Welcome to your daily dose of ONSEC Cyber Daily. Today, we're diving into a world where cybersecurity warnings are becoming the norm. From the heart of India, the cybersecurity watchdog, CERT-In, has issued a stark warning about two vulnerabilities in Google Chrome that could leave Windows and Mac users exposed. Meanwhile, over in Pakistan, the National Telecom and Information Technology Security Board (NTISB) is sounding the alarm about an emerging wave of cyberattacks. The sophistication of these attacks is increasing, highlighting the urgent need for vigilance in the digital ecosystem. On the home front, the Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical compliance issue. With over 100 vulnerabilities in LTE, the need for expediting CMMC 2.0 compliance has never been more apparent. In the tech world, Samsung is rolling out its January 2025 security update, addressing 22 SVEs and resolving one CVE. However, the Bitpixie exploit (CVE-2023-21563) is still a concern, bypassing Secure Boot and allowing attackers to decrypt BitLocker-encrypted drives without physical tampering. Stay tuned as we delve deeper into these stories and more, shedding light on the ever-evolving landscape of cybersecurity. Stay safe, stay informed with ONSEC Cyber Daily.

Exploits Alert

1. Google Chrome Vulnerabilities Warning for Windows, Mac Users: India's cybersecurity watchdog, CERT-In, has issued a warning about two vulnerabilities in the widely-used Google Chrome browser that are susceptible to hacker exploitation. Users are advised to update their browsers to the latest version to mitigate the risk. Source: Kashmir Reader
2. Cyber Security Alert in Pakistan: The National Telecom and Information Technology Security Board (NTISB) has issued a serious warning about a rising wave of cyberattacks. The alert underscores the increasing sophistication of these attacks and the need for heightened vigilance. Source: Pakistan Observer
3. Browser Extensions Used to Steal Data of Pakistanis: A new advisory highlights the use of popular browser extensions in cyberattacks aimed at stealing data from Pakistani users. The advisory emphasizes the growing complexity of cyberattacks and the urgent need for vigilance in Pakistan's digital ecosystem. Source: Techlist
4. Urgent Warning Regarding CMMC 2.0 Compliance: The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical issue related to CMMC 2.0 compliance. The alert also mentions over 100 vulnerabilities in LTE. Source: Cybersecurity News
5. Unpatched Vulnerabilities in RealHome: CyberNewswire reports that unpatched vulnerabilities exist in RealHome, indicating potential security risks. Users are advised to apply patches as soon as they become available to avoid potential cyberattacks. Source: Latest Hacking News

Vulnerabilities & Patches

1. Samsung January 2025 Security Update: Samsung has released its January 2025 security update, addressing 22 SVEs. A previous CVE was resolved before the update, and two CVEs do not impact Samsung devices. This update is crucial for Samsung users to maintain the security of their devices. Source: Evrim Ağacı.
2. Bitpixie Exploit (CVE-2023-21563): The Bitpixie exploit, also known as CVE-2023-21563, bypasses Secure Boot, enabling attackers to decrypt BitLocker-encrypted drives without physical tampering. Users are advised to update their systems to protect against this vulnerability. Source: Cybersecurity News.

Podcasts

1. Cyber Security Sauna: This podcast offers a refreshing perspective on the latest trends and developments in the cybersecurity world. The host, Janne Kauhanen, engages with industry experts to discuss everything from threat intelligence to vulnerability management. Source: F-Secure.
2. The Privacy, Security, & OSINT Show: This podcast is a treasure trove of information for those interested in privacy, security, and open-source intelligence. The host, Michael Bazzell, shares practical advice and tips to help listeners protect their digital footprint. Source: IntelTechniques.
3. Darknet Diaries: This podcast delves into the dark side of the internet, exploring true stories related to hackers, breaches, APTs, hacktivism, and more. The host, Jack Rhysider, presents these stories in a captivating and engaging manner. Source: Darknet Diaries.
4. The CyberWire Daily: This podcast provides a daily summary of what's happening in the world of cybersecurity. The host, Dave Bittner, covers everything from the latest threats to industry news. Source: The CyberWire.
5. Smashing Security: This award-winning podcast offers a light-hearted take on the latest cybersecurity news. The hosts, Graham Cluley and Carole Theriault, along with industry guests, discuss the latest security headlines with a sense of humor. Source: Smashing Security.

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily! As we navigate the digital landscape, it's clear that the threats are evolving and the stakes are high. From the warnings issued by India's cybersecurity watchdog about vulnerabilities in Google Chrome, to the urgent alerts about cyberattacks in Pakistan, the need for vigilance and proactive security measures has never been more crucial. Remember, staying informed is the first line of defense. Whether it's the latest updates from Samsung or the emerging exploits like "Bitpixie", we're here to keep you in the loop. If you found today's newsletter helpful, why not share it with your friends and colleagues? Let's work together to create a safer digital world. Until tomorrow, stay safe and stay secure. Don't forget to share ONSEC Cyber Daily with your network. The more we know, the safer we are. Stay tuned for more updates tomorrow. Until then, keep your data close and your security settings closer.

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn