Welcome to the inaugural ONSEC Cyber Daily for October 8, 2024. As a leading penetration testing company, we're launching this new rubric to deliver the latest cybersecurity news and insights. Staying informed and proactive is essential in today's digital landscape.

In this issue, we'll cover recent cybersecurity incidents and vulnerabilities, including attacks on American Water Works and a major U.S. water company, scrutiny of MilSatCom's security landscape, increased risks at third-party providers highlighted by FINRA, and critical patches from Qualcomm and SAP. Stay tuned for these stories and more.

Exploits Alert

1. American Water Works Cybersecurity Incident: American Water Works reported a cybersecurity incident following unauthorized hacker activity. The FBI and the U.S. Department of Homeland Security are currently investigating the cyberattack. Source: Industrial Cyber
2. Cybersecurity Threats in MilSatCom: Key threats and vulnerabilities in SatCom cybersecurity were discussed, highlighting the need for robust security measures against potential cyberattacks. Source: ASDNews
3. FINRA Highlights Cybersecurity Risks: The Financial Industry Regulatory Authority (FINRA) has highlighted increasing cybersecurity risks at third-party providers, emphasizing the need for stringent security measures. Source: Mayer Brown
4. American Water Cyberattack: Major U.S. water company, American Water Works Company, reported a cyberattack. The company stated that there does not appear to be any impact on water services. Source: CyberScoop
5. CISA's FY23 Risk & Vulnerability Assessment: The Cybersecurity and Infrastructure Security Agency (CISA) warned about potential credential access in its FY23 risk and vulnerability assessment. Source: Security Intelligence

Vulnerabilities & Patches

1. SAP Patches Critical Vulnerability in BusinessObjects: SAP has released a patch for a critical flaw in BusinessObjects. The vulnerability was one of 12 new and updated security notes released on SAP's October 2024 patch day. Source: SecurityWeek
2. Qualcomm Releases Fix for Actively Exploited Critical DSP and WLAN Vulnerabilities: Qualcomm has released a patch for a critical flaw in the WLAN Resource Manager (CVE-2024-33066) and another in the Digital Signal Processor (CVE-2024-43047). Both vulnerabilities were being actively exploited. Source: Technadu
3. Okta Patches Critical Vulnerability in Classic Product: Okta has released a patch for a critical vulnerability in its Classic Product. The vulnerability, tracked as CVE-2024-43047, could have allowed unauthorized access and data exploitation. Source: The Cyber Express
4. LatePoint Plugin Vulnerabilities Affect More Than 7,000 Websites: LatePoint has released a patch for a vulnerability (CVE-2024-8911) that could have allowed attackers to change settings on affected websites. Over 7,000 websites were affected by this vulnerability. Source: Candid Technology
5. 6 Million WordPress Sites at Risk from XSS Vulnerability in LiteSpeed Cache Plug-In: Patchstack has released an update that fixes three flaws in the LiteSpeed Cache plugin for WordPress. The most serious of these, CVE-2024-47374, could have allowed cross-site scripting (XSS) attacks. Over 6 million WordPress sites were at risk from this vulnerability. Source: Vulnera

Podcasts

1. APDR Podcast Episode 66 with host Kym Bergmann: This episode discusses various aspects of cyber security, IT, simulation & training, government policy, and industry news. Source: Asia Pacific Defence Reporter
2. Strengthening cyber resilience: Strategies for today's digital landscape: In this episode, Pradeep Eledath, Partner, Technology Consulting, EY India talks about strategies to strengthen cyber resilience in today's digital landscape. Source: EY - India
3. Managing OT and IT Risk: What Cybersecurity Leaders Need to Know: This episode discusses the risks associated with OT and IT and what cybersecurity leaders need to know to manage these risks. Source: Security Boulevard
4. Proxy statements: Addressing boards' AI and cyber-security oversight and looking to 2025: In this episode, Ron Schneider of Donnelley Financial Solutions discusses best practices for AI and cyber-security oversight in boardrooms. Source: Governance Intelligence
5. Tapped and trapped - CyberWire: This episode of the CyberWire Daily Podcast discusses the latest cybersecurity news and trends. Source: The CyberWire

Final Words

As we wrap up today's edition of 'ONSEC Cyber Daily', we can't help but reflect on the interconnectedness of our digital world. From the cyberattack on American Water Works to the vulnerabilities in Qualcomm's Digital Signal Processor, it's clear that cybersecurity is not just an IT issue, but a global concern that affects us all. We hope that our daily updates help you stay informed and prepared.

Knowledge is power in the fight against cyber threats. So, don't keep this valuable information to yourself.

Please share ONSEC Cyber Daily with your friends and colleagues, and let's create a safer digital community together.