Good morning, ONSEC Cyber Daily readers! Today, we're diving into a flurry of critical alerts and warnings that have been issued by various cybersecurity agencies worldwide. First up, Google Chrome users, you're on high alert! The government has issued a severe warning about vulnerabilities that could allow hackers to access your system remotely. This warning isn't just for any Chrome users, but specifically those in India, as highlighted by the Indian Cyber Computer Emergency Response Team (CERT-In). But Google Chrome isn't the only one under the microscope. Hewlett Packard Enterprise (HPE) has had to patch multiple vulnerabilities in its Aruba Networking access points, and the Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about ongoing attacks exploiting a critical missing in Palo Alto Networks' PAN-OS. Speaking of Palo Alto, they're also dealing with a bug rated 9.3 that's being exploited by attackers. CISA is urging security teams to patch this flaw immediately. In other news, we're looking at the difference between CVE and CVSS for improved cybersecurity, and how security leaders can use CVSS scores to allocate resources. We're also covering a critical vulnerability in Oracle's WebLogic Server, and how Palo Alto Networks alerted customers to a vulnerability in a July 10 security advisory and issued a patch via a software update. Lastly, we're touching on the critical security bug affecting HPE's networking access points, and how Dell's backup appliance PowerProtect DD is acting as a gateway for attackers. Stay tuned for more updates, and remember, your cybersecurity is our priority. Stay safe, stay informed with ONSEC Cyber Daily.

Exploits Alert

1. WARNING! Critical Google Chrome Govt ALERT: Why You Shouldn't Ignore This?: The government has issued a high-severity warning for Google Chrome users. Vulnerabilities could allow hackers to access your system remotely. Source: News24
2. Government issues high risk warning for these Chrome users: The Indian Cyber Computer Emergency Response Team (CERT-In) warns Google Chrome users of serious vulnerabilities that could let remote attackers. Source: MSN
3. CISA issues urgent warning: Hewlett Packard Enterprise (HPE) patches multiple vulnerabilities in its Aruba Networking access points. Cybercriminals use game-related apps. Source: CyberWire
4. Palo Alto Networks Issues Alert on Potential PAN-OS Remote Code Execution Vulnerability: The Cybersecurity and Infrastructure Security Agency (CISA) also issued a warning about ongoing attacks exploiting a critical missing. Source: Vulnera
5. [Al-136] Critical Vulnerability in Cisco Unified Industrial Wireless Software: Cyber Security Agency of Singapore. Source: CSA

Vulnerabilities & Patches

1. CISA Warns of Palo Alto & Android Vulnerabilities Exploited in Attacks: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about two actively exploited vulnerabilities, CVE-2024-43093 and CVE-2024-43047, affecting Palo Alto and Android respectively. Users are urged to update their systems to the latest versions to mitigate these risks. Source: cybersecuritynews.com
2. Palo Alto Expedition bug with 9.3 rating exploited by attackers: A critical flaw in Palo Alto Expedition, CVE-2024-5910, has been patched in July but continues to be exploited by attackers. CISA urges security teams to apply the patch immediately. Source: scmagazine.com
3. Oracle WebLogic Server Remote Code Execution Vulnerability: Oracle has released patches to fix a remote code execution vulnerability, CVE-2024-21216, in its WebLogic Server. Users are advised to refer to the official notice and apply the patches as soon as possible. Source: securityboulevard.com
4. HPE reveals critical security bug affecting networking access points: HPE has disclosed a critical security bug affecting its networking access points. The vulnerabilities are tracked as CVE-2024-47461, CVE-2024-47462, CVE-2024-47463, and others. Users are advised to apply the patch and follow the security advisory. Source: techradar.com
5. Backup appliance PowerProtect DD from Dell as a gateway for attackers: Dell's PowerProtect DD backup appliance has been identified as a potential gateway for attackers. The vulnerabilities, including CVE-2022-29361, are classified as critical. Dell has released security patches to address these vulnerabilities. Source: heise.de

Podcasts

1. Weekend Gouge - November 8, 2024 - Global Security Review: This podcast offers insights into nuclear, space, and cyber deterrence issues facing the nation, along with invitations to weekly discussions. Source: Global Security Review.
2. CISA issues urgent warning - CyberWire: CISA has issued a warning about a critical security flaw in Palo Alto Networks' Expedition tool, urging employees to limit phone use. Source: CyberWire.
3. New Episode of The Regulators Featuring Head of the New Bulk Sensitive Data Regulatory Program: Morrison Foerster and Lawfare have released a new episode of The Regulators podcast, featuring the Chief of the New Bulk Sensitive Data Regulatory Program. Source: Morrison Foerster.
4. Podcast Recap: Peeling Back the Layers of Veteran Suicide | Security Info Watch: Donna Chapman discusses her advocacy for the mental well-being of veterans and the necessity of destigmatizing their emotional wounds. Source: Security Info Watch.

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. We hope this information helps you stay one step ahead of the cyber threats lurking in the digital shadows. Remember, knowledge is power, and sharing is caring. So, don't keep this vital information to yourself. Pass it along to your friends and colleagues. Let's work together to create a safer cyber world for all. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily.