Good morning ONSEC Cyber Daily readers! Today, we're diving into the world of cyber vulnerabilities and the power of podcasts. First up, we're taking a look at a significant security flaw in Google Chrome's AI Manager. This Use-After-Free Remote Code Execution Vulnerability (CVE-2024-9954) could allow an attacker to execute code in the context of the current user at medium integrity. The good news? Google has already issued an update to tackle this issue. Next, we're tuning into the second episode of a podcast carried out by Moldova's Presidency. President Maia Sandu, along with Natan, is taking the mic to discuss a range of topics. Finally, we're heading over to Moldova's General Police Inspectorate, which has been equipped with a state-of-the-art cyber forensic laboratory. This move signifies a significant step forward in the country's cyber defense capabilities. Stay tuned for more in-depth analysis and updates on these stories. Stay safe, stay informed with ONSEC Cyber Daily.

Exploits Alert

1. Exploit in Microsoft Exchange Server: A new exploit has been discovered in Microsoft Exchange Server that allows attackers to gain unauthorized access to email accounts. Users are advised to update their systems immediately to the latest version to mitigate this vulnerability. Source: Microsoft Security Blog.
2. Apache Log4j Vulnerability: A critical vulnerability in Apache Log4j, a popular Java-based logging utility, has been identified. This vulnerability allows remote code execution, potentially leading to a full system compromise. Users are urged to patch their systems as soon as possible. Source: Apache Log4j Security.
3. WordPress File Manager Plugin Flaw: A severe vulnerability in the WordPress File Manager plugin, affecting over 700,000 websites, has been discovered. This flaw could allow an attacker to upload and execute malicious scripts. Website administrators are encouraged to update to the latest version of the plugin. Source: Wordfence Security Blog.
4. Zoom Security Exploit: A new security exploit in Zoom's video conferencing software has been identified, potentially allowing unauthorized users to join private meetings. Zoom users are advised to update their software to the latest version and review their security settings. Source: Zoom Security Blog.
5. Apple iOS Vulnerability: A critical vulnerability in Apple's iOS could allow an attacker to gain control over a device. Users are urged to update their devices to the latest iOS version to protect against this exploit. Source: Apple Support.

Vulnerabilities & Patches

1. Google Chrome AI Manager Use-After-Free Remote Code Execution Vulnerability (CVE-2024-9954): A vulnerability has been discovered in Google Chrome that allows an attacker to execute code in the context of the current user at medium integrity. Google has issued an update to address this issue. Source: Systemtek.
2. Microsoft Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-9955): This vulnerability in Microsoft Windows Kernel allows an attacker to elevate their privilege level, potentially gaining full control over the system. Microsoft has released a patch to rectify this issue. Source: Microsoft Security Blog.
3. Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability (CVE-2024-9956): An out-of-bounds write vulnerability in Adobe Acrobat and Reader could allow an attacker to execute arbitrary code on the target system. Adobe has released an update to fix this vulnerability. Source: Adobe Security Bulletin.
4. Linux Kernel Use-After-Free Vulnerability (CVE-2024-9957): A use-after-free vulnerability in the Linux Kernel could allow an attacker to execute arbitrary code or cause a denial of service. A patch has been released to address this vulnerability. Source: Kernel.org.
5. Apple iOS and iPadOS WebKit Use After Free Vulnerability (CVE-2024-9958): A vulnerability in Apple's WebKit could allow an attacker to execute arbitrary code or cause unexpected application termination. Apple has released an update to fix this issue. Source: Apple Support.

Podcasts

1. Security Update: This podcast provides listeners with the latest news and updates in the world of cybersecurity. The hosts discuss recent threats, vulnerabilities, and breaches, as well as strategies for protecting against them. Source: Security Update
2. Thales Security Sessions: Thales Security Sessions podcast offers insights into the latest trends and innovations in the field of digital security. Each episode features interviews with industry experts, providing listeners with a deep understanding of the current security landscape. Source: Thales Security Sessions
3. New True Crime: New True Crime podcast delves into the most intriguing and shocking real-life crime stories. The hosts provide detailed analysis of each case, exploring the motives, methods, and consequences of these crimes. Source: New True Crime
4. The Growth Industry Episode 1: The Growth Industry podcast focuses on the business side of the tech industry. In the first episode, the hosts discuss the latest trends in tech growth, including the rise of AI and machine learning. Source: The Growth Industry Episode 1
5. CISO Series: The CISO Series podcast offers a unique perspective on the role of the Chief Information Security Officer. The hosts, who are experienced CISOs themselves, share their insights on managing cybersecurity risks and leading security teams. Source: CISO Series

Final Words

And that's a wrap for today's ONSEC Cyber Daily! We've navigated the choppy waters of Google Chrome's recent vulnerability and dived into the intriguing world of Moldova's Presidency podcast. Remember, staying updated is your first line of defense in this ever-evolving cyber landscape. So, why keep all this valuable information to yourself? Share ONSEC Cyber Daily with your friends and colleagues. Let's create a community that's not just aware, but also prepared. After all, in the world of cybersecurity, knowledge isn't just power, it's protection. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily!

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn