Good morning, ONSEC Cyber Daily readers! Today's issue is packed with critical updates and insights from the cybersecurity world. We start with a warning from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) about increased cyberattacks targeting Adobe ColdFusion and Oracle Agile PLM. The attackers are exploiting vulnerabilities, and the situation is so severe that Google has issued a warning about phishing campaigns targeting higher education institutions. In the UK, the Home Office's new vulnerability reporting mechanism is leaving researchers open to prosecution, a move that the CyberUp campaign warns could harm the country's economy and resilience to cyberattacks. On the tech front, we have news about critical flaws in MITRE Caldera and Parallels Desktop, and how securing your attack surface with SOCRadar's ASM can reduce your exposure to cybercriminals. The manufacturing sector is under the spotlight as industrial system cyberattacks surge, making it an attractive target for cyberattackers. We also have updates on the February 2025 security patch for the Galaxy S24 series in India, and defense lessons from the Black Basta Ransomware Playbook. In the podcast corner, we have episodes discussing AI for charities, the critical role of cybersecurity due diligence in healthcare M&A, and how North Korean hackers are winning the cyber war. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats. Stay safe!

Exploits Alert

1. Increased Cyberattacks Target Adobe ColdFusion and Oracle Agile PLM: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about ongoing cyberattacks exploiting vulnerabilities in Adobe ColdFusion and Oracle Agile PLM. The exact nature of these attacks remains unclear. Source: The Munich Eye.
2. Hackers Exploiting Cisco Small Business Routers RCE Vulnerability Deploying Webshell: Cybercriminals are exploiting a remote code execution vulnerability in Cisco Small Business Routers to deploy a webshell. The ultimate objective of the botnet remains unclear, with hypotheses suggesting its use as an Operational Relay Box (ORB) for launching cyberattacks. Source: GBHackers.
3. Google Issues Warning on Phishing Campaigns Targeting Higher Education Institutions: Google has issued a warning about phishing campaigns targeting higher education institutions. The campaigns are part of a broader trend of cybercriminals exploiting vulnerabilities in these institutions' security systems. Source: GBHackers.
4. UK Home Office's new vulnerability reporting mechanism leaves researchers open to prosecution: The UK Home Office's new vulnerability reporting mechanism has been criticized for potentially leaving researchers open to prosecution. The CyberUp campaign warns that this delay is harming the country's economy and resilience to cyberattacks. Source: The Record Media.
5. Security Alert: Critical Flaws in MITRE Caldera and Parallels Desktop: Critical flaws have been identified in MITRE Caldera and Parallels Desktop. By securing your attack surface with SOCRadar's ASM, you can reduce your exposure to the most likely points of entry for cybercriminals. Source: SOCRadar.

Vulnerabilities & Patches

1. February 2025 Security Patch for Galaxy S24 Series: The latest patch for the Galaxy S24 series resolves one critical and 34 high-level CVE issues. Users are urged to update their devices to ensure security. Source: Pune.News
2. Black Basta Ransomware Exploiting Top 20 CVEs: The Black Basta Ransomware Gangs are actively exploiting the top 20 CVEs. Users are advised to patch their systems immediately to prevent attacks. Source: Qualys Security Blog
3. Security Flaws in Adobe and Oracle Products: Threat intelligence firm GreyNoise has flagged active exploitation attempts targeting CVE-2023-20198, a now-patched security flaw in Adobe and Oracle products. Users are advised to update their software. Source: The Hacker News
4. Critical Flaws in MITRE Caldera and Parallels Desktop: MITRE has patched a vulnerability in Caldera and Parallels Desktop. Users should update to version 5.1.0+ to minimize the risk. Source: SOC Radar
5. Microsoft Windows Installer Service Vulnerability: A local privilege escalation vulnerability has been identified in the Microsoft Windows Installer Service. Users are advised to update their systems to mitigate the risk. Source: Systemtek

Podcasts

1. Podcast: AI for charities 101: This episode discusses the application of AI in the charity sector, focusing on cybersecurity and digital inclusion. The guest speaker is Laura Stanley, a Senior Content Writer at CHARITY DIGITAL TRUST. Source: Charity Digital.
2. The Critical Role of Cybersecurity Due Diligence in Healthcare M&A: In this episode, Scott Becker hosts Brian Wilson and Chad Zoretic, Managing Directors at VMG Health, discussing the importance of cybersecurity in healthcare mergers and acquisitions. Source: Becker's Hospital Review.
3. North Korean Hackers Are Winning. Is the Crypto Industry Ready to Stop Them?: This podcast episode explores the threat of North Korean hackers to the crypto industry and discusses possible prevention strategies. Source: Unchained Crypto.
4. Foley Black History Month Program: Human-Centered Tech With Camille Stewart Gloster: This episode features Camille Stewart Gloster, a specialist in Cyber, Infrastructure & Resilience at the U.S. Department of Homeland Security, discussing human-centered technology. Source: Foley.
5. The AI Fix #39: AIs value their lives over yours, and flattery gets you nowhere: This episode of the award-winning cybersecurity podcast "Smashing Security" discusses the potential risks and ethical dilemmas posed by AI technology. Source: Graham Cluley.

Final Words

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. As we navigate the ever-evolving landscape of cybersecurity, it's crucial to stay informed and vigilant. From the increased cyberattacks on Adobe ColdFusion and Oracle Agile PLM to the exploitation of Cisco Small Business Routers, the world of cybersecurity is as dynamic as it is challenging. Remember, knowledge is power. By staying updated on the latest vulnerabilities, patches, and cyber threats, we can all play a part in fortifying our digital defenses. So, don't keep this valuable information to yourself. Share 'ONSEC Cyber Daily' with your friends, colleagues, and anyone else who could benefit from a daily dose of cybersecurity news. Together, we can make the digital world a safer place. Stay secure, stay informed, and see you in the next edition of 'ONSEC Cyber Daily'.

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn