Subject: ONSEC Cyber Daily - Your Daily Dose of Cybersecurity Updates (1/20) Hello there, In today's edition of ONSEC Cyber Daily, we're diving into the deep end of cybersecurity threats and solutions. First up, we're taking a look at the hidden dangers lurking in your email. Forbes has confirmed a critical threat to Gmail and Outlook users. Despite Google's efforts to build robust protections against cyberattacks, phishing and malware continue to pose significant risks. Next, we're exploring the recent exploitation of a zero-day vulnerability in Windows Common Log File System (CVE-2024-49138). We'll discuss the importance of prompt patch application and system review in mitigating these threats. We'll also delve into the Microsoft Configuration Manager Vulnerability (CVE-2024-43468) that allows remote code execution. Microsoft has addressed this vulnerability with patch KB29166583 in the recent Patch Tuesday update. In addition, we'll examine the long-awaited patch for a serious UEFI Secure Boot flaw (CVE-2024-7344) from Microsoft. This vulnerability allowed malicious code to bypass many of Windows 11's built-in protections. Finally, we'll wrap up with a roundup of the latest in cyber attacks, vulnerabilities, and data breaches. We'll highlight the recent patches released by Microsoft as part of January's Patch Tuesday update to combat these threats. Stay tuned for these stories and more in today's ONSEC Cyber Daily. Stay safe, stay informed. Best, [Your Name]

Exploits Alert

1. Critical Hidden Email Danger Confirmed For Gmail And Outlook Users: Google is working on new protections to safeguard Gmail users from various types of cyberattacks, including phishing and malware. The tech giant's efforts come in response to a critical hidden email hack that poses a threat to both Gmail and Outlook users. Source: Forbes

Vulnerabilities & Patches

1. Windows Common Log File System Zero-day Vulnerability (CVE-2024-49138) Exploited: A zero-day vulnerability in Windows Common Log File System is being exploited. Users are advised to install all relevant security patches promptly and review system configurations to ensure security. Source: cybersecuritynews.com
2. Microsoft Configuration Manager Vulnerability Allows Remote Code Execution (CVE-2024-43468): A vulnerability in Microsoft Configuration Manager allows for remote code execution. Microsoft has addressed this issue with patch KB29166583 in the latest patch Tuesday update. Source: cybersecuritynews.com
3. Microsoft Patches Serious UEFI Secure Boot Flaw (CVE-2024-7344): Microsoft has finally patched a serious UEFI Secure Boot flaw that allowed malicious code to bypass many of Windows 11's built-in security measures. The patch comes after a seven-month delay. Source: techspot.com
4. Latest in Cyber Attacks, Vulnerabilities, and Data Breaches (CVE-2024-12084): A recent vulnerability allows attackers to execute arbitrary code. Microsoft has released patches as part of January's Patch Tuesday update to address this issue. Source: cybersecuritynews.com

Podcasts

1. Cyber Security Sauna: This podcast offers a refreshing dip into the world of cybersecurity, discussing the latest trends, threats, and tips. It features interviews with industry experts, offering insights into the complex world of data protection. Source: F-Secure.
2. The Privacy, Security, & OSINT Show: Hosted by Michael Bazzell, a renowned security expert, this podcast provides a deep dive into the world of online privacy, security, and open-source intelligence. It offers practical advice to protect your data and stay safe online. Source: IntelTechniques.
3. Darknet Diaries: This podcast explores the dark side of the internet, delving into the underworld of hackers, data breaches, and cybercrime. It's a thrilling journey into the hidden aspects of the digital world. Source: Darknet Diaries.
4. Smashing Security: Hosted by Graham Cluley and Carole Theriault, two veterans in the cybersecurity industry, this podcast offers a light-hearted yet informative look at the latest cybersecurity news and threats. Source: Smashing Security.
5. CyberWire Daily: This daily podcast provides a quick rundown of the top cybersecurity news. It's a great resource for staying up-to-date with the latest threats and developments in the cybersecurity landscape. Source: CyberWire.

Final Words

And that's a wrap for today's ONSEC Cyber Daily. As we've seen, the cyber landscape is constantly evolving, with new vulnerabilities popping up and old ones being patched. Whether it's the hidden email dangers lurking in Gmail and Outlook, or the zero-day vulnerabilities in Windows' Common Log File System, it's clear that cybersecurity is a never-ending battle. But remember, knowledge is power. By staying informed and vigilant, we can all play a part in making the digital world a safer place. So, if you found today's newsletter helpful, why not share it with your friends and colleagues? They might appreciate the heads up. Until next time, stay safe and secure. Remember, in the world of cybersecurity, the only constant is change. Keep an eye on your inbox for tomorrow's edition of ONSEC Cyber Daily, where we'll bring you the latest updates from the frontlines of the cyber world. Stay cyber aware, and don't forget to patch and update your systems regularly.

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn