Good morning ONSEC Cyber Daily readers, Today's issue is packed with critical updates from the cybersecurity world. We start with a warning from Amazon about three high-rated vulnerabilities that have hit their cloud, as reported by veteran cybersecurity writer, Davey Winder. In airline news, Japan Airlines has been hit by a cyberattack, causing delays to over 40 flights during the holiday season. The details of the attack are still under investigation, but it's a stark reminder of the havoc cyber threats can cause. Meanwhile, Chinese technology firms have been targeted by a cyberattack launched from the USA, resulting in the theft of substantial amounts of sensitive commercial secrets and intellectual property. IBM has issued a security bulletin warning of two vulnerabilities in their AIX TCP/IP, which could potentially be exploited to launch a Denial of Service attack. Similarly, the Apache Software Foundation has alerted users to a critical vulnerability in Apache HugeGraph-Server. Adobe has issued an out-of-band security update for its ColdFusion software, addressing a serious vulnerability. Another critical vulnerability has been found in Apache Traffic Control, rated 9.9 CVSS, and users are urged to patch now. In our podcast corner, we feature an interview with Haroon Meer on PSW Vault, where cybersecurity takes center stage. Stay safe, stay updated, and we'll see you in the next issue of ONSEC Cyber Daily.

Exploits Alert

1. Amazon Security Warning As 3 High-Rated Vulnerabilities Hit Cloud: Amazon has been hit with three high-rated vulnerabilities, prompting a security warning. Veteran cybersecurity writer, hacker, and analyst, Davey Winder, urges users to report any rule-breaking activities. Source: Forbes
2. Cyberattack Disrupts Japan Airlines Operations, Delays Over 40 Flights: Japan Airlines was disrupted by a cyberattack, causing delays to over 40 flights. Investigations into the cyberattack are ongoing. Source: The Cyber Express
3. USA Launched Cyber Attack on Chinese Technology Firms: The USA has launched a cyber attack on Chinese technology firms, leading to the theft of substantial amounts of sensitive commercial secrets and intellectual property. Source: GBHackers
4. Apache Auth-Bypass Vulnerability Lets Attackers Gain Control Over HugeGraph-Server: The Apache Software Foundation has issued a security alert regarding a critical vulnerability in Apache HugeGraph-Server, allowing attackers to gain control. Source: GBHackers

Vulnerabilities & Patches

1. Adobe Patches Critical ColdFusion Vulnerability: Adobe has released an urgent security update for its ColdFusion software to address a serious vulnerability. The flaw, identified as CVE, could potentially be exploited by cybercriminals to compromise affected systems. Users are urged to apply the patch immediately. Source: Evrim Ağacı.
2. Critical SQL Injection Vulnerability in Apache Traffic Control: A severe SQL injection vulnerability, tracked as CVE-2024-27956, has been identified in Apache Traffic Control. The flaw carries a CVSS score of 9.9 out of 10, indicating its high severity. All versions of the plugin prior to 3.9 are affected. Users are advised to patch their systems without delay. Source: IT Security News.

Podcasts

1. Hacker Heroes – Haroon Meer – PSW Vault: This podcast features an interview with Haroon Meer, a prominent figure in cybersecurity. The discussion revolves around his experiences and insights in the field, providing valuable information for both newcomers and veterans in cybersecurity. Source: SC Media
2. 2024 Healthcare IT Year in Review – Healthcare IT Today: This episode provides a comprehensive review of the major events and trends in healthcare IT for the year 2024. It offers a unique perspective on the intersection of healthcare and technology, making it a must-listen for professionals in these sectors. Source: Healthcare IT Today

Bonus from ONSEC:

Top 10 Movies About Hackers for the Holiday Season

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. From the high-rated vulnerabilities hitting Amazon's cloud to the cyberattack disrupting Japan Airlines, the cyber world never sleeps. We've also seen the USA launching a cyber attack on Chinese tech firms and critical vulnerabilities in IBM AIX TCP/IP, Apache, and Adobe ColdFusion. Remember, knowledge is power. The more we know, the better we can protect ourselves and our businesses. So, let's stay vigilant, keep our systems updated, and always be on the lookout for the latest patches. If you found today's newsletter helpful, why not share it with your friends and colleagues? They might find it useful too. And don't forget to tune in to our recommended podcasts for more insights into the world of cybersecurity. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)