Welcome to the ONSEC Cyber Daily, your one-stop source for the latest in cybersecurity news. Today, we're diving into the critical Dell security vulnerabilities that are compromising affected systems. We'll hear from Varshini, a cybersecurity expert, on the importance of staying ahead of emerging threats. We'll also look at the alarming increase in brute-force attacks on Citrix NetScaler devices, and the German Federal Office for Information Security's warning about these attacks. In our tips section, we'll share five ways to improve your cybersecurity posture in 2025, and we'll explore the vulnerability of water treatment facilities, a critical infrastructure that was targeted by a cyberattacker in 2021. We'll also cover the latest patches for multiple critical vulnerabilities, including those from Dell, Microsoft, and Ivanti. We'll discuss the implications of these vulnerabilities, and how they can be exploited if left unpatched. Finally, we'll touch on the latest cybersecurity podcasts, including episodes on AI and security, hacktivist activities, and alert fatigue among cybersecurity professionals. Stay tuned for all this and more in today's ONSEC Cyber Daily.

Exploits Alert

1. Critical Dell Security Vulnerabilities Let Attackers Compromise Affected Systems: Cybersecurity expert Varshini has alerted about critical vulnerabilities in Dell systems that could allow attackers to compromise affected systems. Users are advised to update their systems to the latest security patches to mitigate the risk. Source: cybersecuritynews.com
2. Citrix NetScaler Devices Under Attack, Brute-force Attacks Exploiting Zero-days: The German Federal Office for Information Security (BSI) has warned about increased brute-force attacks against Citrix NetScaler devices. Users are recommended to implement strong password policies and enable multi-factor authentication to protect their devices. Source: cybersecuritynews.com
3. 5 tips to improve your cybersecurity posture in 2025 - Silicon Republic: This article provides five tips to improve cybersecurity posture in 2025, emphasizing the need for security professionals to have visibility and context to address threats effectively. The tips include vulnerability management, automation, and compliance. Source: siliconrepublic.com

Vulnerabilities & Patches

1. Critical Dell Security Vulnerabilities (CVE-2024-37143 and CVE-2024-37144): Dell PowerFlex appliances, racks, and custom nodes are affected by these vulnerabilities. Attackers can compromise affected systems, hence immediate patching is recommended. Source: Cybersecurity News and GBHackers.
2. Woffice Plugin Vulnerabilities (CVE-2024-43234): Two critical vulnerabilities in the Woffice plugin allow full site takeover. A patch has been implemented to enforce a denylist, blocking administrator and super_admin_roles explicitly. Source: Candid Technology.
3. Citrix NetScaler Devices Vulnerabilities (CVE-2024-8534 and CVE-2024-8535): Brute-force attacks are exploiting zero-days in Citrix NetScaler devices. Patching and upgrading to the latest supported versions is recommended. Source: Cybersecurity News.
4. Ivanti Authentication Bypass Vulnerability (CVE-2024-11639): A critical authentication bypass vulnerability has been patched in Ivanti CSA. This patch has made Ivanti safer. Source: Gridinsoft.
5. WordPress Hunk Companion Plugin Vulnerability (CVE-2024-11972): Attackers are exploiting this vulnerability to install flawed plugins, enabling RCE attacks on 10,000+ WordPress sites. Patching is recommended. Source: The Hacker News.

Podcasts

1. How AI, Security, Inclusion Redefined Government in 2024: This podcast discusses how AI, security, and inclusion have redefined the government in 2024. It provides insights into the role of technology in shaping government policies and operations. Source: Governing
2. PODCAST: Hacktivists target Australian websites, and USMC hacked - Cyber Daily: In this episode, the hosts discuss a widespread hacking campaign targeting Australian websites and the USMC. They delve into the details of the cyber attack and its implications. Source: Cyber Daily
3. When AI goes offline - CyberWire: This podcast episode explores the consequences when AI goes offline. It provides a comprehensive analysis of the impact on various sectors and how to mitigate the risks associated. Source: CyberWire
4. Rebekah Brown and John Scott-Railton on Distilling Cyber Policy podcast - The Citizen Lab: In the latest episode, Alex Botting and Jen Ellis join Rebekah Brown and John Scott-Railton to discuss cyber policy. They provide an in-depth analysis of cybersecurity policy and law. Source: The Citizen Lab
5. AGG Talks: Cross-Border Business Podcast - Episode 22: What Global Companies Need to...: In this episode, Mike Burke and Alan Minsk discuss what global companies need to know about cross-border business. They provide valuable insights into international business operations and regulations. Source: JDSupra

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. We've covered everything from Dell's critical security vulnerabilities to the latest patch updates, and even the vulnerability of water treatment facilities. Remember, staying informed is your first line of defense in this ever-evolving cyber landscape. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to stay one step ahead of the cyber threats. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily. Until then, keep your data secure and your systems patched.