Welcome to today's issue of ONSEC Cyber Daily, where we bring you the most impactful cybersecurity news in a digestible format. In today's headlines, hundreds of organizations have fallen victim to cyberattacks exploiting undocumented vulnerabilities in DrayTek. The cybersecurity vendor Forescout has issued a warning about these unverified vulnerabilities, highlighting the importance of staying vigilant and updated on potential threats. In an effort to protect water and wastewater systems from cyber threats, new guidelines have been issued by CISA and EPA. These guidelines emphasize the vulnerability of exposed OT/ICS systems and the potential for cyber threat adversaries to exploit these weaknesses. Meanwhile, the FBI and CISA have issued a warning about the security of cross-platform texting between Android and Apple devices. This comes after a historic and sophisticated cyberattack that has raised concerns about the security of these communication channels. In the medical field, a remote code execution vulnerability has been discovered in medical imaging. This vulnerability, along with several others, is being closely monitored by cybersecurity news outlets. Google has issued a new security alert for Android Chrome, urging users to update their systems to protect against a serious zero-day vulnerability. This vulnerability, CVE 2024-12345, has been linked to cybercrime. In other news, the Clop ransomware group has claimed responsibility for data theft attacks on Cleo, exploiting a vulnerability now tracked as CVE-2024-55956. This comes as a new Android spyware, NoviSpy, has been linked to Qualcomm zero-day bugs. Finally, we wrap up with a recap of the top cybersecurity threats, tools, and tips from The Hacker News. This week has seen silent attacks, new vulnerabilities, and major wins by law enforcement in the cybersecurity world. Stay tuned for more updates and remember, staying informed is the first step towards staying secure.

Exploits Alert

1. Undocumented DrayTek Vulnerabilities Exploited to Hack Hundreds of Orgs: Cybersecurity vendor Forescout has issued a warning about an unverified vulnerability in DrayTek that has been exploited to hack hundreds of organizations. The details of the vulnerability are yet to be confirmed. Source: SecurityWeek
2. New CISA and EPA guidelines aim to shield water and wastewater systems from cyber threats: The alert highlights the vulnerability of OT/ICS systems in water and wastewater systems, which may allow cyber threat adversaries to use default credentials and conduct unauthorized activities. The new guidelines aim to mitigate these threats. Source: Industrial Cyber
3. FBI, CISA issue warning for cross Apple-Android texting: The FBI and CISA have issued a warning about the security of texts between Android and Apple devices. This follows reports of a historic and sophisticated cyberattack exploiting this vulnerability. Source: Security Intelligence
4. Tic TAC Alert: A Remote Code Execution Vulnerability in Medical Imaging: A remote code execution vulnerability has been identified in medical imaging systems. This vulnerability could potentially allow cyber attackers to gain unauthorized access to sensitive medical data. Source: Cyber Security News
5. Google's New Android Chrome Security Alert: Update Now to Stay Safe!: Google has issued a security alert for its Android Chrome users, urging them to update their browsers to resolve a serious zero-day vulnerability (CVE 2024-12345) that could be exploited by cybercriminals. Source: PCQuest

Vulnerabilities & Patches

1. CVE-2024-55956: Cleo Data Theft Attacks: The Cl0p ransomware group has claimed responsibility for exploiting a vulnerability in Cleo's file transfer software, now tracked as CVE-2024-55956. The threat actors used this vulnerability to conduct data theft attacks. Source: Bleeping Computer
2. Qualcomm Zero-Day Bugs: NoviSpy Spyware: The Serbian government has reportedly exploited zero-day vulnerabilities in Qualcomm to infect Android devices with a new spyware named 'NoviSpy.' Source: Bleeping Computer
3. CVE-2024-50623: Cleo File Transfer Vulnerabilities: Cleo's file transfer software, including Cleo Harmony, VLTrader, and LexiCom, has been actively exploited due to vulnerabilities tracked as CVE-2024-50623. Source: SOCRadar
4. CVE-2024-12345: Android Chrome Security Alert: Google has issued a security alert for Android Chrome, urging users to update their software to fix a critical flaw tracked as CVE-2024-12345. This update will protect devices from potential cyberattacks. Source: PCQuest
5. CVE-2024-55946: Playloom Engine Data Storage Vulnerability: A security vulnerability has been identified in the Playloom Engine Beta v0.0.1, an open-source, high-performance game development engine. The vulnerability is tracked as CVE-2024-55946. Source: SystemTek

Podcasts

1. CISO Series: Health chatbot exposed, credit union attack, new IoT weapon: An AI-driven insurance chatbot was found to be vulnerable to cyber attacks. In addition, a South Carolina credit union was targeted by hackers, and a new IoT cyberweapon is being used against the US and Israel. Source: CISO Series
2. ESET Threat Report H2 2024: Key findings - WeLiveSecurity: ESET's Chief Security Evangelist, Tony Anscombe, discusses the key findings from the company's H2 2024 Threat Report, providing insights into the future of cybersecurity in 2025. Source: WeLiveSecurity
3. CIO Podcast – Episode 86: Cybersecurity Needs with Kate Pierce | Healthcare IT Today: In this episode, Kate Pierce, a senior vCISO and Executive Director of Govt, discusses the cybersecurity needs of the healthcare industry. Source: Healthcare IT Today
4. Shared Security Podcast – Episode 359: Hack-for-Hire Campaign Targeting Climate Activists, Government Hypocrisy on Encryption: This episode explores a hack-for-hire operation that allegedly targeted over 500 climate activists and discusses the government's hypocrisy on encryption. Source: Security Boulevard
5. Stop the World: Building cyber resilience with Lieutenant General Michelle McGuinness: In this episode, ASPI's Executive Director Justin Bassi speaks with Australia's National Cyber Security Coordinator Lieutenant General Michelle McGuinness about building cyber resilience. Source: ASPI

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. As we navigate the ever-evolving landscape of cybersecurity, it's crucial to stay informed and vigilant. From the exploitation of DrayTek vulnerabilities to the new CISA and EPA guidelines, and from the cross-platform texting warning to the latest ransomware attacks, we've covered a lot of ground today. Remember, knowledge is power, and sharing this power can make a world of difference. So, don't keep this valuable information to yourself. Share this newsletter with your friends, colleagues, and anyone else who could benefit from staying one step ahead of cyber threats. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily.