Welcome to the ONSEC Cyber Daily, your one-stop source for the latest in cybersecurity news. In today's issue, we delve into the critical Adobe ColdFusion vulnerability CVE-2024-53961, a common entry point for cybercriminals. We also discuss the active exploitation risks flagged by CISA for CVE-2021-44207 and the data breach at Ascension due to a malicious file download. We'll also explore the latest vulnerability added to the CISA catalog and why all organizations should prioritize reducing their exposure to cyberattacks. In our commentary section, we'll discuss the common pitfalls businesses face with penetration testing and the importance of effective patch management. We'll also cover the ongoing security risks due to file-transfer software vulnerabilities, despite patches, and the critical Tomcat flaw that could expose your servers to attack. Plus, we'll shed light on the unabated ransomware attacks and the concerning firewall security flaws flagged by Sophos. Finally, we'll wrap up with a roundup of the top 5 Kubernetes CVEs of 2024 and the latest episodes from your favorite cybersecurity podcasts. Stay tuned for a comprehensive look at the cybersecurity landscape. Stay safe and stay informed with ONSEC Cyber Daily.

Exploits Alert

1. Critical Adobe ColdFusion Vulnerability CVE-2024-53961: A serious vulnerability has been discovered in Adobe ColdFusion that could allow cybercriminals to perform path traversal attacks. These attacks are a common method used by hackers to compromise systems, steal data, or escalate their access. Source: The Cyber Express
2. CISA Flags CVE-2021-44207 for Active Exploitation Risks: The Cybersecurity and Infrastructure Security Agency (CISA) has flagged CVE-2021-44207 due to its active exploitation risks. The recent data breach at Ascension was caused by a malicious file download that allowed cybercriminals to access its network. Source: The Cyber Express
3. CISA Adds One Known Exploited Vulnerability to Catalog: CISA has added a new known exploited vulnerability to its catalog. While the directive only applies to FCEB agencies, CISA strongly advises all organizations to reduce their exposure to cyberattacks by prioritizing this vulnerability. Source: CISA
4. The Pen Test Trap: Why Most Businesses Get It Wrong: Many businesses are falling into the 'pen test trap', misunderstanding the purpose and execution of penetration testing. This misunderstanding can lead to a false sense of security and increased vulnerability to cyberattacks. Source: MSSP Alert

Vulnerabilities & Patches

1. Data security risk due to file-transfer software vulnerabilities (CVE-2024-55956): Despite a patch being released, attackers continue to exploit this vulnerability via a backdoor, posing a significant data security risk. Source: Lexology
2. Critical Tomcat Flaw (CVE-2024-56337): This vulnerability serves as a critical reminder for Tomcat users. Despite an initial patch in December, the system remains vulnerable to attacks. Source: Dataconomy
3. Ransomware attacks exploiting patch bypass (CVE-2024-55956): A patch was released but was incomplete, resulting in threat actors actively exploiting a bypass of this patch. Source: The Jharkhand Story
4. CISA Flags CVE-2021-44207 for Active Exploitation Risks: The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability, urging for timely patch management. Source: The Cyber Express
5. Apache fixes remote code execution bypass in Tomcat web server (CVE-2024-50379): A critical remote code execution (RCE) vulnerability was patched on December 17, but the security issue remains a concern. Source: Bleeping Computer

Podcasts

1. IPS Assembly Highlights Success with Cetec ERP in ERP Talks Podcast Episode: Tej Sutariya, Chief Information Security Officer and Head of Sales Strategy at IPS Assembly, discusses the success of Cetec ERP in this enlightening podcast episode. Source: Electronics Media
2. Say Easy, Do Hard, Minimum Viable Security – Part 1 – Jon Fredrickson – BSW Vault: This episode from the BSW Vault features a discussion on the challenges of implementing minimum viable security, hosted by Matt Alderman. Source: SC World
3. Court puts the 'spy' in spyware - CyberWire: This episode from CyberWire delves into the world of spyware, with insights from security podcast host and CyberWire founder, Dave Bittner. Source: The CyberWire
4. 2024 Healthcare IT Year in Review – Healthcare IT Today Podcast Episode 156: The 156th episode of the Healthcare IT Today Podcast, sponsored by Pure Storage, provides a comprehensive review of the year 2024 in Healthcare IT. Source: Healthcare IT Today

Final Words

And that's a wrap for today's ONSEC Cyber Daily. We've covered everything from critical vulnerabilities in Adobe ColdFusion and Apache Tomcat, to the latest exploits and patches. Remember, staying informed is your first line of defense in the ever-evolving world of cybersecurity. We hope you found this information valuable and we encourage you to share this newsletter with your friends and colleagues. After all, cybersecurity is a shared responsibility and the more we know, the safer we are. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily.