Welcome to the last ONSEC Cyber Daily of 2024! Today, we're diving into a series of critical vulnerabilities and patches that have been making waves in the cybersecurity world. First up, we're looking at the critical Apache vulnerabilities, including CVE-2024-43441, which has been flagged by Singapore's Cyber Security Agency. The agency has urged users to update their systems as soon as possible to protect against potential attacks. Next, we'll delve into the recent cyberattack on American Addiction Centers, which exposed the personal data of over 400,000 individuals. This incident underscores the importance of robust security practices and proactive patch management. We'll also discuss the discovery of CVE-2024-21182, a vulnerability in Oracle's WebLogic Server that allows attackers to compromise the server remotely. Oracle is expected to release a security patch as part of its Critical Patch Update (CPU). In addition, Palo Alto Networks has patched CVE-2024-3393, a vulnerability that has been exploited for DoS attacks against the company's firewalls. Lastly, we'll touch on the CISA's 2024 KEV Catalog Update, which highlights that some of the earliest vulnerabilities, like CVE-2002-0367, continue to pose a risk and are being leveraged in ransomware attacks. We'll also be sharing insights from the top episodes of various cybersecurity podcasts, including the Security Clearance Careers Podcast, the CIO Podcast, and the Shared Security Podcast. Stay tuned for these stories and more in today's ONSEC Cyber Daily. Stay safe, stay updated, and see you in 2025!

Exploits Alert

1. CVE-2024-43441 - Critical Apache Vulnerabilities: A September 2024 cyberattack on American Addiction Centers exposed the personal data of 422,424 individuals, including Social Security numbers. Source: The Cyber Express

Vulnerabilities & Patches

1. Oracle WebLogic Server Vulnerability Lets Attackers Compromise the Server Remotely: A new vulnerability, CVE-2024-21182, has been discovered in Oracle's WebLogic Server that could allow attackers to compromise the server remotely. This highlights the importance of proactive patch management and robust security practices. Source: Cybersecurity News
2. Palo Alto Networks Patches Firewall Zero-Day Exploited for DoS Attacks: Palo Alto Networks has patched a zero-day vulnerability, CVE-2024-3393, that was being exploited for DoS attacks against the company's firewalls. Source: Security Week
3. CISA's 2024 KEV Catalog Update: Vulnerabilities and Trends: The Cybersecurity and Infrastructure Security Agency's (CISA) 2024 Known Exploited Vulnerabilities (KEV) catalog update reveals that some vulnerabilities dating back to 2002, like CVE-2002-0367, continue to pose a risk and are being leveraged in ransomware attacks. Source: The Cyber Express
4. Patch Now: Singapore's Cyber Security Agency Flags Critical Apache Flaws: Singapore's Cyber Security Agency has issued an urgent advisory highlighting several critical security vulnerabilities in Apache software products, including CVE-2024-43441. Users are urged to update as soon as possible. Source: TechNadu
5. Four-Faith Industrial Routers Vulnerability Exploited in the Wild to Gain Remote Access: A vulnerability, CVE-2024-12856, in Four-Faith Industrial Routers is being exploited in the wild to gain remote access. Users are advised to consult Four-Faith for available firmware updates or patches. Source: GBHackers

Podcasts

1. Top 5 Episodes of the Security Clearance Careers Podcast: This podcast series provides insights into the intricacies of security-related careers. The top 5 episodes of 2024 are highlighted in this review. Source: ClearanceJobs
2. CIO Podcast – Episode 87: CHIME and KLAS Synergy Awards with Jeffrey Sturman: In this episode of the CIO podcast, Jeffrey Sturman, Senior Vice President and Chief Digital Officer, discusses the CHIME and KLAS Synergy Awards. Source: Healthcare IT Today
3. Cyberhaven extension hacked, ZAGG breach, Volkswagen leak - CISO Series: This episode of the CISO Series covers the Cyberhaven extension hack, ZAGG data breach, and Volkswagen cloud leak. Source: CISO Series
4. 2024 Year in Review: What We Got Right and Looking to 2025 - Security Boulevard: The final episode of the Shared Security Podcast for 2024 recaps the year's predictions and discusses what was accurately forecasted. Source: Security Boulevard
5. IPS Assembly Highlights Success with Cetec ERP in ERP Talks Podcast Episode: Tej Sutariya, Chief Information Security Officer and Head of Sales Strategy at IPS Assembly, discusses the success of Cetec ERP in this episode of ERP Talks. Source: EMSNow

Final Words

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We hope you found our coverage on the latest vulnerabilities, patches, and cyber security news insightful and valuable. Remember, staying informed is the first step towards safeguarding your digital assets. In a world where cyber threats are constantly evolving, it's crucial to stay one step ahead. So, don't forget to patch your systems, update your software, and maintain robust security practices. If you enjoyed today's newsletter and found it helpful, we encourage you to share it with your friends, colleagues, and anyone else who might benefit from staying updated on the latest in cyber security. Stay safe, stay informed, and we'll catch you in the next edition of 'ONSEC Cyber Daily'. Until then, keep your data secure and your systems patched.

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn