Welcome to today's issue of ONSEC Cyber Daily! We're diving into a whirlwind of cyber threats and security patches. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about ransomware gangs exploiting the Cleo 0-Day vulnerability, a situation reminiscent of the MOVEit hack campaign. Despite a patch being released for CVE-2024-50623, it seems the issue is not fully resolved, leaving systems vulnerable to attacks. In the tech world, Samsung and Apple have been busy addressing critical vulnerabilities. Samsung's Galaxy S24 received a high-priority security fix, while Apple patched 20 security vulnerabilities with its iOS 18.2 update. However, the Cleo MFT Zero-Day exploits are set to surge, and the security community is raising concerns about the delay in CVE designation. Hackers are also scanning RDP services, especially Port 1098, for exploitation. This comes after the December 2024 update addressed multiple critical RDP vulnerabilities. Meanwhile, IoT devices are being hacked without physical access, and Apple was forced to patch an iOS and macOS security flaw that could have leaked private information. In the podcast world, we have a variety of episodes discussing everything from OTP hacks scams to how AI, security, and inclusion have redefined government in 2024. We also have an interview with the University of Richmond's CTF Winning Team and a discussion on the 25th anniversary of CVE. Stay tuned for more updates and remember to patch your systems regularly to stay ahead of cyber threats. Stay safe and secure!

Exploits Alert

1. CISA Warns of Cleo 0-Day Vulnerability Exploited by Ransomware Gangs: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a zero-day vulnerability in Cleo that is being exploited by ransomware gangs. This incident is similar to the MOVEit hack campaign where cybercriminals exploited a zero-day in Progress Software's file transfer software. Source: Cybersecurity News
2. CISA warns of ransomware gangs exploiting Cleo, CyberPanel bugs: CISA has also warned of two recently disclosed vulnerabilities in Cleo and CyberPanel that are being used by ransomware gangs to launch attacks. The agency is urging users to update their systems to protect against these threats. Source: The Record

Vulnerabilities & Patches

1. CISA Warns of Cleo 0-Day Vulnerability Exploited by Ransomware Gangs: The vulnerability, CVE-2024-50623, initially thought to be patched, is still being exploited by ransomware gangs. Security researchers from Huntress have raised concerns about the inadequacy of the patch. Source: cybersecuritynews.com
2. Samsung Galaxy S24 Receives a High-priority Security Fix: Samsung has released a critical patch, CVE-2024-49415, for the Galaxy S24 in response to a privately disclosed report. The severity of the vulnerability necessitated a high-priority fix. Source: whatmobile.com.pk
3. Apple Patches 20 Security Vulnerabilities With iOS 18.2: Apple has addressed multiple security issues, including a malicious app vulnerability, CVE-2024-54526, with the release of iOS 18.2. The patch fixes issues with call muting, Lock Screen privacy, and malicious processing. Source: msn.com
4. Hackers Scanning RDP Services Especially Port 1098 For Exploitation: The December 2024 update addressed multiple critical RDP vulnerabilities, including CVE-2024-49106 and CVE-2024-49108. Hackers are actively scanning RDP services, especially port 1098, for exploitation. Source: cybersecuritynews.com
5. Apple Forced to Patch iOS and macOS Security Flaw: Apple has patched a security flaw, CVE-2024-44131, in iOS and macOS that could have leaked private information. The vulnerability stems from the framework's elevated privileges, which can be exploited. Source: techradar.com

Podcasts

1. Podcast Cyber Expert Amit Dubey - OTP Hacks Scam: In this episode, Cyber Security Podcast discusses the dangers of small mistakes leading to cyber criminal attacks, specifically focusing on OTP Hacks Scam. Source: YouTube.
2. How AI, Security, Inclusion Redefined Government in 2024: This podcast episode explores how AI, security, and inclusion have redefined government operations in 2024. It's available on various platforms including YouTube, Apple Podcasts, Spotify, and Audacy. Source: GovTech.
3. Podcast Episode 21: Interview with the University of Richmond's CTF Winning Team: Celebrating the growing interest in cybersecurity at the University of Richmond, this episode features an interview with the university's CTF winning team. Source: Security Boulevard.
4. Hackers in handcuffs - CyberWire: This episode from CyberWire discusses the legal consequences for hackers, featuring insights from podcast host and CyberWire founder, Dave Bittner. Source: CyberWire.
5. BTS #43 - CVE Turns 25 - Security Boulevard: In this episode, Paul Asadoorian, Alec Summers, and Lisa Olson discuss the 25th anniversary of CVE (Common Vulnerabilities and Exposures). Source: Security Boulevard.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, we hope you found the information on the Cleo 0-Day vulnerability, the latest patches from Apple, Samsung, and other tech giants, and the ongoing exploits by ransomware gangs insightful. The cyber landscape is constantly evolving, and staying informed is our first line of defense. Remember, the CVE-2024-50623 was thought to be patched, but it seems the cybercriminals are always one step ahead. It's a constant game of cat and mouse, and we're here to ensure you're always in the loop. In the spirit of sharing knowledge and enhancing our collective security, we urge you to share this newsletter with your friends and colleagues. Let's spread the word and fortify our defenses against these cyber threats. Also, don't forget to check out the latest episodes from our recommended cybersecurity podcasts. They offer a deep dive into the world of cybersecurity and are a great resource for anyone looking to expand their knowledge. Stay safe, stay informed, and let's fight the cyber threats together. Until next time, this is ONSEC Cyber Daily, signing off.