe and secure.