Welcome to today's issue of ONSEC Cyber Daily, where we bring you the latest and most impactful cybersecurity news. In today's edition, we delve into the rising threat of AI-driven cyberattacks, with Forbes warning of 1,000 elite hackers now harnessing the power of AI. Meanwhile, Gmail users are urged to stay vigilant as a new security alert emerges. We also explore the recent exploitation of the Roundcube XSS vulnerability by hackers to steal login credentials, and the major cyberattack targeting critical sectors in Cyprus. In the realm of cybersecurity vulnerabilities, we bring you a summary of the week's most critical vulnerabilities, as reported by CISA. We also cover the latest patches released by Fortinet for an undisclosed critical FortiManager vulnerability, and Atlassian's patches for vulnerabilities in Bitbucket, Confluence, and Jira. Mac users, take note: a macOS vulnerability, "HM Surf", potentially exploited by Adloader malware, has been discovered and patched. This flaw could allow attackers to access your camera and mic, so be sure to update your systems. In our podcast corner, we highlight the latest episodes from "Security Breach", "CIO Podcast", and "Persons Of Interest", covering topics from Tesla's Police Cybertruck to mental health in the IT industry, and inside stories from the Western Australia Police Force. Finally, we share some practical tips from IFA Magazine on how advisers can protect their businesses against cyber threats, and the latest news from the CISO Series. Stay safe and informed with ONSEC Cyber Daily.

Exploits Alert

1. New Cybersecurity Warning As 1,000 Elite Hackers Embrace AI: A new cybersecurity warning has been issued as 1,000 elite hackers are now utilizing AI to carry out cyberattacks. This development underscores the increasing sophistication of cyber threats and the need for robust security measures. Source: Forbes
2. Hackers Exploiting Roundcube XSS Vulnerability To Steal Login Credentials: Cybersecurity experts have issued an alert regarding a vulnerability in Roundcube that hackers are exploiting to steal login credentials. Users are advised to update their systems to the latest version to mitigate this risk. Source: Cybersecurity News
3. Critical sectors in Cyprus targeted in a major cyberattack: Critical sectors in Cyprus have been targeted in a major cyberattack, highlighting the country's cybersecurity vulnerabilities. The cybersecurity community in Cyprus is on high alert as the situation develops. Source: iZOOlogic

Vulnerabilities & Patches

1. Fortinet Releases Patches for Undisclosed Critical FortiManager Vulnerability: Fortinet has released patches for a critical vulnerability in FortiManager. The company has not yet publicly revealed details about the vulnerability or the associated CVE. Users are advised to apply the patches as soon as possible. Source: Help Net Security
2. "HM Surf" macOS Vulnerability Potentially Exploited by Adloader Malware: A bug in macOS, tracked as CVE-2024-44133 and patched in September's macOS Sequoia updates, is believed to be potentially exploited by Adloader malware. Users are urged to update their systems. Source: The Register
3. Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira: Atlassian has announced patches for CVE-2024-4367, an XSS bug that could allow authenticated attackers to execute arbitrary HTML or JavaScript. Users of Bitbucket, Confluence, and Jira are advised to apply the patches immediately. Source: Security Week
4. "HM Surf" macOS Flaw Lets Attackers Access Camera and Mic – Patch Now!: A new macOS vulnerability, "HM Surf" (CVE-2024-44133), has been discovered that bypasses TCC protections and allows unauthorized access to the camera and mic. Users are urged to apply the patch immediately. Source: Hackread
5. Vulnerability Summary for the Week of October 14, 2024: The Cybersecurity and Infrastructure Security Agency (CISA) has released a summary of vulnerabilities for the week of October 14, 2024. Patch information is provided when available. Users are advised to review the summary and apply necessary patches. Source: CISA

Podcasts

1. Tesla's Police Cybertruck; Sleeping Worker Crash; Bathroom Break Rule: This episode of the Today in Manufacturing podcast discusses Tesla's new Police Cybertruck, a sleeping worker crash, and a new rule about bathroom breaks. Source: Manufacturing.net
2. CIO Podcast – Episode 82: Mental Health with Erin Osbourn: In this episode of the CIO Podcast, Erin Osbourn discusses the importance of mental health in the IT industry. Source: Healthcare IT Today
3. Persons Of Interest Podcast: New Episode – Shots Fired: The Western Australia Police Force takes listeners inside criminal investigations in this episode of the Persons Of Interest Podcast. Source: The National Tribune
4. How advisers can protect their business against cyber threats: This episode of the IFA Talk podcast provides practical tips from Morningstar Wealth's Simon Glover on how advisers can protect their businesses from cyber threats. Source: IFA Magazine
5. Microsoft logs lost, Omni Family breach, Internet Archive again - CISO Series: This episode of the CISO Series discusses the loss of Microsoft logs, a data breach at Omni Family Health, and issues with the Internet Archive. Source: CISO Series

Final Words

That's a wrap for today's edition of ONSEC Cyber Daily. We've covered everything from the rise of AI-driven cyberattacks to the latest vulnerabilities and patches. Remember, staying informed is your first line of defense in this ever-evolving cyber landscape. If you found today's newsletter helpful, why not share it with your colleagues and friends? Let's work together to build a safer digital world. Stay vigilant, stay informed, and stay secure. See you in the next edition of ONSEC Cyber Daily. Until then, keep your data safe and your systems patched.