Cyber Daily 1/29: Zyxel CPE Exploitation, UK's Advancing Cyber Threat, iOS 18.3 Security Update, Google Chrome Alert, Nvidia GPU Vulnerabilities, Apple's Zero-Day Patch, Cybersecurity Podcasts

Welcome to the ONSEC Cyber Daily for January 29th. Today's issue is packed with critical updates and warnings that you need to know. We start with a warning about Zyxel CPE devices facing active exploitation due to an unpatched vulnerability. This is a serious issue that needs immediate attention. Next, we move to the UK, where the government has issued a chilling warning about a 'severe and advancing' cyber attack threat. The impact of such attacks on public services and people's lives can be devastating. Apple users, take note. The company has released an urgent iOS 18.3 security update to target 'cyber threats' due to a flaw. This update fixes a list of 29 vulnerabilities, one of which has already been used in attacks. Google Chrome users on Windows and Mac, you're not left out. CERT-In has issued a high-risk warning for you too. Update your browsers now to protect against critical vulnerabilities. In other news, Nvidia has confirmed 7 new GPU vulnerabilities. Act now to protect your data. We also have updates on various patches for vulnerabilities, including those affecting Apple devices and ecommerce sites. Finally, we have a roundup of the latest cybersecurity podcasts. From discussions on national security to women in tech law, these episodes offer valuable insights into the ever-evolving cybersecurity landscape. Stay safe and stay informed with ONSEC Cyber Daily.
Exploits Alert
- Zyxel CPE Devices Active Exploitation: Cybersecurity researchers have raised an alert about a critical zero-day vulnerability in Zyxel CPE Series devices that is currently being actively exploited. Users are advised to apply patches as soon as they become available. Source: The Hacker News.
- UK's 'Severe and Advancing' Cyber Attack Threat: The UK government has issued a chilling warning about the severe and advancing cyber attack threat the country is facing. The devastating impact of these attacks on public services and people's lives has been highlighted. Source: Express UK.
- iOS 18.3 Update Warning: Apple has issued a warning to all iPhone users to update to iOS 18.3 immediately. The update fixes a list of 29 vulnerabilities, one of which has already been used in attacks. Source: Forbes.
- CERT-In Red Alert for Google Chrome Users: CERT-In has issued a high-risk warning for Google Chrome users on Windows and Mac. Users are advised to update their browsers now to protect against critical vulnerabilities. Source: Analytics Insight.
- Nvidia Security Warning: Nvidia users are advised to act now as 7 new GPU vulnerabilities have been confirmed. Users are urged to update their systems to the latest versions to mitigate these vulnerabilities. Source: Forbes.
Vulnerabilities & Patches
- Apple Devices Under Siege: Urgent Security Update Needed to Patch Actively Exploited: Apple devices are currently under threat from a vulnerability identified as CVE-2023-1234. Users are urged to update their devices immediately to protect against this actively exploited zero-day vulnerability. Source: pc-tablet.com
- iOS Zero-Day Vulnerability Exploited: Apple Issues Emergency Patch for iPhones and iPads: Apple has released an emergency patch for an actively exploited iOS zero-day vulnerability, CVE-2025-0001, affecting iPhones and iPads. Users are advised to update their devices as soon as possible. Source: pc-tablet.com
- Automox Launches Real-Time Linux CVE Data to Outpace NVD Delays: Automox has introduced real-time Linux CVE data to provide context-rich vulnerability insights and outpace NVD delays. This allows organizations to adopt risk-based patching across all operating systems. Source: globenewswire.com
- Ecommerce sites across the world could be at risk from this dangerous security flaw, so patch now: Ecommerce sites worldwide are at risk from a dangerous security flaw known as CosmicSting or CVE-2024-34102. This is the worst bug to hit Magento and Adobe Commerce stores in two years, and immediate patching is advised. Source: msn.com
- Fortinet Authentication Vulnerability Exploited to Gain Super-Admin Access: A vulnerability in Fortinet's authentication, CVE-2024-55591, is being exploited to gain super-admin access. Organizations are urged to patch affected systems immediately. Source: gbhackers.com
Podcasts
- Foreign Correspondent FDI Podcast: This podcast offers a monthly conversation about foreign investment screening, providing valuable insights for investors interested in the national security landscape. Source: Lexology
- Code and Country Podcast: The upcoming episode of this podcast features a former Deputy National Security Advisor to the British Prime Minister, providing actionable insights into navigating today's complex security environment. Source: StreetInsider
- New Podcast on Israel-UAE Collaborations: This new podcast focuses on innovation in technology, healthcare, and cybersecurity, highlighting the collaborations between Israel and UAE. Source: Algemeiner
- Dark Web Podcast Series: Cyber Crime Investigator Amit Dubey shares insights into the real story of the Dark Web in this podcast series. Source: YouTube
- AGG Talks: Women in Tech Law Podcast: This podcast provides essential insights for tech leaders on cybersecurity and FCA compliance, with a focus on women in the tech law industry. Source: JDSupra
Final Words
That's all for today's edition of ONSEC Cyber Daily. We hope you found this information useful in your ongoing efforts to stay one step ahead of the cyber threats that surround us. Remember, knowledge is power, and sharing that knowledge only strengthens our collective defense. So, if you found today's newsletter helpful, why not share it with your friends and colleagues? Let's work together to create a safer digital world. Stay safe, stay informed, and see you in tomorrow's edition of ONSEC Cyber Daily.