Good morning, ONSEC Cyber Daily readers! Today's newsletter is packed with critical updates and alerts that you need to know. We start off with a significant vulnerability in Satellite Weather software that allows attackers to execute code remotely. Cybersecurity firm Fortinet has issued an urgent warning about this newly discovered zero-day authentication vulnerability. In other news, Apple is urging iPhone users to update their devices amid a security breach. This warning means that hackers or law enforcement could gain full access to vulnerable devices. Solar power isn't safe either, with warnings of potential cyberattacks against small solar energy facilities. These attacks could cause financial damage and disrupt energy supply. We also cover the latest on the Fortinet FortiOS & FortiProxy Zero-Day that has been exploited to hijack firewalls and gain super admin access. In the realm of software updates, we discuss the critical OpenSSL vulnerability that allows hackers to launch man-in-the-middle attacks. Also, CISA has issued an alert about an actively exploited vulnerability in Microsoft Outlook. Lastly, we touch on the urgent password warning issued recently. If your password is one of the 10 listed, you're at risk. Stay tuned for more details on these stories and other cybersecurity news. Stay safe out there!

Exploits Alert

1. Satellite Weather Software Vulnerabilities: Cybersecurity firm Fortinet has issued a warning about a newly discovered zero-day authentication vulnerability in satellite weather software that allows attackers to execute code remotely. Users are advised to update their software to the latest version to mitigate the risk. Source: GBHackers
2. Critical OpenSSL Vulnerability: A critical vulnerability in OpenSSL could allow hackers to launch man-in-the-middle attacks. Fortinet has issued an urgent warning and users are advised to update their OpenSSL to the latest version. Source: Cybersecurity News
3. Apple iPhone Security Breach: Apple has warned iPhone users to update their devices amid a security breach that could allow hackers or law enforcement to gain full access to vulnerable devices. Users are urged to update their devices immediately. Source: New York Post
4. Cybersecurity and Solar Power Vulnerability: There are warnings of potential cyberattacks against small solar energy facilities. Cyberattacks on solar facilities could cause significant financial damage. Users are advised to adopt robust security practices to mitigate the risk. Source: JDSupra
5. Fortinet FortiOS & FortiProxy Zero-Day Exploit: A newly discovered zero-day authentication bypass vulnerability in Fortinet's FortiOS and FortiProxy has been exploited to hijack firewall and gain super admin access. Fortinet has issued an urgent warning and users are advised to update their software to the latest version. Source: GBHackers

Vulnerabilities & Patches

1. Microsoft Patch Tuesday, February 2025 Edition: Microsoft has released an update for all supported Windows operating systems to address a buffer overflow vulnerability, CVE-2025. The patch is part of Microsoft's regular Patch Tuesday updates. Source: Krebs on Security
2. SonicWall Firewall Vulnerability Allows VPN Session Hijacking: Security researchers at Bishop Fox have detailed an exploit of a vulnerability, CVE-2024-53704, in SonicWall Firewall that allows VPN session hijacking. An urgent patch is required to address this vulnerability. Source: Vulnera
3. Microsoft Targets 4 Zero-Day Flaws for February: Microsoft has released patches for four zero-day vulnerabilities, including CVE-2025-21418, which are under active exploit. The patches are part of Microsoft's regular updates. Source: Redmondmag.com
4. OpenSSL Patched High-Severity Flaw CVE-2024-12797: OpenSSL has patched a high-severity flaw, CVE-2024-12797, found by Apple that enables man-in-the-middle attacks. Users are advised to update their OpenSSL software to the latest version. Source: Security Affairs
5. Thousands of GFI KerioControl Firewalls Still at Risk of Exploited Critical RCE: Thousands of GFI KerioControl firewalls are still at risk from the CVE-2024-52875 vulnerability, nearly two months after patches were issued. Users are urged to apply the patch immediately to mitigate the risk. Source: SC Media

Podcasts

1. Crass joke row: Cyber Cell files case against India's Got Latent show jury: The Cyber Cell has filed a case against the jury of the YouTube show 'India's Got Latent' for controversial content. The authorities are seeking the removal of all episodes. Source: Mid-day
2. Case against India's Got Latent, 40 booked as Ranveer Allahbadia controversy escalates: The Maharashtra Cyber Cell has escalated the case against the YouTube show 'India's Got Latent' and its host Ranveer Allahbadia. Notices are being sent regarding the controversial content of the show. Source: Livemint
3. AI Vendor Transparency: Understanding Models, Data and Customer Impact: In this episode of 'Resilient Cyber', Ed Merrett, Director of Security & TechOps at Harmonic Security, discusses AI Vendor Transparency, focusing on understanding models, data, and the impact on customers. Source: Substack
4. AGG Talks: Healthcare Insights Podcast - Episode 8: In this episode of 'AGG Talks: Healthcare Insights', Jason Bring, AGG Healthcare Litigation co-chair, is joined by partner Kara to discuss healthcare litigation and government investigations. Source: JD Supra
5. Zero Trust Purple Team DevSecOps Mesh: A CASB Journey Through the Identity Fabric: In this episode of 'CISO Series Podcast', David Spark and Steve Zalewski discuss the journey of a Cloud Access Security Broker (CASB) through the identity fabric in a Zero Trust Purple Team DevSecOps Mesh. Source: CISO Series

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, we want to remind you that staying informed is the first step towards ensuring your digital safety. From the vulnerabilities in Satellite Weather software to the urgent warnings issued by Fortinet, and the security breaches affecting iPhone users, it's clear that no one is immune to cyber threats. We've also highlighted the importance of updating your devices and software regularly, as seen in the case of Apple and Microsoft. Remember, an outdated system is a vulnerable one. Finally, we've touched on the importance of strong, unique passwords, and the risks associated with using common or easily guessable ones. We hope you've found this information useful and that it will help you navigate the cyber world more safely. If you think this newsletter could benefit others, please share it with your friends and colleagues. Let's work together to create a safer digital community. Stay safe, stay updated, and we'll see you in the next edition of ONSEC Cyber Daily.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)