ONSEC Cyber Daily: A Christmas Full of Cyber Threats and Fixes Ho Ho Ho! Merry Christmas, ONSEC readers! While you're enjoying the holiday cheer, cyber threats are not taking a break. Today, we unwrap some serious vulnerabilities and the actions taken to patch them up. IBM has sounded the alarm with a security bulletin warning of two vulnerabilities that could allow attackers to launch a Denial of Service attack. Meanwhile, the Apache Software Foundation is on high alert with a critical vulnerability in Apache HugeGraph-Server that could let attackers gain control. But wait, there's more! Apache Traffic Control has been hit with a critical SQL injection flaw, rated a whopping 9.9 CVSS. Thankfully, a patch is already in place. Adobe and WordPress are also facing critical security threats, urging users to patch vulnerabilities as quickly as possible. In lighter news, the AI Fix #30 podcast episode reveals a devastating truth about Santa. And if you're looking for insights into the future of cybersecurity, don't miss the latest episode of the Control System Cyber Security Association Podcast. Stay safe, stay informed, and have a Merry Cyber-Secure Christmas with ONSEC Cyber Daily!

Exploits Alert

1. IBM AIX TCP/IP Vulnerability: IBM has issued a security bulletin warning of two vulnerabilities that allow attackers to exploit and launch a Denial of Service attack. The vulnerabilities are part of the TCP/IP stack, affecting the availability of the system. Source: GBHackers
2. Apache Auth-Bypass Vulnerability: The Apache Software Foundation has issued a security alert regarding a critical vulnerability in Apache HugeGraph-Server. This vulnerability allows attackers to bypass authentication and gain control over the server, posing a significant threat to data security. Source: GBHackers

Vulnerabilities & Patches

1. Critical SQL Injection Vulnerability in Apache Traffic Control (CVE-2024-45387): Apache Traffic Control 8.0.2 has released a patch for a critical SQL injection flaw, rated 9.9 on the CVSS scale. The vulnerability targets privileged users and immediate patching is recommended. Source: The Hacker News
2. Adobe and WordPress Critical Security Threats: Adobe and WordPress are facing critical security threats and are urging users to patch vulnerabilities as quickly as possible. Adobe has classified the vulnerability as CVE-2024-xxxxx and recommends updating to Adobe ColdFusion 2023 (Update 12) within 72 hours. Source: Evrim Ağacı

Podcasts

1. The AI Fix #30: ChatGPT reveals the devastating truth about Santa (Merry Christmas!): This episode of the award-winning cybersecurity podcast, The AI Fix, features a discussion about the AI model, ChatGPT, and its surprising revelations about Santa Claus. The podcast also covers various cybersecurity topics, keeping the listeners updated about the latest trends and threats. Source: grahamcluley.com/the-ai-fix-30
2. 120: ResetCon and the Future of Cybersecurity: Insights from Jay Warren: This episode of the Control System Cyber Security Association International podcast features Jay Warren discussing the future of cybersecurity. The conversation revolves around ResetCon, a cybersecurity conference, and the insights gathered from it. Source: ivoox.com/120-resetcon-and-the-future-of-cybersecurity-insights

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. We've covered everything from IBM's TCP/IP vulnerabilities to Apache's auth-bypass vulnerability, and even the critical security threats facing Adobe and WordPress. We've also touched on the latest episodes of some top cybersecurity podcasts. Remember, in the world of cybersecurity, knowledge is power. The more we know, the better we can protect ourselves and our digital assets. So, don't keep this valuable information to yourself. Share ONSEC Cyber Daily with your friends, colleagues, and anyone else who could benefit from staying updated on the latest in cybersecurity news. Stay safe, stay informed, and we'll see you in the next edition of ONSEC Cyber Daily. Until then, keep your data secure and your systems patched.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)