Good Morning ONSEC Cyber Daily Subscribers, As we bid farewell to 2024, we're here to keep you updated on the latest cybersecurity developments. Today's newsletter is packed with critical information that you need to know. First up, Google Chrome users, be on high alert. The government has issued a high-risk warning due to vulnerabilities that exist in Google Chrome. We'll delve into the details of these vulnerabilities and their potential impact on users. Next, we'll discuss the top vulnerabilities of December 2024 and the importance of immediate updates. We'll also look at how Four-Faith routers were exploited through a specific vulnerability and how iXsystems promptly addressed a vulnerability in TrueNAS CORE. Samsung and Oracle aren't left out of the vulnerability spotlight either. We'll examine the two most common vulnerabilities found in Samsung devices and a significant vulnerability in Oracle's WebLogic Server that allows attackers to compromise the server remotely. In other news, Palo Alto Networks has patched a vulnerability that was exploited for DoS attacks against the company's firewalls. We'll also discuss CISA's 2024 KEV Catalog Update and the ongoing risk posed by some of the earliest vulnerabilities. Finally, we'll wrap up with some podcast episodes that you won't want to miss. Tune in to the Riga Security Forum podcast for an examination of the authoritarian regime in Belarus and its global impact. We'll also highlight the top 5 episodes of the Security Clearance Careers podcast and the latest episode of the CIO podcast. Stay safe, stay updated, and let's step into the New Year with a renewed commitment to cybersecurity. Best, ONSEC Cyber Daily Team

Exploits Alert

1. High Risk Warning for Google Chrome Users: The government has issued a high-risk warning for Google Chrome users due to existing vulnerabilities. These vulnerabilities are due to Type Confusion and Out of bounds memory access in V8. Users are advised to update their browsers to the latest version to avoid potential cyber threats. Source: MSN and Times of India.

Vulnerabilities & Patches

1. Top CVEs & Vulnerabilities of December 2024: Microsoft has released crucial security updates to patch vulnerabilities. Users are advised to install these updates immediately to safeguard their systems. Source: Security Boulevard
2. Four-Faith Routers Exploited Through CVE-2024-12856 Vulnerability: A vulnerability in Four-Faith routers is being exploited in the wild. Users can track updates, exploits, and the status of patches from a single dashboard to quickly assess the impact. Source: SOCRadar
3. TrueNAS CORE Vulnerability Let Attackers Execute Remote Code: iXsystems has promptly released a patch to address the CVE-2024-11944 vulnerability in TrueNAS CORE that could allow attackers to execute remote code. This highlights the challenges of maintaining robust security. Source: GBHackers
4. Two most common vulnerabilities found in Samsung devices: Two vulnerabilities have been found in Samsung devices, one of which is CVE-2021-25337 found in Samsung's Text-to-Speech app. Samsung has released an update and no newer devices are at risk. Source: Sammy Fans
5. CISA's 2024 KEV Catalog Update: Vulnerabilities and Trends: The CISA's 2024 KEV Catalog Update reveals that some of the earliest vulnerabilities, like CVE-2002-0367, dating back to 2002, continue to pose a risk, being leveraged in ransomware attacks. Source: The Cyber Express

Podcasts

1. Riga Security Forum Podcast: 'Belarus, Authoritarianism and the Global Impact of Unchecked State Violence': This episode by the Latvian Institute of International Affairs (LIIA) provides an in-depth analysis of the authoritarian regime in Belarus and its impact on human rights. The discussion also extends to the global implications of unchecked state violence. Source: Riga Security Forum
2. Top 5 Episodes of the Security Clearance Careers Podcast: This podcast series features weekly guests who share their insights on the complexities of security-related careers. The link provides a roundup of the top 5 episodes in 2024, offering a wealth of knowledge for anyone interested in the field. Source: ClearanceJobs
3. CIO Podcast – Episode 87: CHIME and KLAS Synergy Awards with Jeffrey Sturman: In this episode of the CIO podcast hosted by Healthcare IT Today, Jeffrey Sturman, Senior Vice President and Chief Digital Officer, joins the discussion. The conversation revolves around the CHIME and KLAS Synergy Awards. Source: Healthcare IT Today

Final Words

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We hope you found our insights helpful and informative. Remember, the digital world is a battlefield, and your devices are the soldiers. Keep them updated, patched, and secure. If you found today's newsletter useful, why not share it with your friends and colleagues? They might also appreciate the heads-up on the latest cyber threats and how to combat them. Stay safe, stay updated, and remember, knowledge is the best defense in the world of cybersecurity. See you tomorrow for another round of essential updates, right here at ONSEC Cyber Daily.