Welcome to the ONSEC Cyber Daily newsletter for December 17th. Today, we're diving into the escalating wave of tech outages and cybercrime losses, as reported by Macleans and Cybersecurity Ventures. We'll also explore North Korea's cyberattack strategies, Iran's advancing cyber capabilities, and CISA's 2024 milestones in cyber defense and infrastructure protection. In the realm of vulnerabilities, we'll discuss the critical Windows kernel vulnerability and the official warning issued by the U.S. cybersecurity regulator, CISA. We'll also touch on the FBI's warning about HiatusRAT malware attacks on web cameras and DVRs, and the Cleo File Transfer vulnerability. We'll also delve into the new CISA and EPA guidelines aimed at protecting water and wastewater systems from cyber threats, and the FBI and CISA's warning about cross Apple-Android texting. In patching news, we'll cover the recent warnings to patch dangerous Windows kernel bugs, Automox becoming an authorized CVE Numbering Authority, and the new Microsoft Windows security deadline set by CISA. Finally, we'll wrap up with some podcast highlights, including discussions on cloud security for SMBs, Russian disinformation campaigns, and the year in cybersecurity. Stay tuned for these stories and more in today's ONSEC Cyber Daily.

Exploits Alert

1. More Frequent—and Disruptive—Tech Outages Are on the Way: Cybersecurity Ventures predicts an increase in global cybercrime losses, encompassing lost revenue and reputational damage. The rise in tech outages is expected to contribute significantly to these losses. Source: Macleans.ca
2. CISA's 2024 Year in Review: The report highlights the advancements in cyber defense and infrastructure protection. It also points out the increasing use of cyberattacks by North Korea for intelligence gathering, system disruption, and revenue generation. Source: Industrial Cyber
3. Critical Windows Kernel Vulnerability: CISA has issued a warning about a critical Windows kernel vulnerability that can easily escalate system privileges. US government agencies are urged to update their Windows systems. Source: Techzine Global
4. CISA Warns of Adobe & Windows Kernel Driver Exploited in Attacks: CISA has issued a warning about vulnerabilities in Adobe and Windows Kernel Driver being exploited in attacks. Timely remediation of these vulnerabilities can better protect organizations from cyberattacks. Source: Cyber Security News
5. FBI Issues Warning About HiatusRAT Malware Attacks on Web Cameras and DVRs: The FBI has issued a warning about HiatusRAT malware attacks on web cameras and DVRs. The cybersecurity company Lumen first identified HiatusRAT. Source: Vulnera

Vulnerabilities & Patches

1. US Government Warns Federal Agencies to Patch Dangerous Windows Kernel Bug: The US government has issued a warning to federal agencies to patch a high severity Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability, tracked as CVE-2024. The bug has a severity score of 7.8. Source: TechRadar
2. Automox Becomes an Authorized CVE Numbering Authority: Automox has become an authorized CVE Numbering Authority, streamlining IT operations through its automated patch management, configuration management, and software deployment solutions. Source: GlobeNewswire
3. New Microsoft Windows Security Deadline—CISA Says Update Before Jan. 6: CISA has advised users to update their Microsoft Windows systems before January 6, 2024, due to the critical vulnerability CVE-2024-35250. Source: Forbes
4. CISA Warns of Exploited Adobe ColdFusion, Windows Vulnerabilities: CISA has issued a warning about an exploited Adobe ColdFusion vulnerability, tracked as CVE-2024-20767, which was patched by Adobe in March 2024. Source: SecurityWeek
5. Critical Windows Kernel Vulnerability Easily Escalates System Privileges: The critical Windows vulnerability CVE-2024-35250, known since June 2024, can easily escalate system privileges. Microsoft has released a patch for this vulnerability. Source: Techzine Global

Podcasts

1. Cloud Security for SMBs: Strategies, Risks, and Resources – Adam John – CSP #205: This podcast episode discusses the importance of cloud security for small and medium-sized businesses, with a focus on strategies, risks, and resources. The episode also features vCISO, Adam John. Source: SC Magazine
2. Riga Security Forum podcast: 'Russian disinformation on both sides of the Atlantic': The Latvian Institute of International Affairs (LIIA) explores the ongoing issue of Russian disinformation campaigns in this podcast episode. Source: LSM.lv
3. The Year in Cybersecurity – 2024 Popular Reads on JD Supra: This podcast provides a year-end recap of the most widely read cybersecurity topics of 2024. Source: JD Supra
4. Rhode Island cyberattack exposes sensitive data - CyberWire: Episode 2210 of the CyberWire Daily Podcast discusses a cyberattack in Rhode Island that exposed sensitive data. Source: The CyberWire
5. Christine Chasse Talks Medical Malpractice on Medical Manners Podcast - Spencer Fane: In this episode, attorney Christine Chasse discusses medical malpractice in the context of cybersecurity on the Medical Manners podcast. Source: Spencer Fane

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, we leave you with a stark reminder of the ever-evolving landscape of cyber threats. From disruptive tech outages to escalating system privileges, the cyber world is a battlefield that requires constant vigilance. Remember, knowledge is power. By staying informed, we can better protect ourselves and our organizations from potential cyberattacks. So, let's continue to learn, adapt, and fortify our defenses in this digital age. If you found today's newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to create a safer cyber world for all. Until tomorrow, stay safe and stay informed.