Cyber Daily 12/3: Log4Shell Exploits in VMware, Cisco's Decade-Old ASA WebVPN Vulnerability, Australia's CISC Guidance, Samsung's Security Patch, Windows Driver Vulnerability
Welcome to the ONSEC Cyber Daily newsletter for December 3rd, 2024. Today, we delve into the most exploited vulnerabilities of 2023 and how they are shaping the cybersecurity landscape for 2025. We'll discuss how nation-state actors and cybercriminals have leveraged Log4Shell in various campaigns, including its notable use in VMware Horizon systems. We also bring you an alert from Cisco about the exploitation of a decade-old ASA WebVPN vulnerability. Meanwhile, Australia's CISC is providing guidance on vulnerability assessments for critical infrastructure, and we'll look at the small number of vulnerabilities patched in the last Android security update of 2024. In the world of tech, Samsung is set to unveil AR Glasses at the Galaxy S25 launch, and we'll detail the December 2024 security patch for Samsung Galaxy devices. We'll also explore how hackers can exploit a Windows driver use-after-free vulnerability and the risks posed by the NachoVPN attack to corporate VPN clients. Finally, we'll share insights from various cybersecurity podcasts, including discussions on reducing cyberattack risks with Illumio's Zero Trust Model, the scientific reasons you can't resist holiday sales on Cyber Monday, and the steps you can take after a data breach. Stay tuned for these stories and more in today's ONSEC Cyber Daily. Stay safe, stay informed.
Exploits Alert
- Most Exploited Vulnerabilities of 2023 (Insights to Define Cybersecurity in 2025): Nation-state actors and cybercriminals have been exploiting Log4Shell in various campaigns, notably in VMware Horizon systems. This highlights the importance of constant vigilance and timely patching in cybersecurity. Source: SOCRadar.
- Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability: Cisco has issued an alert about the exploitation of a decade-old ASA WebVPN vulnerability. This underscores the need for organizations to regularly update and secure their networking systems to prevent cyber attacks. Source: The Hacker News.
- Australia's CISC provides guidance on vulnerability assessments for critical infrastructure: The Australian CISC has provided guidance on conducting vulnerability assessments for critical infrastructure, emphasizing the importance of sharing information and alerts among partners. Source: Industrial Cyber.
- Small number of vulnerabilities patched in last Android security update of 2024: The last Android security update of 2024 patched a small number of vulnerabilities, highlighting the ongoing efforts by tech companies to secure their platforms and protect users from cyber threats. Source: CyberScoop.
- The international effort making digital spaces safer: A major cybercrime crackdown by Interpol has resulted in the arrest of hundreds of suspects and the recovery of millions in stolen funds, demonstrating the effectiveness of international cooperation in combating cybercrime. Source: CyberWire.
Vulnerabilities & Patches
- Samsung Galaxy Z Fold Special Edition November 2024 Patch: Samsung has begun updating its Galaxy Z Fold Special Edition with a November 2024 patch, addressing vulnerabilities CVE-2024-38408, CVE-2024-43096, and CVE-2024-43770. Users are advised to update their devices as soon as possible. Source: Sammy Fans
- Windows Driver Use-After-Free Vulnerability (CVE-2024-38193): A critical use-after-free vulnerability, CVE-2024-38193, has been discovered in the Windows driver afd.sys, affecting the Registered I/O (RIO). Users are urged to apply patches as soon as they become available. Source: Cybersecurity News
- NachoVPN Attack on Corporate VPN Clients: An attack dubbed "NachoVPN" is targeting corporate VPN clients, such as Palo Alto and SonicWall SSL-VPN clients, by exploiting unpatched vulnerabilities. Companies are advised to update their VPN clients to the latest versions to mitigate the risk. Source: Latest Hacking News
- Android Security Update December 2024 (CVE-2024-43767): The last Android security update of 2024 patches a vulnerability, CVE-2024-43767, that allows for remote code execution. Android users are encouraged to update their devices immediately. Source: CyberScoop
- Billion Electric 4G/LTE Routers Patch (CVE-2024-11980): Router models M100, M150, M120N, and M500 have been patched to address a catastrophic CVSS level 10 severity flaw, CVE-2024-11980. Users of these router models are urged to apply the patch immediately. Source: Tom's Hardware
Podcasts
- 3107: Reducing Cyberattack Risks by 90% with Illumio's Zero Trust Model: In this episode of Tech Talks Daily, John Kindervag, SVP of Cybersecurity Strategy at Illumio, discusses the Zero Trust Model and how it can significantly reduce cyberattack risks. Source: iHeart
- The Corporate Counsel Show: Are business leaders taking cyber security seriously?: This episode of Cyber Uncut, produced by Lawyers Weekly, delves into the importance of cybersecurity in the corporate world and whether business leaders are giving it the attention it deserves. Source: Lawyers Weekly
- How useful, really, are the steps you can take after a data breach? : Planet Money: This episode from NPR's Planet Money podcast explores the effectiveness of measures taken post-data breach, providing listeners with practical advice on cybersecurity and privacy. Source: NPR
- The international effort making digital spaces safer. - CyberWire: Episode 2200 of the CyberWire Daily Podcast discusses the global efforts being made to enhance cybersecurity and make digital spaces safer for everyone. Source: CyberWire
- Non-malicious cyber failure: Lessons from CrowdStrike - MinterEllisonRuddWatts: This podcast episode from MinterEllisonRuddWatts provides insights into non-malicious cyber failures, using lessons learned from cybersecurity firm CrowdStrike. Source: MinterEllisonRuddWatts
Final Words
And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We've covered everything from the most exploited vulnerabilities of 2023 to the latest cybersecurity updates from Samsung and Microsoft. We've also highlighted some intriguing podcasts that delve into the world of cybersecurity. Remember, in the digital world, knowledge is your best defense. Stay informed, stay secure. If you found today's newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to make the cyber world a safer place for all. Till next time, stay safe and secure!