Welcome to another edition of ONSEC Cyber Daily. Today, we're diving into a series of critical cybersecurity updates that have been making headlines. First up, we're looking at a confirmed Russian cyber attack that exploited a severe vulnerability in Windows, leading to a 0-click backdoor attack. This is a stark reminder of the ever-present threats in our digital world. Next, we're shifting our focus to Zyxel Firewalls, which have been exploited in Helldown ransomware attacks. If you're using Zyxel firewalls, it's time to be on high alert. Meanwhile, Mozilla Firefox users in India have been issued a 'high' risk warning by the country's cybersecurity agency, CERT-In. A critical vulnerability has been identified, and users are advised to take immediate action. In other news, we're discussing the importance of securing your network against cyberattacks, with a special focus on Raspberry Pi cybersecurity. We're also shedding light on over two dozen flaws identified in Advantech Industrial Wi-Fi Access Points. If you're using these access points, it's time to patch up ASAP. Finally, we're exploring the concept of AI cyber warfare, a topic that's been gaining traction in recent podcasts. We'll delve into the rise of digital risks in the era of AI and the ongoing risk of nation-state attackers. Stay tuned for these stories and more in today's ONSEC Cyber Daily.

Exploits Alert

1. Windows Warning As New 0-Click Backdoor Russian Cyber Attack Confirmed: A severe vulnerability with a 9.8 severity rating has been exploited by Russian hackers in a zero-click cyber attack chain. The attack targeted Windows users, making it a significant threat to the global user base. Source: Forbes.
2. Zyxel Firewalls Exploited in Helldown Ransomware Attacks: Cybercriminals have been exploiting a vulnerability in Zyxel firewalls to launch Helldown ransomware attacks. Organizations using these firewalls should be vigilant for signs of unauthorized access. Source: The Cyber Express.
3. India's Cyber Security Agency Issues 'High' Risk Warning for Mozilla Firefox Users: CERT-In has issued a high-risk warning for Mozilla Firefox users due to a critical vulnerability identified as CVE-2024-9680. Users are advised to update their browsers immediately. Source: MSN.
4. Raspberry Pi Cybersecurity: Secure Your Network Now: Cyberattacks can occur at any time due to network vulnerabilities or malware capable of affecting connected devices. Raspberry Pi users are advised to secure their networks to prevent potential attacks. Source: DataDrivenInvestor.

Vulnerabilities & Patches

1. Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points: A total of six critical vulnerabilities have been identified in Advantech Industrial Wi-Fi Access Points, five of which (CVE-2024-50370 through CVE-2024-50374, CVSS scores: 9.8) are related to improper neutralization of special elements. Users are urged to patch these vulnerabilities as soon as possible to prevent potential exploitation. Source: The Hacker News.

Podcasts

1. Tech and Science Daily Podcast - What is AI Cyber Warfare?: This episode discusses the concept of AI cyber warfare, a topic of interest at a recent Nato conference in London. The episode is currently unavailable but can be found on various podcast platforms. Source: Yahoo News UK
2. Think Ahead Podcast - Tackling Digital Risks in the Era of AI: This episode explores the rising digital risks, from cyberattacks to misinformation, in the era of AI. It provides insights into the current state of digital security. Source: London Business School
3. Contested Ground Podcast - Ongoing Risk of Nation-State Attackers: Major General (Ret'd) Dr Marcus Thompson, Liam Garman and Phil Tarrant discuss the findings from the ongoing risk of nation-state attackers and the defeated misinformation bill. Source: Defence Connect
4. Cyber Uncut Podcast - The Week in Cyber Security: Hosts David Hollingworth and Daniel Croft break down the last week in the cyber world, providing a comprehensive overview of recent cyber security events. Source: Cyber Daily
5. ESW Vault - 2023 Funding and Acquisition Summary with Return on Security: This episode, handpicked by main host Adrian Sanabria, discusses the 2023 funding and acquisition summary with a focus on return on security. Source: SC World

Final Words

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We hope you found our insights valuable and actionable. Remember, the digital world is a battlefield, and every click matters. Stay vigilant, stay informed, and most importantly, stay secure. If you found this newsletter helpful, why not share it with your friends and colleagues? After all, cybersecurity is a shared responsibility. Let's work together to make the digital world a safer place. See you tomorrow for more updates from the world of cybersecurity. Stay safe, stay secure.