Welcome to today's issue of ONSEC Cyber Daily! We're diving into a whirlwind of cybersecurity alerts, vulnerabilities, and patches. The National Computer Emergency Response Team (NCERT) has issued a hack alert against vulnerabilities in cybersecurity software, while the FBI and CISA urge software vendors to stop hardcoding secrets and use secure cryptography. In a shocking revelation, personal data allegedly belonging to the Guardia Civil and the Ministry of Defense has been detected, potentially published by cybercriminals. Meanwhile, Vietnam's information systems are under threat from 23 new vulnerabilities, and critical security vulnerabilities have been discovered in Chrome and Edge. In the world of software updates, Nvidia's mid-January GPU driver update addresses several vulnerabilities and exploits, while Belsen Group leaks over 15,000 FortiGate Firewall configurations. Microsoft has also begun forcing Windows 11 Security & AI updates, and a flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks. We'll also be discussing the latest cybersecurity podcasts, including insights on ransomware attacks, drone security, AI in auto finance, and healthcare IT. Stay tuned for these stories and more in today's ONSEC Cyber Daily. Stay safe and informed!

Exploits Alert

1. NCERT Issues Hack Alert Against Vulnerabilities in Cybersecurity Software: The National Computer Emergency Response Team (NCERT) has issued a critical advisory about a DNS Security vulnerability in Palo Alto Networks. This vulnerability could potentially allow unauthorized access to sensitive information. Source: 24 News HD
2. FBI and CISA Alert Software Vendors: Stop Hardcoding Secrets, Use Secure Cryptography: The FBI and CISA have issued an alert to software vendors, urging them to stop hardcoding secrets and to use secure cryptography. This comes as part of an effort to reduce the risk of vulnerabilities that could be exploited by cybercriminals. Source: Cybernews
3. Personal Data Allegedly Belonging to the Guardia Civil and the Ministry of Defense Detected: Cybercriminals may have published three separate databases containing data belonging to 109,000 members of the Guardia Civil. The potential breach underscores the need for robust cybersecurity measures. Source: INCIBE
4. Warning of 23 New Vulnerabilities Targeting Information Systems in Vietnam: The Department of Information Security in Vietnam has issued a warning about 23 vulnerabilities with high and serious impact levels. These vulnerabilities target various information systems and could potentially lead to unauthorized access or data breaches. Source: Vietnam.vn
5. Critical Security Vulnerabilities Discovered in Chrome and Edge: The Federal Office for Information Security (BSI) has issued a warning about critical security vulnerabilities discovered in Chrome and Edge. These vulnerabilities could potentially allow cybercriminals to exploit the browsers and gain unauthorized access to sensitive information. Source: Research Snipers

Vulnerabilities & Patches

1. Nvidia's GPU Driver Update: Nvidia's mid-January GPU driver update addresses several vulnerabilities, with five specific vulnerabilities being addressed. The lowest severity issue is CVE-2024-0150, which targets "buffer overflow" with the GPU display driver. Source: Tom's Hardware and Wccftech.
2. Belsen Group Leaks FortiGate Firewall Configurations: The Belsen Group has leaked over 15,000 FortiGate Firewall configurations. It's crucial to determine the timeline for patching CVE-2022-40684. Source: Hackread.
3. New Vulnerabilities in Vietnam: There are warnings of 23 new vulnerabilities targeting information systems in Vietnam, including CVE-2025-21344, CVE-2025-21348 in SharePoint Server. In case of possible impact, update the patch according to the instructions. Source: Vietnam.vn.
4. Windows 11 Flaw: A vulnerability, identified as CVE-2024-7344, allowed malicious actors to install harmful code on devices, bypassing many built-in security measures. It's recommended to update now as hackers had 7 months to exploit this Windows 11 flaw. Source: Dataconomy.
5. W3 Total Cache Plugin Flaw: A flaw in the WordPress W3 Total Cache plugin could expose hundreds of thousands of WordPress sites to attacks. Attackers could potentially access information from internal services, including metadata on cloud-based apps. Source: Security Affairs.

Podcasts

1. Season 2: Training and Awareness - by Edwin Kwan - Substack: This podcast emphasizes that over 80% of security breaches are due to human errors rather than technical vulnerabilities, highlighting the importance of training and awareness in cybersecurity. Source: Substack
2. Locked out: Navigating ransomware attacks - MinterEllisonRuddWatts: In this episode, the hosts discuss the increasing threat of ransomware attacks and provide insights on how to navigate such situations effectively. Source: MinterEllisonRuddWatts
3. New Year, New Restrictions? Sara And Josh Talk About Drone Security - Mondaq: Sara and Josh discuss recent legislative and regulatory developments related to drone security, shedding light on the new restrictions and their implications. Source: Mondaq
4. PODCAST: More ways AI is germinating in auto finance with Lizz Callaway of Origence: This episode explores how AI is increasingly being used in auto finance, with a focus on the insights shared by Lizz Callaway of Origence. Source: Auto Remarketing
5. 5 highlights of Cyber Engagement 2025 from Automotive Risk Management Partners and Ridgeback Network Defense: The podcast discusses the five main components of the latest perspective on auto and RV dealership cybersecurity and compliance. Source: Auto Remarketing

Final Words

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. As we navigate the ever-evolving landscape of cybersecurity, it's crucial to stay informed and vigilant. From the NCERT's hack alert to the FBI and CISA's advisory, the world of cybersecurity is bustling with updates and alerts. Remember, knowledge is power. Sharing this newsletter with your friends and colleagues can help them stay ahead of potential threats and fortify their defenses. So, why not take a moment to forward this to them? In tomorrow's edition, we'll bring you more updates, alerts, and insights from the world of cybersecurity. Stay safe, stay informed, and keep sharing the knowledge. Until then, this is your trusted 'ONSEC Cyber Daily' signing off.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)