Welcome to today's issue of ONSEC Cyber Daily, where we bring you the most impactful cybersecurity news in one place. Today, we're focusing on the urgent call from Cisco to patch a decade-old WebVPN vulnerability that's fueling the Androxgh0st botnet activity. This comes as cybercriminals are increasingly using deepfakes to target businesses, with LastPass narrowly avoiding a security breach thanks to an alert employee. Google Chrome has also issued an emergency security update to fix a single vulnerability, while the FBI and CISA have released a guide to combat PRC cyber threats following a $450K loss from the Clipper cyberattack. In Europe, a new regulation has established a pan-European network of cyberhubs, known as the 'Cybersecurity Shield'. Meanwhile, over 2,000 Palo Alto Firewalls have been compromised via exploited vulnerabilities, and Samsung has detailed the security fixes in its upcoming December 2024 patch for Galaxy devices. Hewlett Packard Enterprise has also been in the spotlight with vulnerabilities in its AutoPass License Server, and an exploit has been released for a critical WhatsUp Gold RCE flaw. Finally, we delve into the world of podcasts, with discussions on the safety of our utilities from cyberattacks, supporting postpartum engineers in the workplace, and the latest episode of "Are We All Clear?" discussing Section 847. Stay safe and informed with ONSEC Cyber Daily.

Exploits Alert

1. Cisco Urges Immediate Patch for Decade-Old WebVPN Vulnerability: Cybercriminals are exploiting a decade-old vulnerability in Cisco's WebVPN. The company is urging users to patch their systems immediately. An employee at LastPass narrowly avoided a security breach after identifying a fake CEO in a WhatsApp call. Source: Hackread
2. Google Chrome V131—New Warning As Emergency Security Update Issued: Google has issued an emergency security update for Chrome V131 to fix a single vulnerability. The company is urging users to update their browsers immediately. Source: Forbes
3. Old Cisco ASA Vulnerability (CVE-2014-2120) Fuels Androxgh0st Botnet Activity: An old vulnerability in Cisco ASA (CVE-2014-2120) is being exploited by the Androxgh0st botnet. Cisco has issued a warning and is urging users to patch their systems. Source: SOCRadar
4. CISA, FBI Release Guide to Combat PRC Cyber Threats: The CISA and FBI have released a guide to help organizations combat cyber threats from the PRC. This comes after the Clipper cyberattack exploited a withdrawal vulnerability, causing a $450K loss. Source: The Cyber Express
5. New EU Regulation Establishes European 'Cybersecurity Shield': The EU has established a new regulation that creates a 'Cybersecurity Shield'. This includes a European Cybersecurity Alert System and a network of cyberhubs for coordinated response to threats. Source: SecurityWeek

Vulnerabilities & Patches

1. Samsung December 2024 Security Patch: Samsung has disclosed the vulnerabilities that will be addressed in the December 2024 security patch for Galaxy devices. The patch is expected to fix numerous security issues, enhancing the overall safety of the devices. Source: Android Headlines
2. Hewlett Packard Enterprise AutoPass License Server Vulnerabilities: Two significant vulnerabilities have been identified in the Hewlett Packard Enterprise AutoPass License Server. CVE-2024-51768 allows for remote code execution, while CVE-2024-51767 enables remote attackers to bypass authentication. Source: Systemtek, Systemtek
3. WhatsUp Gold RCE Flaw: An exploit has been released for a critical remote code execution flaw in WhatsUp Gold. Progress Software has released security updates addressing CVE-2024-8785 and five other vulnerabilities. Source: Bleeping Computer
4. Major Android Bugs: Five major bugs have been identified that leave Android devices vulnerable to attackers. Recommended protective measures include automated patch deployment and systematic vulnerability assessments. Source: Candid.Technology
5. Android System Vulnerabilities: Android versions 12, 13, 14, and 15 have been found to be vulnerable to malware attacks due to two system vulnerabilities, CVE-2024-43097 and CVE-2024-43768. Developers have reportedly resolved these security issues in the latest patch. Source: heise online

Podcasts

1. "Are our utilities safe from cyberattack?" - Computerworld: This podcast episode discusses the vulnerability of our utilities to cyberattacks. It raises awareness about the potential threats and the need for improved security measures. Source: Computerworld
2. "SWE Diverse Podcast Ep 291: Supporting Postpartum Engineers in the Workplace" - SWE: Karen Roth, a Department of Defense leader in cyber, AI, and digital engineering, shares her experiences and insights on supporting postpartum engineers in the workplace. Source: SWE
3. "Nam3l3ss but not harmless." - CyberWire: Dave Bittner, a security podcast host and one of the founders at CyberWire, presents a new episode of Threat Vector discussing the dangers of seemingly harmless cyber threats. Source: CyberWire
4. "Podcast - Mitigating FOCI Under Section 847" - Holland & Knight: In this episode, host Molly O'Casey and national security attorney Antonia Tzinova discuss Section 847 and the mitigation of Foreign Ownership, Control or Influence (FOCI). Source: Holland & Knight
5. "The AI Fix #27: Why is AI full of real-life Bond villains?" - Graham Cluley: This podcast episode discusses the role of AI in cybersecurity and why it seems to attract real-life Bond villains. It also covers digital arrest scams. Source: Graham Cluley

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. As we navigate the ever-evolving landscape of cybersecurity, it's crucial to stay informed and vigilant. From decade-old vulnerabilities to deepfake threats and the rise of cyberhubs, we're here to keep you updated on the latest news and developments. Remember, the first step to cybersecurity is awareness. So, don't keep this valuable information to yourself. Share this newsletter with your friends, colleagues, and anyone else who could benefit from staying one step ahead of cyber threats. Stay safe, stay informed, and let's continue to build a more secure digital world together. Until tomorrow, this is ONSEC Cyber Daily, signing off.