Welcome to the ONSEC Cyber Daily ! Today, we're diving into the world of cybersecurity, where vulnerabilities are being discovered and patched at a rapid pace. Google's LLM Agent has found and fixed a real-world bug in a popular database, demonstrating the power of AI in combating cyber threats. However, the cybersecurity landscape is far from calm. The U.S. CISA has issued an urgent alert regarding an actively exploited vulnerability in Palo Alto Networks' Expedition tool, and a critical command injection vulnerability has hit Cisco's wireless backhaul devices. In the financial sector, disappointing cybersecurity earnings are causing waves, while the MSSP market is on high alert. Meanwhile, cyberattacks are disrupting prisoner tracking and transport operations, and 10 African countries are frequently targeted by DDoS attacks. On the tech front, Google has set a 21-day deadline for Android users to update their phones or stop using them due to a newly disclosed vulnerability. Similarly, a critical Palo Alto Networks bug is being exploited by cyberattacks, prompting urgent calls for patches. Cisco has also released security updates addressing a critical vulnerability in its Unified Industrial Wireless Software. In the podcast world, we're discussing attacks on ICS/OT infrastructure, the impact of fake job openings, and the debut episode of 'Espresso Exchange' – A Talk Show by the Cyber Congress Club. Stay tuned for more updates and remember, in the world of cybersecurity, staying informed is your first line of defense. Stay safe, stay updated with ONSEC Cyber Daily.

Exploits Alert

1. Google's LLM Agent Finds and Fixes Real-World Bug in Popular Database: Google's LLM Agent has successfully identified and rectified a significant bug in a widely used database. The bug was discovered outside the test sandbox, highlighting the effectiveness of the LLM Agent in real-world scenarios. Source: ClearanceJobs
2. CISA Says Palo Alto's CVE-2024-5910 Under Active Exploit: The U.S. CISA has issued an urgent alert regarding an actively exploited vulnerability - CVE-2024-5910 in Palo Alto Networks' Expedition tool. The severity of the exploit necessitates immediate attention and action. Source: The Cyber Express
3. Critical Command Injection Vulnerability Hits Cisco's Wireless Backhaul Devices: A critical command injection vulnerability has been identified in Cisco's wireless backhaul devices. The Cybersecurity and Infrastructure Security Agency (CISA) has initiated Critical Infrastructure Security and Resilience (CISR) Month in response to such threats. Source: The Cyber Express
4. CISA issues alert on critical Palo Alto Networks vulnerability: CISA has issued an alert on a critical vulnerability in Palo Alto Networks. The vulnerabilities include the Android Framework Privilege Escalation Vulnerability (CVE-2024-43093) and CyberPanel Incorrect Default Permissions Vulnerability (CVE-2024-). Source: Tech Monitor
5. Google's Android Deadline—21 Days To Update Or Stop Using Your Phone: Google has issued a 21-day deadline for Android users to update their devices or cease usage due to a newly disclosed vulnerability. The vulnerability is currently under attack, prompting the urgent update deadline. Source: Forbes

Vulnerabilities & Patches

1. CISA Says Palo Alto's CVE-2024-5910 Under Active Exploit: Despite Palo Alto Networks releasing a patch in July, active exploitation of CVE-2024-5910 is now being observed. Immediate remediation is strongly recommended for any organization using Expedition. Source: The Cyber Express
2. HPE Patches Critical Vulnerabilities in Aruba Access Points: HPE has patched critical security defects in Aruba's access points. The vulnerabilities, tracked as CVE-2024-42509 and CVE-2024-47460, have CVSS scores of 9.8 and 9.0 respectively. Source: SecurityWeek
3. Critical Vulnerability in Cisco Unified Industrial Wireless Software: Cisco has released security updates addressing a critical vulnerability (CVE-2024-20418) in Cisco Unified Industrial Wireless Software. Source: CSA
4. Cisco Issues Patch to Fix Serious Flaw Allowing Possible Industrial Systems Takeover: Cisco has issued a patch for a serious flaw, tracked as CVE-2024-20418, that could potentially allow an industrial systems takeover. The bug has a top severity score of 10/10. Source: MSN
5. Google Issues 'Severe' Android Alert: Google has issued a patch for Android versions 12, 13, 14, and 15 due to a 'severe' alert. The zero-day vulnerability, called CVE-2024-43047, affects a microprocessor. Source: MSN

Podcasts

1. Content: $200M for IoT security, 4 acquisitions, fake job openings, vapes are trash – ESW #383: This podcast episode discusses significant fundings in IoT security, four notable acquisitions, and the phenomenon of ghost jobs. It also touches on the issue of overinflated estimates. Source: SC Magazine.
2. KB DAV Senior Secondary Public School, Sector 7-B, Chandigarh - The Tribune: The Cyber Congress Club of KB DAV Senior Secondary Public School launched its first podcast episode, 'Espresso Exchange'. The episode aims to educate listeners about cyber safety and digital citizenship. Source: The Tribune India.
3. PODCAST: Preparing for attacks on ICS/OT infrastructure, with Dragos' Dawn Cappelli: Dawn Cappelli, head of OT-CERT at Dragos, discusses how governments and organizations can prepare for attacks on ICS/OT infrastructure. The podcast provides valuable insights into cybersecurity strategies. Source: Cyber Daily AU.
4. DBrief: Episode 9, November 2024 | Ai Group: DBrief, a new business podcast from the Australian Industry Group, is designed for business people interested in understanding the latest industry trends and developments. Source: Ai Group.
5. Canada cuts TikTok ties. - CyberWire: This episode discusses Canada's decision to order ByteDance to shut down local operations due to security concerns. It also covers Cisco's release of urgent patches for multiple vulnerabilities and the delivery of SteelFox malware. Source: CyberWire.

Wisdom from the ONSEC Founders' Vault

TCP Tarpit and Port Scanning. Barricades on Both Sides. This article explores the concept and implementation of "Tarpit" as a defensive mechanism against port scanning, highlighting its impact on slowing down scans, distorting results, and providing methods to identify and address protected hosts in network environments. Source.

Final Words

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We've navigated through the labyrinth of cyber threats, vulnerabilities, and patches, from Google's LLM Agent fixing real-world bugs to the urgent alerts issued by CISA. Remember, in the digital world, staying updated is your first line of defense. If you found this information useful, don't keep it to yourself. Share this newsletter with your friends and colleagues, because cybersecurity is a shared responsibility. Let's build a safer cyber community, one newsletter at a time. Stay vigilant, stay secure, and see you in the next edition of 'ONSEC Cyber Daily'.