ONSEC Cyber Daily 10/14: Critical Cyber Alerts: Android and Chrome Risks in India and Vietnam, Jamaica’s Vulnerability, Fortinet and Firefox Patches

ONSEC Cyber Daily 10/14: Critical Cyber Alerts: Android and Chrome Risks in India and Vietnam, Jamaica’s Vulnerability, Fortinet and Firefox Patches

Welcome to your daily briefing from ONSEC Cyber Daily.

Today, we spotlight a surge of global cyber threats raising alarms across nations. In India, Android and Google Chrome users face critical risks, prompting the government to issue an urgent advisory. CERT-In has flagged severe vulnerabilities that could pave the way for major cyberattacks. Similarly, Vietnam’s Information Security Department has highlighted four dangerous cyber threats, urging heightened vigilance. Over in Jamaica, the Minister of Science and Energy warns of growing cybersecurity risks threatening the nation's digital infrastructure. In the tech realm, vulnerabilities in Fortinet FortiGate and Firefox are under scrutiny, with patches issued following reports of active exploitation.

On the podcast front, we preview the upcoming HLTH 2024 Conference on Healthcare IT Today, a deep dive into cyberwashing at Dentons Academy, and an insightful discussion on cyber insurance for operational technology in "Don't Take No for An Answer."

Exploits Alert

  1. Android And Google Chrome Users In India At High Risk Of Hacking: The Indian Computer Emergency Response Team (CERT-In) has issued an alert warning of critical vulnerabilities in Android and Google Chrome that could lead to hacking and cyberattacks. Users are advised to update their systems to the latest versions to mitigate these risks. Source: Times Now News.
  2. High Risk Warning For Google Chrome And Android: The Indian government has released a high-risk warning for Google Chrome and Android users. Cyberattackers could potentially execute arbitrary code and gain unauthorized system access if a victim visits a specially crafted webpage. Source: India Today.
  3. Risk Of Cyber Attacks On Vietnamese Systems: The Information Security Department in Vietnam has issued a warning about nine new security vulnerabilities that pose a threat to information systems in the country. Users are urged to take necessary precautions to protect their systems. Source: Vietnam.vn.
  4. High-Risk Warning For Google Chrome, Android Users: Multiple vulnerabilities have been identified in Google Chrome and Android, classified as "high severity". If exploited, these vulnerabilities could allow cyber attackers to execute arbitrary code. Source: PTC News.
  5. Jamaica Vulnerable To Cybersecurity Risk: Jamaica's Minister of Science, Energy, and Technology, Daryl Vaz, has warned that the country is vulnerable to cybersecurity threats. The minister urged individuals and businesses to take necessary precautions to protect their digital assets. Source: The St Kitts Nevis Observer.

Vulnerabilities & Patches

  1. Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance: A complex vulnerability was discovered in all currently-maintained branches of Fortinet FortiGate. The vulnerability, CVE-2024-23113, was recently highlighted by CISA as being exploited in the wild. Source: Watchtowr Labs.
  2. Recently-patched Firefox bug exploited against Tor browser users: The Tor anonymity network issued an emergency patch last week for a recently discovered Firefox bug. The vulnerability, CVE-2024-9680, is described as a “use-after-free” flaw. Source: The Record.
  3. 14th October – Threat Intelligence Report - Check Point Research: Microsoft's October 2024 Patch Tuesday fixed 117 security vulnerabilities, including CVE-2024-43572 and CVE-2024-43573. The key patches addressed critical remote vulnerabilities. Source: Check Point Research.
  4. Recent Firefox Zero-Day Exploited Against Tor Browser Users - SecurityWeek: A recent zero-day vulnerability in Firefox was exploited against Tor browser users. Patches for CVE-2024-9680 were included in Firefox version 131.0. Source: SecurityWeek.

Podcasts

  1. HLTH 2024 Conference Preview – Healthcare IT Today Podcast Episode 151: This episode provides a preview of the upcoming HLTH Conference, a significant event in the healthcare IT sector. The hosts discuss what to expect from the conference and share their insights on the latest trends in healthcare IT. Source: Healthcare IT Today.
  2. What is cyberwashing? - Dentons: In this podcast, partners Ben Allen and Robyn Chatwood discuss the concept of cyberwashing, which refers to misleading claims about cybersecurity. They delve into the implications of this practice and how it affects the cybersecurity landscape. Source: Dentons.
  3. Emergency Satellite Messaging, Stagnation in User Cybersecurity Habits: This milestone 350th episode of the Shared Security Podcast reflects on 15 years of podcasting and the evolution of cybersecurity habits among users. The hosts discuss the stagnation in user cybersecurity habits and the implications of this trend. Source: Security Boulevard.
  4. Cyber Insurance For Operational Technology: Where Computers Touch The Real World: Lynda A. Bennett, Chair of Lowenstein's Insurance Recovery Group, speaks with David Anderson about cyber insurance for operational technology. They discuss the intersection of computers and the real world, and the role of insurance in mitigating cyber risks. Source: Mondaq.

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. As we've seen, the world of cybersecurity is a rapidly evolving landscape, with new threats and vulnerabilities emerging daily. From India to Vietnam, Jamaica, and beyond, no one is immune to these risks. But remember, knowledge is power. By staying informed, you can take proactive steps to protect yourself and your digital assets. So, if you found today's newsletter helpful, why not share it with your friends and colleagues? You never know, you might just help someone dodge a cyber bullet. Stay safe, stay informed, and remember, in the world of cybersecurity, the only constant is change. So, keep an eye on your inbox for tomorrow's edition of ONSEC Cyber Daily, where we'll bring you the latest updates from the frontlines of the digital battlefield. Until then, keep your data secure and your software patched. Signing off, ONSEC.