Welcome to the ONSEC Cyber Daily for December 21st. Today's issue is packed with critical updates and alerts from the cyber world. We start with a stern warning from Forbes about certain apps that pose a threat to iPhone and Android users. The U.S. government's cyber defense agency advises against using a personal virtual private network due to vulnerabilities in open texting across cellular networks. In other news, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a cybersecurity alert over Chinese hacking threats, emphasizing the vulnerability of unencrypted SMS messages and phone calls to interception. The agency has also alerted about exploits in Cisco's Smart Install, following recent cybercrime incidents. We also cover the Rapido data breach, where user and driver information was exposed via a vulnerable feedback form. The BeyondTrust remote support SaaS was hit by a vulnerability, leading to a spike in cyberattack disclosures to the SEC. In the realm of cyber espionage, a campaign named "Salt Typhoon" has revealed vulnerabilities in U.S. telecommunications companies, leading to stark warnings from U.S. officials. On the tech front, Google has issued a security warning for 3 billion Chrome users, urging them to update their browsers immediately. Sophos has fixed critical vulnerabilities in its Firewall product, and BeyondTrust's Privileged Remote Access and Remote Support solutions have been exploited due to vulnerabilities. We also highlight the critical file upload vulnerability in Apache Struts2, and the suspected Chinese malware operation menacing IoT devices with Hiatus RAT. Cleo Software is being exploited by Cl0p, but the company has released multiple patches to address the issue. Finally, we bring you the latest from the podcast world, with episodes discussing cybersecurity, Tesla's self-driving computer failure, financial education, and keeping the farm safe in the digital age. Stay tuned for more updates and remember, staying informed is the first step towards cybersecurity.

Exploits Alert

1. New iPhone, Android Warning—Do Not Install These Apps: A new vulnerability has been discovered in both iPhone and Android devices, which allows open texting across cellular networks. The U.S. government's cyber defense agency advises against using a personal virtual private network. Source: Forbes
2. U.S. Government Issues Cybersecurity Alert Over Chinese Hacking Threats: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about unencrypted SMS messages and phone calls being vulnerable to interception by Chinese hackers. Source: Mobile ID World
3. Rapido Data Breach: User and Driver Information Exposed via Vulnerable Feedback Form: A data breach at Rapido has exposed user and driver information via a vulnerable feedback form. The cybercrime was busted by Uttarakhand STF, with Rs 45.4 Lakh recovered. Source: The420.in
4. Cisco Vulnerability: CISA Alerts Of Smart Install Exploits: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about a vulnerability in Cisco's Smart Install feature, following recent cybercrime incidents. Source: Security Boulevard
5. Cyber Espionage Leads to Stark Warning From US Officials: A cyber espionage campaign, "Salt Typhoon," has revealed vulnerabilities in U.S. telecommunications companies, including AT&T and Verizon, leading to a stark warning from US officials. Source: MSN

Vulnerabilities & Patches

1. Google's Security Warning For 3 Billion Chrome Users—Update Now: Google has issued an urgent security update for all Chrome users due to a type confusion vulnerability (CVE-2024-12692) in the Chrome V8. Users are advised to update their browsers immediately to protect against potential exploitation. Source: Forbes.
2. Sophos fixed critical vulnerabilities in its Firewall product: Sophos has backported a patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. Users of Sophos Firewall are urged to apply the patch as soon as possible. Source: IT Security News.
3. Suspected Chinese malware operation menacing IoT devices with Hiatus RAT: IoT devices are being targeted by a suspected Chinese malware operation using the Hiatus RAT. Administrators are advised to include connected devices in regular patch updates for known CVE vulnerabilities to prevent exploitation. Source: SC Media.
4. Cl0p Exploiting Cleo Software: Cleo has released multiple patches for a CVE vulnerability that has been exploited by the Cl0p ransomware group. Users are urged to apply the patches immediately to fix the issue and protect their systems. Source: JD Supra.

Podcasts

1. Week in Review: Breach study, Nebraska sues ChangeHealthcare - CISO Series: This podcast episode discusses the impact of data breaches and Nebraska's lawsuit against ChangeHealthcare. The host also explores the exploitation of Teams AnyDesk. Source: CISO Series.
2. Ukraine's fight to restore critical data - CyberWire: Episode 2214 of the CyberWire Daily Podcast delves into Ukraine's efforts to restore critical data amidst cyber threats. Source: CyberWire.
3. Podcast: Tesla self-driving computer failure, Cybertruck issues, Honda/Nissan merger, and more: This podcast discusses Tesla's self-driving computer failure, Cybertruck's problems, and the potential Honda/Nissan merger. Source: Electrek.
4. Express Media Group, 1Link, GroupM launch podcast series on financial education: This 12-episode podcast series addresses critical issues such as cybersecurity, banking fraud, and the role of technology in digital payments. Source: Express Tribune.
5. Mind Your Farm Business — Ep. 101: Keeping the farm safe in the digital age: This episode of the Mind Your Farm Business podcast features a cybersecurity expert discussing how to keep farms safe in the digital age. Source: Real Agriculture.

Final Words

That's a wrap for today's edition of ONSEC Cyber Daily. We've covered everything from the latest app warnings for iPhone and Android users, to the recent cybersecurity alerts issued by the U.S. government. We've also delved into the world of cybercrime, discussing data breaches, vulnerabilities, and the ever-evolving landscape of cyber espionage. Remember, staying informed is your first line of defense against these digital threats. So, don't forget to update your devices and applications regularly, and always be cautious of the apps you install and the networks you connect to. If you found today's newsletter helpful, why not share it with your friends and colleagues? Let's spread the word and help each other stay safe in this interconnected digital world. Stay tuned for tomorrow's edition where we'll bring you more updates from the world of cybersecurity. Until then, stay safe and stay informed.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)