Cyber Daily 1/3: SC3 Alert Protocol, Canadian Software Vulnerability, Google Chrome Red Alert, Sophos Firewall Risk, LDAPNightmare Exploit, Windows 11 Encryption Bypass, China & Russia Cyber Attacks, Exploding Cybertruck, AI Risks in 2025
Welcome to today's issue of ONSEC Cyber Daily, where we bring you the most impactful cybersecurity news from around the globe. Today, we delve into the Scottish Cyber Coordination Centre's new vulnerability coordination policy and procedure, designed to alert and coordinate responses to cyber threats. In Canada, a vulnerability impacting all versions of Cleo VLTrader, Harmony, and LexiCom software has raised data security concerns. Meanwhile, Google Chrome users have been issued a red alert about serious security vulnerabilities that could expose their systems to cyberattacks. Sophos users are urged to update their firewall devices as the vendor addresses several security vulnerabilities. In other news, a new PoC exploit, LDAPNightmare, targets a Windows LDAP flaw, causing crashes and reboots. Windows 11 encryption has been defeated, with hackers bypassing BitLocker in minutes. This week also saw Chinese hackers penetrate the U.S. Treasury and a Russian tanker suspected of undersea cable sabotage. In the podcast world, a cyber truck explosion near Trump's hotel has made headlines, while discussions on Iran's collapsing sphere of influence and the next era of cybersecurity continue. Lastly, we explore the risks of AI adoption in 2025 with Graham Cluley. Stay tuned for these stories and more in today's ONSEC Cyber Daily.
Exploits Alert
- Scottish Cyber Coordination Centre Vulnerability Coordination Policy & Procedure: The Scottish Cyber Coordination Centre (SC3) has outlined a policy and procedure to alert and coordinate responses to cyber threats. This move is aimed at enhancing the country's cyber resilience. Source: gov.scot
- Data Security Risk Due To File-Transfer Software Vulnerabilities: The Canadian Centre for Cyber Security has issued an alert about a vulnerability impacting all versions of Cleo VLTrader, Harmony, and LexiCom software. Users are advised to update their software to the latest versions to mitigate the risk. Source: Mondaq
- Govt issues red alert for Google Chrome users: The government has issued a red alert for Google Chrome users, warning them about serious security vulnerabilities that could expose their systems to cyberattacks. Users are advised to update their browsers to the latest version to protect their systems. Source: MSN
Vulnerabilities & Patches
- Sophos Firewall Vulnerabilities Could Allow Remote Attacks: Sophos users are urged to update their firewall devices as the vendor addresses several security vulnerabilities that could potentially allow remote attacks. Ensuring devices are updated with the latest patches is crucial for maintaining security. Source: Latest Hacking News.
- Windows 11 Encryption Defeated: Hackers have found a way to bypass BitLocker in Windows 11 in mere minutes. The mitigation process is complicated by the need to update UEFI firmware. Despite Microsoft releasing patches for the vulnerability, challenges in mitigation persist. Source: Security Newspaper.
Note: The vulnerabilities related to LDAPNightmare and CVE-2024-49113 have been excluded from this list as per the blacklist.
Podcasts
- Week in Review: China hacks Treasury, tanker sabotages cables - CISO Series: This episode discusses the recent cyber attacks on the U.S. Treasury by Chinese hackers and the suspected sabotage of undersea data cables by a Russian tanker. Source: CISO Series
- A Cybertruck explodes near Trump's hotel - SBS Sinhala: This podcast episode reports on an incident where a Tesla Cybertruck exploded near Trump's hotel. The cause of the explosion is still under investigation. Source: SBS Sinhala
- CONTESTED GROUND: Iran's collapsing sphere of influence - Defence Connect: In this episode, the hosts discuss the fall of Bashar and the implications it has on Iran's sphere of influence. Source: Defence Connect
- Post-Quantum Cryptography: Preparing for the Next Era of Cybersecurity - TechSpective: This episode delves into the world of post-quantum cryptography and how it's preparing us for the next era of cybersecurity. Source: TechSpective
- Fireside chat with Graham Cluley about risks of AI adoption in 2025: In this episode, Graham Cluley discusses the potential risks of adopting AI in 2025 and how businesses can mitigate these risks. Source: Graham Cluley
Final Words
And that's a wrap for today's edition of ONSEC Cyber Daily. From the Scottish Cyber Coordination Centre's alert policy to the vulnerabilities in Sophos firewall and Windows 11 encryption, we've covered a lot of ground. We've also delved into the world of podcasts, discussing everything from exploding cyber trucks to the risks of AI adoption. Remember, in the realm of cybersecurity, knowledge is your best defense. So, don't keep this valuable information to yourself. Share ONSEC Cyber Daily with your friends and colleagues. Let's work together to build a safer digital world. Stay vigilant, stay informed, and stay secure. See you in the next edition!