Cyber Daily 10/11: AI Revives XSS Threats, Critical Flaws Exposed, and Global Cyber Alerts
Welcome to your daily dose of ONSEC Cyber Daily. Today, we're diving into the murky waters of data breaches and liability, with insights from CyberRisk Alliance's editorial director, Jessica C. Davis. We're also shining a light on the resurgence of XSS vulnerabilities, thanks to AI, and the global cyber campaign exploiting unpatched vulnerabilities by Russian SVR. In the world of cybersecurity, it's patch, patch, patch! We're covering the urgent security patches issued by Fortinet, Palo Alto, and Cisco, and the critical risk warnings for Microsoft Edge users. We'll also discuss the critical unpatched vulnerability in Linear eMerge E3 Systems and the fresh alert over Cozy Bear activity. On the international front, we're looking at the UK and US's cyber warnings against Russia, and the Indian government's warning against Microsoft Edge bugs. In our podcast corner, we're featuring episodes discussing Australia's new cybersecurity laws, the increased scrutiny of cybersecurity breaches after the Star Health episode, and the digital priorities of the C-suite. Stay tuned for all this and more in today's ONSEC Cyber Daily. Stay safe, stay informed.
Exploits Alert
- AI Revives XSS Vulnerabilities: A resurgence of Cross-Site Scripting (XSS) vulnerabilities is being observed, thanks to AI. This alert is significant as XSS vulnerabilities have been a persistent issue in the past. Source: CSO Online.
- UK and US Warn Against Russian Cyber Threats: Both the UK and US governments have issued warnings about potential cyber threats from Russia. Targets are identified by scanning internet-facing systems for unpatched vulnerabilities. Source: FutureScot.
- Critical Fortinet Flaw Alert by CISA: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical flaw in Fortinet. This comes as Palo Alto and Cisco also issue urgent security patches. Source: The Hacker News.
- Unpatched Vulnerability in Linear eMerge E3 Systems: Cybersecurity researchers are warning about an unpatched vulnerability in Linear eMerge E3 Systems. This vulnerability could potentially be exploited by cybercriminals. Source: The Hacker News.
- Indian Government Warns Against Microsoft Edge Bugs: The Indian government has issued a warning about bugs in Microsoft Edge that could potentially be exploited by hackers to steal data. Users are advised to stay safe by keeping their software updated. Source: Republic World.
Vulnerabilities & Patches
- A Haunting Patch Tuesday for October: 117 Updates and 5 Zero-Day Flaws: Microsoft's Patch Tuesday for October delivered a large set of patches, fixing 117 flaws, including five zero-day vulnerabilities. Source: Computerworld
- Zero-Day Flaw Behind Rackspace Breach Still a Mystery: The vulnerability that led to the Rackspace breach has not been assigned a CVE, raising concerns about additional organizations being at risk. Source: TechTarget
- Fog, Akira Ransomware Groups Exploit Critical Veeam Backup Flaw: Veeam disclosed a critical deserialization bug and released a patch for CVE-2024-40711 on Sept. 4, but Fog and Akira ransomware groups are exploiting it. Source: SC Media
- You Need to Update Firefox ASAP: Firefox has patched a "critical" flaw, CVE-2024-9680, a "use-after-free" flaw affecting Animation timelines. Users are urged to update immediately. Source: Lifehacker
- GitLab Releases Critical Security Patches Amid Vulnerability Streak: GitLab patched another critical flaw, CVE-2024-6678, with a CVSS score of 9.9, which could have allowed an attacker to run pipeline. Source: Developer Tech News
Podcasts
- PODCAST: Australia to get new cyber security laws, Qantas hit by insider threat, and a new ransomware gang emerges: This episode of the Cyber Uncut podcast details multiple Australian hacks, including an insider threat at Qantas, and the emergence of a new ransomware gang. Source: cybersecurityconnect.com.au
- Irdai to increase scrutiny of cyber security breaches after Star Health episode: Irdai is intensifying scrutiny of cybersecurity lapses in the insurance sector following a major data breach at Star Health Insurance. Source: economictimes.com
- Hacked, attacked, and sued - CyberWire: This episode of the CyberWire podcast discusses various cybersecurity issues, including hacking, attacks, and lawsuits. Source: thecyberwire.com
- From The Vault: Cyber Crime Protection - FOX News Radio: This episode from the FOX News Radio vault discusses protection against cybercrime. Source: radio.foxnews.com
- Secure Your World with Phishing Resistant Passkeys: This episode of the Thales Security Sessions podcast discusses the use of phishing-resistant passkeys for enhanced cybersecurity. Source: securityboulevard.com
Final Words
And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We've covered a lot of ground, from the liability of data breaches to the resurgence of XSS vulnerabilities, and the ever-present threat of cyber attacks from nation-states. Remember, the world of cybersecurity is constantly evolving, and staying informed is the first line of defense. If you found today's newsletter helpful, why not share it with your friends and colleagues? It's a simple way to help them stay on top of the latest cybersecurity news and threats. After all, in the digital world, knowledge is power, and sharing it helps to create a safer cyber environment for us all.
Stay safe, stay informed, and see you in the next edition of 'ONSEC Cyber Daily'.