Welcome to the ONSEC Cyber Daily, your daily dose of the most impactful cybersecurity news. Today, we're diving into the ongoing battle against election disinformation, with Georgia's Secretary of State pushing for the removal of Russian disinformation from social media. We're also looking at the alarming vulnerability of county election websites, with 60% at risk of cyber threats. The FBI has issued a warning about disinformation that could undermine voter confidence, making this a critical issue as we approach the 2024 elections. In other news, we're examining the top vulnerabilities of October 2024, highlighting the urgent need for timely patching and updates to defend against both existing and new threats. The Indian government has issued a high severity warning to Google Chrome users about a vulnerability that cybercriminals are exploiting to breach devices and steal user data. We're also discussing the new EU cybersecurity obligations for connected devices, and how these apply to companies that manufacture, import, and distribute products with internet connectivity. Finally, we're sharing insights from Contrast CISO David Lindner on the EU's updated Product Liability Directive, which now includes the possibility of lawsuits for faulty software. Stay tuned for more updates and remember, knowledge is the first line of defense in cybersecurity. Stay safe and stay informed with ONSEC Cyber Daily.

Exploits Alert

1. Georgia Secretary of State Pushes Social Media to Remove Russian Disinformation: The Georgia Secretary of State is urging social media platforms to remove Russian disinformation, which could potentially influence the upcoming elections. The move comes amid concerns about the vulnerability of election systems to cyber threats. Source: CyberWire
2. Why 60% of County Election Websites Are Vulnerable to Cyber Threats Ahead of 2024: A recent report reveals that 60% of county election websites are at risk of cyber threats, as highlighted by an FBI warning. The warning emphasizes the potential for disinformation to undermine voter confidence. Source: Pune News
3. Top CVEs & Vulnerabilities of October 2024: IT security managers need to stay alert to cyber threats and prioritize vulnerabilities that require immediate attention. The report provides an overview of the top Common Vulnerabilities and Exposures (CVEs) for October 2024. Source: Security Boulevard
4. Cybersecurity Vulnerability News: October 2024 CVE Roundup: The October 2024 CVE roundup highlights three critical Ivanti CSA vulnerabilities. For complete patching details, refer to Ivanti's Security Advisory. Source: Security Boulevard
5. Indian govt issue high severity warning to Google Chrome users: The Indian government has issued a high severity warning to Google Chrome users about a vulnerability related to the IP address 0.0.0.0. This vulnerability is reportedly being exploited by cybercriminals to breach devices and steal user data. Source: MSN

Vulnerabilities & Patches

1. CVE-2024-21260: Oracle High-Severity Vulnerability: Oracle has disclosed a high-severity vulnerability (CVE-2024-21260) that could allow unauthorized access to sensitive data. Users are urged to monitor network traffic for suspicious activity and keep network security devices up-to-date with the latest security patches. Source: Security Boulevard
2. October 2024 CVE Roundup: The recent roundup of high-severity vulnerabilities highlights the urgent need for timely patching and updates to defend against both existing and new threats. It is crucial for organizations to stay vigilant and proactive in their cybersecurity measures. Source: Security Boulevard
3. CVE-2024-21261: Microsoft High-Severity Vulnerability: Microsoft has released a patch for a high-severity vulnerability (CVE-2024-21261) that could allow attackers to execute arbitrary code. Users are advised to apply the patch immediately to prevent potential exploitation. Source: Security Boulevard
4. CVE-2024-21262: Adobe High-Severity Vulnerability: Adobe has disclosed a high-severity vulnerability (CVE-2024-21262) in its popular software. Users are urged to update their software to the latest version to mitigate the risk of exploitation. Source: Security Boulevard
5. CVE-2024-21263: Linux Kernel High-Severity Vulnerability: A high-severity vulnerability (CVE-2024-21263) has been discovered in the Linux Kernel that could allow attackers to gain elevated privileges. Users are advised to update their systems to the latest kernel version as soon as possible. Source: Security Boulevard

Podcasts

1. Cybersecurity Insights with Contrast CISO David Lindner: This podcast discusses the recent update to the EU's Product Liability Directive, which now holds software developers liable for their faulty software. Source: Security Boulevard
2. CyberWire Daily Podcast Ep 2182: The episode focuses on debunking election disinformation, a critical issue in today's digital age. Source: CyberWire
3. Balancing Technology and Behavioral Elements and How to Improve School Safety: This podcast by SecurPod discusses the balance between technology and behavioral elements in improving school safety. Source: Security Today
4. CISA Strategic Plan Targets Global Cooperation on Cybersecurity: This podcast discusses CISA's inaugural international strategic plan, which aims to strengthen global partnerships against cyber threats. Source: Security Boulevard
5. Riga Security Forum 2024 podcast series – Episode #1: The first episode of the Riga Security Forum 2024 podcast series examines the UN's relevance in today's world and the urgent need for global cybersecurity measures. Source: The Baltic Times

Wisdom from the ONSEC Founders' Vault

Getting ready for your first pentest: startup founders guide. Prepare your startup for its first penetration test with ONSEC.io to uncover security vulnerabilities, collaborate transparently with the testing team, proactively enhance security practices, and build resilience against cyber threats, ensuring your customers’ data stays protected. Source.

Final Words

And that's a wrap for today's ONSEC Cyber Daily. We hope you found these insights valuable in your quest to stay one step ahead of the cyber threats that loom in our digital world. Remember, knowledge is power, and sharing this power can make a world of difference. So, why not pass this newsletter on to your friends and colleagues? Let's work together to debunk disinformation, patch vulnerabilities, and build a safer cyber landscape for all. Stay vigilant, stay informed, and stay safe. Until tomorrow, this is your trusted source for all things cyber, signing off.