Welcome to the latest issue of ONSEC Cyber Daily, your one-stop source for the most impactful cybersecurity news. Today, we're diving into a critical security warning for 200 million Nvidia users, both Linux and Windows gamers alike. Veteran cybersecurity writer, Davey Winder, has highlighted an improper input validation type vulnerability in the vGPU kernel that could put your system at risk. In other news, the U.S. Cybersecurity and Infrastructure Security Agency has issued a warning about the vulnerability of water utilities to cyberattacks, following a recent attack in Pennsylvania. This comes alongside a critical warning about the widespread exploitation of Fortinet FortiManager devices, a situation that Shadowserver has been closely monitoring. As we navigate the digital world, Virgin Media has issued new advice on how to safely use public Wi-Fi hotspots, a common vulnerability point for cybercrime. Meanwhile, the National Anti-Scam Centre has issued a bulk email extortion warning, highlighting the increasing sophistication of cybercriminals. On the global stage, intelligence agencies in the US and UK have issued a joint statement warning organizations worldwide of escalating cyber threats, particularly from Russian Intelligence. In the realm of patches and updates, Nvidia, ESET, Cisco, and Microsoft have all released patches for high-severity flaws in their systems. We'll delve into the details of these patches and the vulnerabilities they address, including CVE-2024-47575, CVE-2024-44133, and CVE-2024-43573. Finally, we'll wrap up with a roundup of the latest cybersecurity podcasts, featuring insights from industry experts on everything from automotive cybersecurity challenges to staying ahead of threat actors. Stay tuned for these stories and more in today's ONSEC Cyber Daily.

Exploits Alert

1. Urgent New Nvidia Security Warning For 200 Million Linux And Windows Gamers: Nvidia has been hit with a significant security vulnerability, affecting 200 million Linux and Windows gamers. The vGPU kernel vulnerability is an improper input validation type, which could potentially be exploited by hackers. Source: Forbes.
2. Cybersecurity Agency Warns That Water Utilities Are Vulnerable To Hackers After Pennsylvania Attack: The U.S. Cybersecurity and Infrastructure Security Agency has issued a warning that water utilities are vulnerable to cyberattacks, following a recent attack on a Pennsylvania water authority. The agency is urging utilities to bolster their cyber defenses. Source: MSN.
3. FortiManager Devices Mass Compromise Exploiting CVE-2024-47575 Vulnerability: Shadowserver has issued a critical warning about the widespread exploitation of Fortinet FortiManager devices using the recently disclosed CVE-2024-47575 vulnerability. Organizations are advised to patch their systems immediately. Source: Cybersecurity News.
4. How To Safely Use Public Wi-Fi Hotspots, According To Virgin Media's Latest Cybersecurity Advice: Virgin Media has issued a new alert on the risks of using public Wi-Fi hotspots, which are vulnerable to cybercrime. The company has provided advice on how to safely use these networks. Source: Yahoo News UK.
5. National Anti-Scam Centre Issues Bulk Email Extortion Warning: The National Anti-Scam Centre has issued a warning about the rise of bulk email extortion scams. Cybercriminals are leveraging stolen data obtained through data breaches to carry out these scams. Source: Australian Cyber Security Magazine.

Vulnerabilities & Patches

1. NVIDIA Patches Multiple GPU Display Driver for Windows & Linux: NVIDIA has released patches for multiple vulnerabilities in its GPU display drivers for both Windows and Linux. These vulnerabilities could potentially lead to code execution, denial of service, and privilege escalation. It's crucial for users to update their drivers to the latest version. Source: GBHackers
2. ICS Vulnerability Report: Threats and Mitigation Steps: The Cyber Express has identified a medium-severity vulnerability, CVE-2024-3506, affecting Cyble Vision. Patching efforts are underway to mitigate this threat. Users are advised to stay updated on the latest patches. Source: The Cyber Express
3. ESET Updates the Vulnerability and Patch Management Module: ESET has patched a vulnerability in macOS, CVE-2024-44133, that could be exploited by attackers for adware attacks. The flaw, dubbed 'HM Surf,' allows attackers to exploit the system if not updated. Source: Headtopics
4. Emergency Patch: Cisco Fixes Bug Under Exploit in Brute-Force Attacks: Cisco has released an emergency patch for a medium-severity flaw, CVE-2024-20481, due to resource exhaustion. This bug is currently under exploit in brute-force attacks, and users are urged to apply the patch immediately. Source: The Register
5. Update Windows by October 29 to Avoid Risk: A significant vulnerability, CVE-2024-43573, poses threats to more than 240 million Windows users. Users are strongly advised to update their operating systems by October 29 to avoid potential risks. Source: NewsReports

Podcasts

1. Real Space Strategy: Starlink, Key Tool in the Battle for Freedom: This podcast discusses the strategic role of Starlink in the global security landscape. It explores how this satellite internet constellation could be a key tool in the battle for freedom. Source: Global Security Review
2. Disney Leak Reveals Financial and Strategy Secrets: In this episode, Cyber Expert Scott Schober discusses a recent leak at Disney that revealed financial and strategy secrets. The podcast highlights the importance of robust cybersecurity measures in protecting sensitive corporate information. Source: Security Boulevard
3. Week in Review: Solar Winds fines, Microsoft loses security logs: This podcast reviews the week's top cybersecurity news, including Solar Winds' fines and Microsoft's loss of security logs. It provides insights into the latest cyber threats and how businesses can protect themselves. Source: CISO Series
4. How enterprises can overcome automotive cybersecurity challenges: This episode explores the complex world of automotive cybersecurity. It provides insights into how enterprises can navigate cyber threats and protect their automotive technologies. Source: EY - India
5. CONTESTED GROUND: Divisions spike ahead of the US election: In this podcast, co-host Liam Garman discusses the increasing divisions ahead of the US election and the potential cybersecurity implications. Source: Defence Connect

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, we hope you've found our coverage of the latest cybersecurity news enlightening and useful. From the urgent Nvidia security warning affecting millions of gamers, to the vulnerabilities in our water utilities and public Wi-Fi hotspots, it's clear that cybersecurity is a pressing issue that affects us all. Remember, staying informed is the first line of defense. So, don't forget to share this newsletter with your friends and colleagues to help them stay one step ahead of potential threats. We also encourage you to dive deeper into these topics by checking out the various podcasts we've highlighted today. They offer valuable insights from industry experts that can help you navigate the complex world of cybersecurity. Thank you for being a part of the ONSEC Cyber Daily community. We look forward to bringing you more exclusive and up-to-date cybersecurity news tomorrow. Stay safe and secure!