Welcome to today's issue of ONSEC Cyber Daily, where we bring you the most pressing cybersecurity news from around the globe. Today, we delve into the FBI's recent warning about AI-driven cyberattacks, sparking serious concerns about the rise of advanced persistent threats, particularly those backed by Chinese entities. We also explore the vulnerability in the Tinxy Mobile Application that has exposed user data and the new Termite ransomware group that's causing havoc in the cyber world. In other news, cybercriminals are targeting employees with phishing emails disguised as HR or payroll notifications, while iPhone and Android users are urged to protect their devices from potential hacks. We also discuss the latest patches for vulnerabilities exploited at Pwn2Own and the critical Windows zero-day vulnerability that's being exploited in the wild. In our podcast section, we feature an insightful episode with Tanya Janca discussing secure coding and the role of AI in cybersecurity. We also highlight the importance of soft skills in the cybersecurity field and take a look at the current state of cyber defense in Europe and South Africa. Stay tuned for these stories and more in today's ONSEC Cyber Daily. Stay safe and informed!

Exploits Alert

1. FBI Warning Sparks Concerns About AI-Driven Cyberattacks: The FBI has issued a warning about a sophisticated cyberattack involving Chinese-backed artificial intelligence. This has raised serious concerns about the potential threats posed by AI-driven cyberattacks. Source: Evrim Ağacı
2. FBI Raises Alarm Over Chinese Cyber Threats: The FBI has raised an alarm over the rise of advanced persistent threats (APTs)—sophisticated, prolonged cyberattacks typically associated with Chinese cyber threats. Source: Evrim Ağacı
3. Vulnerability in Tinxy Mobile Application Exposes User Data: A vulnerability in the Tinxy mobile application has been discovered that exposes user data. The cyberattack is being attributed to a new Termite ransomware group and variant, a rebranding of Babuk ransomware. Source: The Cyber Express
4. FBI Cybersecurity Warning: Local Law Enforcement Cites AI Risks in Iron County: Local law enforcement in Iron County has cited AI risks following a recent FBI warning about a sophisticated cyberattack involving Chinese-backed artificial intelligence. Source: Iron County Today
5. FBI Issues Urgent Warning for iPhone and Android Users Protect Your Devices from Potential Hacks: The FBI has issued an urgent warning for iPhone and Android users to protect their devices from potential hacks. Texting between different operating systems often involves unencrypted methods, leaving messages vulnerable to interception by cybercriminals. Source: Media House Press

Vulnerabilities & Patches

1. QNAP Patches Vulnerabilities Exploited at Pwn2Own: QNAP has patched several vulnerabilities, the most severe being CVE-2024-50393, a command injection flaw with a CVSS score of 8.7. This flaw could allow remote attackers to execute commands. Source: SecurityWeek
2. THN Recap: Top Cybersecurity Threats, Tools and Tips: Several popular software have serious security flaws. Users are advised to update their software to stay safe. Source: The Hacker News
3. Google's New Open-Source Patch Validation Tools Vanir Unveiled: Google has unveiled a new patch validation tool called Vanir. This tool is designed to enhance the efficiency and accuracy of patch management. Source: Cyber Security News
4. Qlik Sense for Windows Vulnerability Allows Remote Code Execution: A high severity vulnerability in Qlik Sense for Windows allows remote code execution. Patches have been released for this vulnerability. Source: GBHackers
5. Critical Windows Zero-Day Vulnerability Exploited in the Wild - PoC Released: Microsoft has patched a critical zero-day vulnerability, CVE-2024-38193, which was actively exploited by the notorious North Korean hacker group Lazarus APT. Source: Cyber Security News

Podcasts

1. CISO Series - Cybersecurity News: This episode discusses a recent security breach at a Massachusetts hospital, the deployment of Recall, and the restoration of Blue Yonder. The podcast provides an in-depth analysis of these incidents and their implications for cybersecurity. Source: CISO Series
2. Shared Security Podcast - Tanya Janca on Secure Coding, AI in Cybersecurity, and Her New Book: Tanya Janca, a renowned cybersecurity expert, shares her insights on secure coding and the role of AI in cybersecurity. She also discusses her new book in this enlightening episode. Source: Security Boulevard
3. The Shared Security Podcast - Tanya Janca on Secure Coding, AI in Cybersecurity: This is another episode featuring Tanya Janca, where she delves deeper into secure coding and AI's impact on cybersecurity. The podcast offers valuable insights for anyone interested in these topics. Source: iVoox
4. The Cybersecurity Vault - Importance of Soft Skills in Cybersecurity: In episode 38, guest Evgeniy Kharam discusses the importance of soft skills in cybersecurity. The podcast emphasizes the role of communication and other soft skills in the cybersecurity field. Source: Medium
5. Security Boulevard - From Europe to South Africa: Where Is the World on Cyber Defense?: This episode analyzes two new reports suggesting that Europe and leading African nations face similar cyber threats. The podcast provides a global perspective on cyber defense strategies. Source: Security Boulevard

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. We hope you found our insights valuable in navigating the ever-evolving cyber landscape. Remember, in this digital age, staying informed is your first line of defense against potential threats. If you found this information useful, consider sharing it with your friends and colleagues. After all, cybersecurity is a shared responsibility. Let's work together to build a safer digital world. Stay vigilant, stay informed, and stay safe. Until next time, this is your trusted source for all things cybersecurity, signing off.