Welcome to the latest issue of ONSEC Cyber Daily. Today, we're diving into a world where cybersecurity threats are escalating and vulnerabilities are being exploited. China's spy agency is sounding the alarm on growing cybersecurity threats, particularly highlighting the vulnerabilities in Intel chips. Meanwhile, India's cybersecurity agency has issued a high-risk warning for Mozilla Firefox users due to a critical vulnerability. In the US, CISA is warning of active exploitation of a critical vulnerability in SolarWinds Help Desk software, believed to be orchestrated by a nation-state adversary. And in the UK, Chinese state actors are targeting critical infrastructure, underscoring the growing vulnerabilities faced by Western nations. In the realm of software updates and patches, F5 BIG-IP, Oracle, Cisco have all released patches to address high-severity vulnerabilities. Finally, we'll be discussing the latest cybersecurity podcasts, including episodes on the future of the CISO role, the impact of AI on nuclear investments, and best practices in cybersecurity. Stay tuned for all this and more in today's ONSEC Cyber Daily.

Exploits Alert

1. China Spy Agency Warns of Growing Cybersecurity Threats Amid Call for Intel Review: China's Ministry of State Security has issued an alert regarding the increasing cybersecurity threats, particularly focusing on Intel chips for their frequent vulnerabilities and high failure rates. Source: South China Morning Post
2. India's Cyber Security Agency Issues 'High' Risk Warning for Mozilla Firefox Users: India's CERT-In has issued a high-risk warning for Mozilla Firefox users due to a critical vulnerability identified as CVE-2024-9680. Source: Times of India
3. CISA Warns of Active Exploitation of Critical Vulnerability in SolarWinds Help Desk Software: The Cybersecurity and Infrastructure Security Agency (CISA) warns of an active exploitation of a critical vulnerability in Ivanti's Cloud Service, believed to be orchestrated by a nation-state adversary. Source: Computing
4. Trend Micro Cloud Edge Vulnerability Let Attackers Execute Arbitrary Code: Trend Micro has issued an urgent security bulletin warning users of a critical vulnerability in its Cloud Edge appliance that could allow attackers to execute arbitrary code. Source: Cyber Security News
5. Cybersecurity Alert: Chinese State Actors Target UK Critical Infrastructure: Chinese state actors are reportedly targeting UK's critical infrastructure, highlighting the growing vulnerabilities faced by Western nations in the face of increasingly sophisticated cyberattacks. Source: Mondaq

Vulnerabilities & Patches

1. F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability: F5 has released updates for BIG-IP to address a high-severity security defect (CVE-2024-45844) affecting the appliance's monitor functionality. Source: SecurityWeek
2. Oracle's Critical Patch Update: Oracle has released a critical patch update for October, addressing a security vulnerability (CVE-2024-21216) that could allow remote attackers to execute commands. Source: heise online
3. Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters: Cisco has patched a high-severity vulnerability that could be exploited by an attacker by convincing a user to click on a crafted link. Source: SecurityWeek
4. Critical Veeam Vulnerability CVE-2024-40711 Exploited by Ransomware Groups: The Veeam vulnerability CVE-2024-40711, which allows remote code execution, is being exploited by ransomware groups. Swift patching and security measures are recommended. Source: The Cyber Express
5. Critical Kubernetes Image Builder bug allows SSH root access: A critical bug in Kubernetes Image Builder, tracked as CVE-2024-9594, can be abused to gain root access. Source: The Register

Podcasts

1. Discussing a DOJ Lawsuit Under the Civil-Fraud Initiative - Holland & Knight: This episode of "Regulatory Phishing" delves into a Department of Justice lawsuit under the civil-fraud initiative, providing a comprehensive analysis of new and proposed rules for contractors. Source: Holland & Knight
2. Will We Ever Go Back From WFH? - CISO Series: In this episode, the CISO Series Podcast explores the future of work-from-home (WFH) policies, with Geoff Belknap joining as co-host to discuss the implications and challenges of permanent remote work. Source: CISO Series
3. A Fresh Look At The Future Of The CISO - Forrester: This podcast episode from Forrester provides a fresh perspective on the future role of the Chief Information Security Officer (CISO), concluding with a preview of the upcoming Forrester Security. Source: Forrester
4. TNB Tech Minute: Amazon Joins AI Rivals In New Nuclear Investments - Tech News Briefing: This episode discusses Amazon's new nuclear investments, joining its AI rivals in this sector. The CyberSecurity Association of China's claims about U.S. chipmaker's products are also discussed. Source: Tech News Briefing

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily! Remember, staying informed is the first step to staying secure. If you found today's newsletter helpful, why not share it with your friends and colleagues? They might appreciate the heads-up on the latest cyber threats and security news. Plus, it's a great way to start a conversation about cybersecurity and how it impacts us all. Stay safe, stay alert, and keep an eye out for tomorrow's edition of ONSEC Cyber Daily. We'll be back with more updates from the ever-evolving world of cybersecurity. Until then, keep your data secure and your systems patched. Remember, in the world of cybersecurity, knowledge is the best defense.