Welcome to the latest issue of ONSEC Cyber Daily. Today, we're sounding the alarm on a series of critical vulnerabilities and cyber threats that are making headlines. First up, Microsoft has issued a 10-day deadline for Windows users to update their systems or risk being unable to use their PCs. This comes after the government issued an emergency update warning, stating that existing security fixes are likely insufficient. Meanwhile, India's cybersecurity agency has issued a 'high' risk warning for Mozilla Firefox users, and the Maharashtra Cyber Department has warned of cybercriminals impersonating police officials to defraud citizens. In the US, a cyberattack on American Water has highlighted the vulnerability of critical infrastructure. And it's not just corporations that are at risk - Gen Z's online activity is making them more vulnerable to scammers, according to cybersecurity experts. Android and Google Chrome users aren't safe either, with CERT-In issuing a high-risk warning alert for these platforms. And in the world of software, new vulnerabilities have been discovered in Veeam, GitHub Enterprise Server, MacOS Safari, and Grafana. In our podcast corner, we have insights from Contrast CISO David Lindner, a discussion on the state of cyber civilization in South Africa, and an exploration of alternative CISO career paths. Stay tuned for more updates and remember, staying informed is the first step towards staying secure.

Exploits Alert

1. Microsoft Windows Deadline—10 Days To Update Or Stop Using Your PC: Microsoft users are urged to update their systems within 10 days due to a newly discovered vulnerability. The existing security fixes are likely insufficient to protect against this threat. Source: Forbes.
2. India's Cyber Security Agency Issues 'High' Risk Warning for Mozilla Firefox Users: The Maharashtra Cyber Department warns of cybercriminals impersonating police officials to defraud citizens using 'Helpline 1930'. Firefox users are advised to exercise caution. Source: MSN.
3. The American Water Cyberattack: A cyberattack on American Water disrupted customer systems, highlighting the vulnerability of critical infrastructure to cyber threats. Water operations were unaffected. Source: TechTarget.
4. Gen Z's Online Activity Makes Them More Vulnerable to Scammers: Cybersecurity experts warn that Gen Z's heavy online activity makes them more susceptible to cyber scams. Young people are advised to be vigilant about their online security. Source: WSOC TV.
5. CERT-In Issues 'High-Risk' Alert For Android & Google Chrome Users: CERT-In has issued a high-risk warning for Android and Google Chrome users due to potential vulnerabilities that could expose them to cyberattacks. Source: ABP Live.

Vulnerabilities & Patches

1. Microsoft Windows Spoofing Vulnerability (CVE-2024-43573): The US cyber agency has issued a warning about an unspecified spoofing vulnerability in Microsoft Windows, which could lead to data loss. Users are advised to update their systems within the next 10 days to avoid potential risks. Source: Forbes.
2. GitHub Enterprise Server Security Advisory (CVE-2024-9487): GitHub has confirmed the availability of a patch for a critical vulnerability in its Enterprise Server. Users are encouraged to maintain routine software updates to ensure their systems are protected. Source: TechNadu.
3. MacOS Safari 'HM Surf' Exploit (CVE-2024-44133): Apple has released a fix for a vulnerability in MacOS Safari that exposes camera, mic, and browser data. The exploit, known as 'HM Surf', has been detected in the wild. Source: Dark Reading.
4. Grafana Critical Vulnerability (CVE-2024-9264): Grafana has released six new versions to resolve a critical vulnerability that risks remote code execution. Users are advised to patch their systems immediately to avoid potential threats. Source: SC Media.
5. Adload Malware Exploits MacOS Safari Protections: Microsoft has warned users to patch the HM Surf flaw in MacOS Safari as it has been actively exploited by Adload malware to bypass system protections. Source: SC Media.

Podcasts

1. Cybersecurity Insights with Contrast CISO David Lindner: This podcast episode features an insightful discussion with David Lindner, the CISO at Contrast, about the current state of cybersecurity. The conversation revolves around data breaches and the role of thought leaders in cybersecurity. Source: Security Boulevard
2. ITWeb TV: SA in state of cyber civilisation | Episode #72: In this episode, Armand Kruger, head of cybersecurity at NEC XON, discusses the state of cybersecurity in South Africa. The conversation provides a deep dive into the challenges and opportunities in the cybersecurity landscape. Source: YouTube
3. Legacy Mindsets Are Helping Hackers Weaponize Networks - Security Breach: This podcast episode explores how legacy mindsets are aiding hackers in weaponizing networks. The discussion also touches on the industrial sector's response and prioritization of cybersecurity. Source: iHeart
4. Alternative CISO career paths, budget planning, and one easy trick to bypass EDR! – ESW #380: This episode of Enterprise Security Weekly discusses alternative career paths for CISOs, budget planning, and a simple trick to bypass Endpoint Detection and Response (EDR). Source: SC Magazine
5. FOCI Mitigation: SSAs, SCAs and Proxy Agreements | Holland & Knight LLP: The 11th episode of "Are We All Clear? Facilitating Security Clearances" podcast discusses FOCI Mitigation, SSAs, SCAs, and Proxy Agreements. The conversation provides insights into facilitating security clearances. Source: JDSupra

Final Words

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. From the looming Microsoft Windows deadline to the high-risk alerts for Android and Google Chrome users, we've covered a lot of ground. It's clear that the digital landscape is ever-evolving, and staying updated is our best defense against cyber threats. Remember, cybersecurity is not just an IT issue, it's a shared responsibility. So, don't keep this information to yourself. Share this newsletter with your friends, colleagues, and loved ones. Let's work together to create a safer digital world. Stay vigilant, stay updated, and most importantly, stay safe. Until next time, this is your trusted source for all things cybersecurity, signing off.