Welcome to today's issue of ONSEC Cyber Daily.

🔴 ONSEC is now on X (Twitter)!!!
Follow us for timely updates on critical security news, vulnerabilities, exploits, expert articles, and more!

Moreover, today we starting with a new Android and Windows attack that "downdates" browser security, leaving users vulnerable to cyber threats. The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed 271 new critical security warnings, emphasizing the seriousness of the threat landscape across various platforms. Meanwhile, iPhone users waiting to update to iOS 18 are at risk from a new attack. Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again. In the healthcare sector, New York's Attorney General secured a $550,000 settlement from HealthAlliance for failing to protect patient data. In software news, the Australian Cyber Security Centre (ACSC) has released a critical alert regarding vulnerabilities in Mitel MiCollab collaboration software. There's also a critical Windows Zero-Day alert with no patch available yet for users. In the world of cybersecurity patches and updates, Cleo's file transfer tool vulnerability is being exploited in the wild, and SAP has released a patch for critical vulnerabilities in NetWeaver. iPhone users are also urged to update to iOS 18 to patch a vulnerability. Finally, tune into our podcast section where we discuss key management in blockchain and web3 security, the intersection of cyber and space, and how to fight online fraud. Stay safe and stay informed with ONSEC Cyber Daily.

Exploits Alert

1. New Android, Windows Warning—This Attack “Downdates” Browser Security: A new cyber attack has been identified that targets Android and Windows users by "downdating" browser security, making systems more vulnerable to other threats. Users are advised to stay vigilant and keep their systems updated. Source: Forbes
2. CISA Confirms 271 New Critical Security Warnings—From Android To Zyxel: The Cybersecurity and Infrastructure Security Agency (CISA) has issued 271 new critical security warnings, highlighting the serious threat landscape across various platforms, including Android and Zyxel. Users are urged to heed these warnings and take necessary precautions. Source: Forbes
3. iOS 18 Alert—iPhone Users Waiting To Update At Risk From New Attack: iPhone users who have not updated to iOS 18 are at risk from a new attack, according to a recent warning. Users are advised to update their devices as soon as possible to mitigate this risk. Source: Forbes
4. Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again: Security researchers have issued a warning about hackers exploiting a high-risk vulnerability in popular file transfer technologies. Users of these technologies are advised to ensure they are using the latest versions and have implemented appropriate security measures. Source: TechCrunch
5. ACSC releases Critical Alert regarding Mitel MiCollab collaboration software: The Australian Cyber Security Centre (ACSC) has released a critical alert regarding vulnerabilities in the Mitel MiCollab collaboration software that could allow malicious actors to access sensitive data. Users are urged to update to the latest version of the software. Source: Cyber Daily

Vulnerabilities & Patches

1. Cleo File Transfer Tool Vulnerability Exploited in Wild Against Enterprises: The vulnerability, tracked as CVE-2024-50623, was not properly patched in version 5.8.0.21, leading to exploitation in the wild. Users are advised to update to the latest version as soon as possible. Source: SecurityWeek
2. SAP NetWeaver Vulnerabilities Let Attackers Upload Malicious PDF Files: The vulnerabilities, CVE-2024-47579 and CVE-2024-47578, allow attackers to upload malicious PDF files. SAP released a patch on December 10, 2024, and users are advised to update their systems. Source: Cybersecurity News
3. iOS 18 Alert—iPhone Users Waiting To Update At Risk From New Attack: iPhone users who have not updated to iOS 18 are at risk from a new attack exploiting the CVE-2024-44131 vulnerability. Apple has issued a patch in the iOS 18 update. Source: Forbes
4. OpenWrt's Attended SysUpgrade (ASU) Vulnerability Exposes Routers to Malicious Firmware Attacks: The vulnerability, CVE-2024-54143, exposes users to risks of installing malicious firmware images. Users are advised to update to the most recent patches as soon as possible. Source: SOCRADAR
5. CVE-2024-11205 Vulnerability Impacts 6M WordPress Sites: The vulnerability affects the WPForms plugin on WordPress sites. Users are strongly urged to update their WPForms plugin to the latest version to mitigate the risks associated with CVE-2024-11205. Source: The Cyber Express

Podcasts

1. Key Management: Revolutionizing Blockchain & Web3 Security - Ep. 140 - Chainalysis: This episode discusses the importance of key management in the context of blockchain and Web3 security. The speaker emphasizes the need for user-friendly interfaces similar to Gmail for Web3 wallets. Source: Chainalysis.
2. MediaCast Podcast: Kimi Guglani of Trend Micro - MediaBrief: Kimi Guglani, Director Marketing for India and SAARC at global cybersecurity, discusses the latest trends and challenges in cybersecurity. Source: MediaBrief.
3. APDR Podcast Episode 75 with host Kym Bergmann - Asia Pacific Defence Reporter: Hosted by Kym Bergmann, this episode features Dennis Richardson, a pro-US figure in the national security domain. Source: Asia Pacific Defence Reporter.
4. Partnering to Solve Real CIO Challenges – Healthcare IT Today Podcast Episode 155: This episode focuses on healthcare security with Steven Ramirez. It discusses the performance of the HEAR score for healthcare IT. Source: Healthcare IT Today.
5. Router security in jeopardy. - CyberWire: This episode discusses the importance of router security and encourages listeners to stay updated with daily intelligence roundups. Source: CyberWire.

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. We hope you found our round-up of the latest cyber threats, vulnerabilities, and security updates informative and helpful. Remember, the digital landscape is constantly evolving, and staying informed is the first step towards safeguarding your data. If you know someone who could benefit from this information, please don't hesitate to share this newsletter with them. After all, cybersecurity is a shared responsibility, and together, we can make the digital world a safer place. Stay safe, stay updated, and see you in tomorrow's edition of ONSEC Cyber Daily.