Welcome to today's ONSEC Cyber Daily. As a leading penetration testing company, we're committed to delivering the latest cybersecurity news and insights. Staying informed is crucial in today's digital landscape.

In this issue, we'll cover critical security updates from Google, Adobe, Microsoft, and Samsung, addressing high-severity vulnerabilities and zero-day exploits. Ivanti is tackling actively exploited vulnerabilities, and CISA has added new threats to its catalog. We'll also highlight insights from our podcast section on key cybersecurity topics.

Stay tuned for these stories and more.

Exploits Alert

1. Chrome 129 Warning As Google Drops Yet Another Security Update: Google has issued a warning about two high-severity vulnerabilities discovered in the V8 JavaScript engine. Users are advised to update their browsers to the latest version to mitigate the risk. Source: Forbes
2. Adobe Security Update: Critical Vulnerabilities Patched: Adobe has patched several critical vulnerabilities that could potentially allow cybercriminals to execute arbitrary code and gain unauthorized access to systems. Users are encouraged to update their software to the latest version. Source: The Cyber Express
3. CERT-In Issues Alert for Vulnerabilities in Microsoft Edge Browser: CERT-In has issued an alert regarding vulnerabilities in the Microsoft Edge browser. Microsoft has addressed these vulnerabilities in the latest Microsoft Edge Stable Channel, and users are advised to update their browsers. Source: Business Standard
4. UAE Issues Security Alert for Samsung Users: Samsung has released new security updates to address two critical vulnerabilities and 28 high-risk vulnerabilities in the Android OS. UAE's Cybersecurity agency advises users to update their devices. Source: Khaleej Times
5. Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited: Three critical vulnerabilities in Ivanti CSA are being actively exploited. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these security flaws to its list of known exploited vulnerabilities. Source: The Hacker News

Vulnerabilities & Patches

1. Trio of Ivanti CSA Zero-Day Vulnerabilities Under Exploit Threat: Ivanti has disclosed and issued a patch for a critical vulnerability (CVE-2024-8963). However, new zero-day vulnerabilities in Ivanti CSA are under active exploitation, emphasizing the need for immediate patching. Source: Cybersecurity Dive
2. Microsoft's October 2024 Patch Tuesday Updates: Microsoft has released patches for a zero-day Windows MSHTML spoofing vulnerability (CVE-2024-43573) and a Winlogon elevation of privilege flaw (CVE-2024-43583). These patches are part of Microsoft's regular Patch Tuesday updates. Source: Petri IT Knowledgebase
3. Qualcomm Releases Raft of Security Patches: Qualcomm has released a patch for CVE-2024-33066, a vulnerability described as “memory corruption while redirecting log file”. The company urges users to apply the patch immediately. Source: TechRadar
4. Adobe Security Update: Critical Vulnerabilities Patched: Adobe has released an update that addresses a memory leak vulnerability identified as CVE-2024-20787. The update is classified with a priority level of 3, indicating the critical nature of the vulnerability. Source: The Cyber Express
5. Microsoft Fixes Five Zero-Days in October Patch Tuesday: Microsoft has fixed five zero-day vulnerabilities in its October Patch Tuesday update round. Among these is CVE-2024-43572, a remote code execution (RCE) vulnerability in the Microsoft Management Console. Source: Infosecurity Magazine

Podcasts

1. Just how bad will the Middle East get?: This podcast discusses the role of a cyber sleuth in the IRS in combating terrorism. Source: The Washington Post
2. It is Time for the Healthcare Industry to Reexamine Cybersecurity Preparedness in the Face of Unprecedented Risk: This episode highlights the impacts of cybersecurity on healthcare and the need for the industry to reevaluate its preparedness. Source: Healthcare IT Today
3. Transforming Cybersecurity Awareness and Changing User Behavior, Hacker Rangers Podcast: This podcast discusses how gamification is transforming cybersecurity awareness and changing user behavior. Source: Telecom Reseller
4. Unlocking the Power of Continuous Threat Exposure Management: In this episode, the host sits down with Jason Fruge, CISO-in-residence at XM Cyber, to discuss the power of continuous threat exposure management. Source: TechSpective
5. The AI Fix #19: AI spy specs, robot dogs with ladders, and is it AI or the climate?: This award-winning cybersecurity podcast discusses AI spy specs, robot dogs with ladders, and the impact of AI on the climate. Source: Graham Cluley

Final Words

As we wrap up today's edition of 'ONSEC Cyber Daily', we can't stress enough the importance of staying vigilant and updated in this ever-evolving cyber landscape.

Don't forget to update your systems and applications regularly to keep your digital world secure. We hope you found today's newsletter informative and helpful. If you did, we encourage you to share it with your friends, colleagues, and anyone else who might benefit from this information. Let's work together to create a safer cyber world for everyone.