Welcome to your daily dose of ONSEC Cyber Daily. Today, we're diving into the chilling world of Ghost Ransomware. The National Law Review has released a joint cybersecurity advisory on this menacing threat that's exploiting vulnerabilities in over 70 countries. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint advisory warning about this ransomware, urging organizations to patch exploited vulnerabilities and segment networks. But the Ghost isn't the only specter haunting the cyber world. We'll also be looking at the vulnerabilities in SonicWall SonicOS, Palo Alto Networks Bugs, and Ivanti Endpoint Manager. Europe's most vulnerable countries are also on our radar, along with the recent cyber sanctions imposed by Australia in response to the 2022 Medibank Private cyberattack. We'll also be discussing the latest patches released by Microsoft, Google, and NVIDIA, and how they're addressing critical vulnerabilities in their systems. Stay tuned for more updates on the ever-evolving cybersecurity landscape. Remember, knowledge is power, and in the world of cybersecurity, it's your best defense.

Exploits Alert

1. Ghost Ransomware Alert: Cybersecurity Agencies Warn of Exploited Vulnerabilities: Cybersecurity agencies have issued a warning about the Ghost Ransomware, which exploits publicly available code to exploit common vulnerabilities. The ransomware has impacted over 70 countries. Source: The National Law Review and MSSP Alert.
2. Cybersecurity: Which are Europe's most vulnerable countries?: A recent report highlights the most vulnerable countries in Europe when it comes to cybersecurity. The report emphasizes the importance of disabling potentially harmful files to protect computer systems. Source: MSN.
3. US cybersecurity agencies warn of global Ghost ransomware threat: Despite multiple warnings from cybersecurity firms, the Ghost ransomware threat continues to pose a global risk. The ransomware exploits vulnerabilities in unpatched software. Source: Tech Monitor.
4. Australia imposes new cyber sanctions in response to the 2022 Medibank Private cyberattack: In a pivotal shift in its approach, Australia has imposed new cyber sanctions in response to the 2022 Medibank Private cyberattack. This marks a significant change in the country's cybersecurity strategy. Source: The Cyber Express.
5. Citrix NetScaler Vulnerability Allows Unauthorized Command Execution: The FBI and CISA have issued a joint advisory warning of a vulnerability in Citrix NetScaler that allows unauthorized command execution. This vulnerability poses a significant risk to cybersecurity. Source: Cybersecurity News.

Vulnerabilities & Patches

1. Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability (CVE-2025-0110): Google has released a proof-of-concept exploit for a command injection vulnerability in Palo Alto's firewall, highlighting growing concerns about firewall exploitation chains in critical infrastructure. Source: cybersecuritynews.com
2. Ivanti Endpoint Manager Vulnerabilities Proof-of-Concept (PoC) Exploit Released (CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159): A proof-of-concept exploit for several vulnerabilities in Ivanti Endpoint Manager has been released, highlighting the 'patch fatigue' effect that delays critical updates. Source: cybersecuritynews.com
3. Microsoft Power Pages websites attacked via security hole (CVE-2025-24989): A newly patched flaw in Microsoft Power Pages allows attackers to elevate privileges over a network, emphasizing the need for businesses to update their websites. Source: theregister.com
4. NVIDIA's key toolkit packed with vulnerabilities (CVE-2024-53870): NVIDIA has released updates to patch vulnerabilities in its key toolkit, discovered by researchers and released in February. Source: cybernews.com
5. Healthcare firms targeted by all-new ransomware strain (CVE-2024-24919): A new ransomware strain is targeting healthcare firms, exploiting a vulnerability that was patched in May 2024. Source: inkl.com

Podcasts

1. The Diamond Podcast: Friends and Fiduciaries - Wealth Management: Chris Griffith and Henry Wheelwright, rising stars in the finance industry, discuss their journey and reasons for leaving Morgan Stanley. Source: Wealth Management
2. CISO Series: Signal conversations hacked, Ransomware group hits infrastructure: This episode covers the recent hacking of Signal conversations and a ransomware group's attack on infrastructure. Source: CISO Series
3. Cyber Careers with an Edge: Why ManTech is Leading the Charge with Chris Cleary: Chris Cleary shares his insights on why ManTech is at the forefront of cyber careers in this episode of the Security Clearance Careers Podcast. Source: Clearance Jobs
4. WeLiveSecurity: Fake job offers target coders with infostealers: This episode discusses how fake job offers are being used to target coders with infostealers. Source: WeLiveSecurity
5. An Eye on P&I Episode 13: Cyber risks - Marsh: Hosts of Marsh's Marine P&I Podcast discuss the cyber risks associated with modern ships that heavily rely on computers and computer software. Source: Marsh

Final Words

As we wrap up another edition of 'ONSEC Cyber Daily', we want to remind you that cybersecurity is a shared responsibility. The Ghost Ransomware threat is a stark reminder of the importance of staying vigilant and keeping our systems updated. Remember, an unpatched vulnerability is like an open door for cybercriminals. We hope you found today's newsletter informative and useful. Please share it with your friends and colleagues to help spread the word about the latest cybersecurity threats and solutions. Together, we can make the digital world a safer place. Stay safe, stay updated, and see you in the next edition of 'ONSEC Cyber Daily'.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)