Latest

Cyber Daily 12/21: iPhone, Android App Warning, Chinese Hacking Threats, Rapido Data Breach, Cisco Vulnerability, Google Chrome and BeyondTrust Updates

Welcome to the ONSEC Cyber Daily for December 21st. Today's issue is packed with critical updates and alerts from the cyber world. We start with a stern warning from Forbes about certain apps that pose a threat to iPhone and Android users. The U.S. government's

Cyber Daily 12/20: FBI Warns of HiatusRAT Threat to Webcams, DVRs; BeyondTrust Vulnerability Exploited; AI-Driven Cyber Threats Predicted by 2025; Critical FortiWLM Vulnerability Patched by Fortinet

Welcome to your ONSEC Cyber Daily for December 20th. Today, we're diving into a series of critical cybersecurity issues that have been making headlines. The FBI has issued a stark warning about HiatusRAT malware, a threat that's been targeting webcams and DVRs, leaving them vulnerable to

Cyber Daily 12/19: US-China Mobile Security Alert, Google Chrome Vulnerabilities in India, SHARP Routers and Fortinet Flaws, Rhode Island Cybersecurity Warning, Podcast Insights on Cybersecurity Future

Good morning, ONSEC Cyber Daily readers! Today's newsletter is packed with critical updates and insights you won't want to miss. We kick off with an urgent mobile security alert issued by the US over Chinese cyber threats. CISA is advising iPhone users to enable Lockdown Mode

Cyber Daily 12/18: Rhode Island's Unaddressed Cybersecurity Warning, Apache Struts and Cleo Software Exploited, Hitachi Energy and BeyondTrust Patch Critical Vulnerabilities

Good morning, ONSEC Cyber Daily readers! Today's issue is packed with critical updates and alerts you need to know. We start off in Rhode Island, where the state's social service and healthcare technology infrastructure is under attack by cybercriminals. Despite the Auditor General's repeated

Cyber Daily 12/17: Rising Tech Outages, CISA's 2024 Review, Windows Kernel Vulnerability, Adobe & Windows Exploits, HiatusRAT Attacks, Cleo & DrayTek Vulnerabilities, CISA & EPA Guidelines, Cross Apple-Android Texting Warning

Welcome to the ONSEC Cyber Daily newsletter for December 17th. Today, we're diving into the escalating wave of tech outages and cybercrime losses, as reported by Macleans and Cybersecurity Ventures. We'll also explore North Korea's cyberattack strategies, Iran's advancing cyber capabilities, and

Cyber Daily 12/16: DrayTek Vulnerabilities Impact Hundreds, CISA and EPA Shield Water Systems, Cross-Platform Texting Warning, Medical Imaging RCE Alert, Android Chrome Security Alert, Clop Ransomware Hits Cleo, NoviSpy Exploits Qualcomm Bugs

Welcome to today's issue of ONSEC Cyber Daily, where we bring you the most impactful cybersecurity news in a digestible format. In today's headlines, hundreds of organizations have fallen victim to cyberattacks exploiting undocumented vulnerabilities in DrayTek. The cybersecurity vendor Forescout has issued a warning about

Cyber Daily 12/14: CISA Warns of Cleo, CyberPanel Exploits; Samsung, Apple Patch Critical CVEs; Ransomware Gangs Target RDP Services; Podcasts Discuss Cybersecurity Trends

Welcome to today's issue of ONSEC Cyber Daily! We're diving into a whirlwind of cyber threats and security patches. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about ransomware gangs exploiting the Cleo 0-Day vulnerability, a situation reminiscent of the MOVEit hack campaign.

Cyber Daily 12/13: Dell and Citrix Under Attack, Microsoft's Early Christmas Gift, Water Treatment Facilities at Risk

Welcome to the ONSEC Cyber Daily, your one-stop source for the latest in cybersecurity news. Today, we're diving into the critical Dell security vulnerabilities that are compromising affected systems. We'll hear from Varshini, a cybersecurity expert, on the importance of staying ahead of emerging threats. We&

Cyber Daily 12/12: Water Treatment Facilities at Risk, Windows 0Day Attack, China Denies Telco Attacks, WordPress Plugin Flaw, Microsoft's Patch Tuesday

Welcome to the ONSEC Cyber Daily for December 12th. Today, we're diving into a chilling tale of cyberattacks on water treatment facilities, revealing how a cyberattacker tried to poison a Florida city's water supply by remotely accessing internal systems. We're also discussing the new

Cyber Daily 12/11: iCloud Data Vulnerability, Cleo Software Exploits, Dell Power Manager Flaw, QNAP NAS Risks, Patch Tuesday Highlights

Welcome to today's issue of ONSEC Cyber Daily! We're diving into a series of vulnerabilities that have been making waves in the cybersecurity world. First up, we're looking at a flaw in the TCC iOS Subsystem that's leaving iCloud data exposed to

Cyber Daily 12/10: Android, Windows Security "Downdates", CISA's 271 Warnings, iOS 18 Update Risk, HealthAlliance's $550K Settlement, Mitel MiCollab Vulnerabilities

Welcome to today's issue of ONSEC Cyber Daily. 🔴 ONSEC is now on X (Twitter)!!! Follow us for timely updates on critical security news, vulnerabilities, exploits, expert articles, and more! Follow ONSEC Team on X Moreover, today we starting with a new Android and Windows attack that "downdates&

Cyber Daily 12/9: FBI Warns of AI-Driven Cyberattacks, Chinese Threats, Tinxy App Vulnerability, Termite Ransomware Hits Blue Yonder, Patches for QNAP, Google's Vanir, and Windows Zero-Day

Welcome to today's issue of ONSEC Cyber Daily, where we bring you the most pressing cybersecurity news from around the globe. Today, we delve into the FBI's recent warning about AI-driven cyberattacks, sparking serious concerns about the rise of advanced persistent threats, particularly those backed by

Cyber Daily 12/7: Windows Zero-Day Warning, China's Cyber Spying Denial, FBI Alerts on iPhone, Android Attacks, Atrium Health Data Breach, Cybersecurity Podcast Insights

Welcome to your daily dose of ONSEC Cyber Daily. Today, we're diving into a whirlwind of cybersecurity warnings, vulnerabilities, and cyberattacks that are making headlines worldwide. First up, we have a critical warning for all Windows users. A zero-day vulnerability with no official fix has been confirmed, leaving

Cyber Daily 12/6: Secure by Design' Alert Updated, Windows 7 to 11 Zero-Day Warning, FBI Cautions iPhone-Android Texting Amid Chinese Cyberattack, CISA Warns of CyberPanel, Zyxel Flaws

Welcome to today's issue of ONSEC Cyber Daily. In this edition, we delve into the latest updates from cybersecurity agencies who are ramping up their 'Secure by Design' alerts to counteract emerging threats. We'll also discuss the recent warning issued by the FBI urging

Cyber Daily 12/5: FBI and CISA Warn of Text Message Vulnerabilities, China's 'Salt Typhoon' Cyber Threat, CyberPanel and Zyxel Firewall Flaws, SAP and Mitel Software Vulnerabilities

Welcome to the ONSEC Cyber Daily, your one-stop source for the latest in cybersecurity news. In today's issue, we dive into the alarming warnings issued by the FBI and CISA about the vulnerability of text message data and the urgent need to use encrypted apps. This comes in

Cyber Daily 12/4: Cisco's Decade-Old WebVPN Vulnerability Fuels Botnet, LastPass Dodges Deepfake CEO Scam, Google Chrome's Emergency Update, PRC Cyber Threats Tackled by CISA & FBI, EU's Cybersecurity Shield, Palo Alto Firewalls Breached

Welcome to today's issue of ONSEC Cyber Daily, where we bring you the most impactful cybersecurity news in one place. Today, we're focusing on the urgent call from Cisco to patch a decade-old WebVPN vulnerability that's fueling the Androxgh0st botnet activity. This comes as

Cyber Daily 12/3: Log4Shell Exploits in VMware, Cisco's Decade-Old ASA WebVPN Vulnerability, Australia's CISC Guidance, Samsung's Security Patch, Windows Driver Vulnerability

Welcome to the ONSEC Cyber Daily newsletter for December 3rd, 2024. Today, we delve into the most exploited vulnerabilities of 2023 and how they are shaping the cybersecurity landscape for 2025. We'll discuss how nation-state actors and cybercriminals have leveraged Log4Shell in various campaigns, including its notable use

Cyber Daily 11/30: Russian 0-Click Backdoor Attack on Windows, Bank of England's Cyber Threat Warning, Chinese Cyberespionage Impact on Gov Agencies, Microsoft and Oracle's Critical Patches

Welcome to ONSEC Cyber Daily Newsletter! Stay ahead of the curve with today’s critical updates in cybersecurity. From alarming 0-click backdoor attacks targeting Windows systems to high-risk vulnerabilities in industry-critical software, the landscape of threats continues to evolve. This edition highlights the latest exploits and patches, emphasizing the urgency

Cyber Daily 11/29: Russian 0-Click Attack on Windows, Zyxel Firewalls Targeted by Helldown, India's Firefox Warning, Raspberry Pi Security, Advantech Wi-Fi Flaws, AI Cyber Warfare

Welcome to another edition of ONSEC Cyber Daily. Today, we're diving into a series of critical cybersecurity updates that have been making headlines. First up, we're looking at a confirmed Russian cyber attack that exploited a severe vulnerability in Windows, leading to a 0-click backdoor attack.

Cyber Daily 11/28: Oracle Agile PLM Flaw, Africa's Cybercrime Crackdown, Google Chrome Security Risks, ProjectSend Exploitation, Australia's Cyber Security Act, Windows 11 Vulnerability, Firefox Zero-Day Flaws

Happy Thanksgiving! 🦃🍁 We hope you’re enjoying this season of gratitude and celebration. Welcome to the latest issue of ONSEC Cyber Daily, your one-stop source for the most impactful cybersecurity news. Today, we're diving into a series of critical vulnerabilities and the urgent actions needed to mitigate them.

Cyber Daily 11/27: PTA Warns of WordPress Plugin Flaw, England's Weather Vulnerability Mapped, Android and iPhone Users Alerted, Grafana and ProjectSend Exploits, Microsoft and QNAP Patch Critical Gaps

Welcome to your daily dose of ONSEC Cyber Daily. Today, we're diving into a plethora of critical security alerts and vulnerabilities that are making waves in the cyber world. First up, we have a critical security alert issued by PTA against a significant flaw in a WordPress plugin.

Cyber Daily 11/26: Palo Alto and Android Vulnerabilities, CISA's New Exploited Catalog, Apple Users Warned, Zyxel Firewall and 7-Zip Breaches, Android & Google Pixel Flaws, Array Networks and QNAP Patches

Welcome to your ONSEC Cyber Daily dose for November 26th. Today, we're diving into a sea of vulnerabilities and warnings that are making waves in the cybersecurity world. First up, Palo Alto's certification validation flaw is causing a stir, allowing attackers to escalate privileges. Meanwhile, Android

Cyber Daily 11/25: Google Pixel & Apple Users Urged to Update Devices, Critical 7-Zip & QNAP Vulnerabilities, DoJ Seizes PopeyeTools, Deepfake Fraud Exposed

Good morning, ONSEC Cyber Daily readers! We've got a lot to cover today, so let's dive right in. First up, Google Pixel users, you have 72 hours to update your phone. This urgent warning comes as two vulnerabilities have been discovered, prompting the US cybersecurity agency

Cyber Daily 11/23: Google AI Uncovers 26 Open-Source Vulnerabilities, Indian Govt. Warns Apple Users, EPA Issues Water System Cyberattack Alert, Palo Alto Firewalls Compromised, CISO Insights, Podcasts on Cybersecurity

Welcome to your ONSEC Cyber Daily dose for November 23rd. Today, we delve into the world of vulnerabilities and patches. Google's AI has identified 26 new vulnerabilities in open-source projects, highlighting the importance of staying updated. Small businesses are facing heightened vulnerability, with cyber insurance becoming a necessity.

Cyber Daily 11/22: D-Link, NVIDIA, Google, Apple, Palo Alto Vulnerabilities; India, EPA Warnings; Cybersecurity Podcast Insights

Your Daily Dose of Cybersecurity Updates (11/22) Hello there, Welcome to another edition of ONSEC Cyber Daily, where we bring you the most critical cybersecurity updates from around the globe. Today, we're diving into a series of vulnerabilities and patches that have been making headlines. First up,

Cyber Daily 11/21: EPA Warns of Water Utility Cyber Vulnerabilities, Indian Govt. Alerts Chrome Bug, VMware VCenter Under Attack, Ubuntu Server Flaws Exposed, Apple and Android Users Urged to Update

Welcome to the ONSEC Cyber Daily for November 21st. Today's issue is packed with critical updates and warnings from across the globe. We kick off with a warning from the EPA about cybersecurity vulnerabilities in water utilities, affecting millions of customers. Meanwhile, the Indian government's cybersecurity

Cyber Daily 11/20: Google's 20-Year-Old Flaw, Apple's Zero-Day Attack, Vulnerable Water Utilities, Oracle's Agile PLM Exploited

Welcome to the ONSEC Cyber Daily for November 20th. Today, we're diving into a whirlwind of cyber threats and vulnerabilities that have been making headlines. First up, Google has confirmed a critical 20-year-old security flaw, which it's addressing using a new Fuzzy AI. This AI-powered fuzzing

Cyber Daily 11/19: Ionix's Cloud Exposure Validator, PTA's PHP Vulnerability Alert, VMware and Palo Alto's Critical Flaws, Czech Banks on Cyber Alert

Welcome to the ONSEC Cyber Daily for November 19th, 2024. Today's issue is packed with critical updates and insights on the ever-evolving cybersecurity landscape. Ionix has unveiled a new tool to streamline cloud security alert management, while the PTA has issued a cyber alert over a critical PHP

Cyber Daily 11/18: Palo Alto's Zero-Day Firewall Bug, Hong Kong's Cybersecurity Drill, Arkansas' Cyber Insurance Need, Five Eyes Alliance's Top Vulnerabilities, MSSP Market Update, NCSC's Black Friday Warning

Welcome to your ONSEC Cyber Daily dose for November 18th. Today, we're diving into the world of cybersecurity, where the stakes are high and the threats are ever-evolving. Palo Alto Networks is in the spotlight, patching a critical zero-day firewall bug and dealing with two more bugs in

Cyber Daily 11/16: Microsoft Halts Security Updates, DEEPDATA Malware Targets Fortinet, GeoVision Devices Exploited by Botnet, Palo Alto Faces Multiple Exploits

Welcome to the ONSEC Cyber Daily, your daily dose of cybersecurity news and updates. Today, we're diving into a series of critical developments that have been making waves in the cybersecurity landscape. First up, Microsoft has hit pause on its November 2024 Exchange Security Updates due to email

Cyber Daily 11/15: US EPA Flags Cybersecurity Risks in Water Systems, CISA Reports Rising Zero-Days, Vietnam Strengthens Cybersecurity with CISA, Palo Alto and Cisco Face Critical Vulnerabilities

Welcome to the ONSEC Cyber Daily, your one-stop source for the latest in cybersecurity news. Today, we're diving into a recent US EPA report that highlights significant cybersecurity flaws in our drinking water systems, raising concerns about potential disruptions and public health risks. We'll also be

Cyber Daily 11/14: UK, Five Eyes Warn of Rising Zero-Day Exploits, CyberFirst at Kunoichi Games, Microsoft Patches CVE-2024-43451, D-Link Refuses to Patch Older Modems

Welcome to today's issue of ONSEC Cyber Daily! As we navigate the ever-evolving cyber landscape, we're seeing a significant shift in cyber attackers exploiting zero-day vulnerabilities. The UK and its allies have issued a stark warning, with the Five Eyes cybersecurity agencies reporting a notable increase

Cyber Daily 11/13: Microsoft's Patch Tuesday Fixes 91 Flaws, Zero-Day Cyberattacks Surge, Chrome Warns 3.2B Users, UK and Allies Highlight Cyber Vulnerabilities

Welcome to the ONSEC Cyber Daily for November 13th. Today, we're diving into a whirlwind of cybersecurity updates that have been making waves across the globe. From the surge in 'zero-day' cyberattacks warned by the Feds to the critical vulnerabilities actively exploited, the cyber landscape is

Cyber Daily 11/12: CISA, FBI, NSA Warn of Top 2023 Exploits, Germany on High Alert, Mazda's Vulnerability, Apple and Google Chrome Users at Risk, Critical WordPress and PAN-OS Vulnerabilities, Patch Updates for SAP, HPE, Dell, and Veeam

Good morning, ONSEC Cyber Daily readers! Today, we're diving into a whirlwind of cybersecurity alerts and vulnerabilities that have been making headlines. The CISA, FBI, NSA, and International Partners have released a joint advisory on the top routinely exploited vulnerabilities of 2023. This comes as Germany's

Cyber Daily 11/11: CISA Alerts on Critical CVE-2024-8934, SEO Poisoning Threatens Google Users, Oracle WebLogic and PAN-OS Vulnerabilities, Patch Tuesday Forecast

Welcome to your ONSEC Cyber Daily dose for 11/11. Today, we're diving into a whirlwind of cybersecurity alerts and vulnerabilities that are making waves across the globe. First up, we're looking at the urgent alert issued by CISA regarding the critical vulnerability CVE-2024-8934 threatening our

Cyber Daily 11/9: Critical Google Chrome Alert, Indian Govt Warning, HPE and Palo Alto Vulnerabilities, CISA Warnings, Cisco and Android Flaws, Oracle and Dell Patches

Good morning, ONSEC Cyber Daily readers! Today, we're diving into a flurry of critical alerts and warnings that have been issued by various cybersecurity agencies worldwide. First up, Google Chrome users, you're on high alert! The government has issued a severe warning about vulnerabilities that could

Cyber Daily 11/8: Google's LLM Fixes Database Bug, CISA Alerts on Palo Alto's Active Exploit, Cybersecurity Earnings Dip, Cisco's Wireless Devices Vulnerable

Welcome to the ONSEC Cyber Daily ! Today, we're diving into the world of cybersecurity, where vulnerabilities are being discovered and patched at a rapid pace. Google's LLM Agent has found and fixed a real-world bug in a popular database, demonstrating the power of AI in combating

Cyber Daily 11/7: Google and Cisco Patch Critical Vulnerabilities, Open Redirect Attacks Exploited, Sports Sector Cyber Vulnerability, Cybersecurity in Healthcare and Elections

Welcome to the November 7th issue of ONSEC Cyber Daily. Today, we're diving into the murky waters of open redirect attacks, a versatile tool that cybercriminals are using to scale their attacks. We'll also explore the potential cyber vulnerabilities in the sports sector, particularly among volunteers.

Cyber Daily 11/6: Google Patches Android Zero-Days, FBI Warns of Email Takeovers, AI Revolutionizes Cybersecurity, Unpatched Synology Devices at Risk

Welcome to the ONSEC Cyber Daily! Today, we're diving into the world of Android vulnerabilities, with Google patching two zero-day vulnerabilities that have been exploited in targeted attacks. The FBI has issued a warning about cybercriminals taking over email accounts via stolen session cookies, highlighting the importance of

Cyber Daily 11/5: Google's AI Discovers Vulnerability, CISA Alerts on PTZOptics Cameras & Rockwell Systems, Samsung & Google Patch Android Flaws, Nigerian Phishing Scam, Russian Disinformation Campaign

Welcome to the latest issue of ONSEC Cyber Daily, your one-stop source for the most impactful cybersecurity news. Today, we're diving into a groundbreaking discovery by Google's Project Zero and DeepMind, who have uncovered their first real-world vulnerability using a large language model. This marks a

Cyber Daily 11/4: American Water Cyberattack, SharePoint Flaw Threatens Networks, Nigerian Phishing Scam Conviction, Synology NAS Vulnerability, Russian Disinformation Campaign

Welcome to the ONSEC Cyber Daily, your one-stop source for the latest cybersecurity news. Today, we're diving into the recent cyberattack on American Water, highlighting the vulnerabilities that continue to plague critical infrastructure sectors. We're also discussing the SharePoint flaw that's putting entire corporate

Cyber Daily 11/2: Georgia Fights Russian Disinformation, 60% of Election Sites Vulnerable, India Warns Chrome Users, EU's New Cybersecurity Obligations

Welcome to the ONSEC Cyber Daily, your daily dose of the most impactful cybersecurity news. Today, we're diving into the ongoing battle against election disinformation, with Georgia's Secretary of State pushing for the removal of Russian disinformation from social media. We're also looking at

Cyber Daily 11/1: MFA Vulnerability Exposes Credit Card Data, Sri Lanka CERT Warns of Cybercrime Surge, CISA and NIST Update on AI Cyberattacks

Welcome to the November 1st issue of ONSEC Cyber Daily, your one-stop source for the latest in cybersecurity news. Today, we're diving into a range of critical vulnerabilities and patches, from an MFA website vulnerability that puts credit card data at risk, to a surge in cybercrime in

Cyber Daily 10/31: Fortinet Discloses More Malicious IPs, CISA Updates Manufacturing Software Guidance, AVTECH and Room Alert Support Cybersecurity, Microsoft SharePoint Vulnerability Exploited

Welcome to your ONSEC Cyber Daily newsletter for October 31st. Today, we're diving into a web of cyber threats and vulnerabilities that are keeping the cybersecurity world on its toes. Fortinet has discovered more malicious IPs linked to a widely exploited zero-day vulnerability, a serious threat that could

Cyber Daily 10/30: Quantum Computing Threat Looms, U.S. Water Sector at Risk, Instagram Vulnerability, Apple and Google Patch Major Flaws, AI Cyberattacks on the Rise

Welcome to ONSEC Cyber Daily! We're thrilled to introduce our new section: "Wisdom from the ONSEC Founders' Vault." Tap into the expertise of our founders with exclusive insights and strategies to stay ahead in cybersecurity. In today’s issue: * Quantum computing threatens encryption as criminals

Cyber Daily 10/29: Samsung's 24-Hour Update Deadline, CISA's Qualcomm Warning, Microsoft's Windows Kernel Exposed, Italian State Databases Breached

Welcome to today's issue of ONSEC Cyber Daily, where we bring you the most pressing cybersecurity news in one place. In a race against time, Samsung users are urged to update their phones within 24 hours due to a newly discovered vulnerability. The US cybersecurity agency, CISA, has

Cyber Daily 10/28: Belgium's Leonidas Project, Critical Infrastructure Cybersecurity, CISA and FBI Alert on XSS, Philips Smart Bulbs' IoT Vulnerabilities, Microsoft Windows High Risk Warning

Welcome to the ONSEC Cyber Daily, your one-stop source for the latest in cybersecurity news. In today's issue, we delve into Belgium's Leonidas Project and its efforts to boost national cyber resilience, a critical initiative in a world where cyber threats are a constant buzz. We

Cyber Daily 10/26: Cloud Servers Cryptocurrency Schemes, Microsoft Windows Vulnerabilities, Samsung Security Issue, Cisco ASA Patch

Welcome to your daily dose of ONSEC Cyber Daily. Today, we're diving into a world where cloud servers are being exploited for secret cryptocurrency schemes, and open-source security solutions are rising as the heroes. We're also looking at the government's latest cybersecurity warnings about

Cyber Daily 10/25: Nvidia Security Alert for Gamers, Water Utilities Vulnerable Post-Pennsylvania Attack, FortiManager Devices Compromised, Virgin Media's Public Wi-Fi Warning

Welcome to the latest issue of ONSEC Cyber Daily, your one-stop source for the most impactful cybersecurity news. Today, we're diving into a critical security warning for 200 million Nvidia users, both Linux and Windows gamers alike. Veteran cybersecurity writer, Davey Winder, has highlighted an improper input validation

Cyber Daily 10/24: Russian Cyber Campaign Intensifies, Fortinet FortiManager Vulnerability Exploited, Cyberattacks on Spring Java Framework, Critical Alerts for Windows and Cisco Updates

Welcome to the ONSEC Cyber Daily for October 24th. Today, we're diving into the escalating cyber campaign by Russian Intelligence, as reported by the Kyiv Post. Western intelligence agencies are urging organizations worldwide to stay vigilant. In the UK, the National Cyber Security Centre (NCSC) is offering a

Cyber Daily 10/23: Zimbra, Stormshield Vulnerability Alert, Veeam Ransomware Exploits, VMware's Patching Crisis, Bitdefender's Critical Flaws, and Cybersecurity Podcast Insights

Welcome to the ONSEC Cyber Daily for October 23rd. Today, we're diving into a whirlwind of vulnerabilities, patches, and cyber threats that have been making waves in the cybersecurity world. We start with a critical vulnerability in the Postjournal Zimbra software suite, which has prompted a security alert

Cyber Daily 10/22: Veeam Ransomware Exploits, Sciencelogic Vulnerability Alert, FortiManager's Security Gap, VMware's vCenter Server Patch Snag

Welcome to the ONSEC Cyber Daily for October 22nd. Today, we're diving into a flurry of cybersecurity updates and vulnerabilities that have been making waves in the tech world. First up, we're looking at the critical Veeam CVE that's being actively exploited in ransomware

Cyber Daily 10/21: AI-Driven Attacks Surge, Gmail & Roundcube Users Alerted, Cyprus Cyberattack, Fortinet & Atlassian Patch Critical Vulnerabilities

Welcome to today's issue of ONSEC Cyber Daily, where we bring you the latest and most impactful cybersecurity news. In today's edition, we delve into the rising threat of AI-driven cyberattacks, with Forbes warning of 1,000 elite hackers now harnessing the power of AI. Meanwhile,

Cyber Daily 10/19: Microsoft's 10-Day Windows Update Deadline, American Water Cyberattack, Gen Z's Online Vulnerability

Welcome to the latest issue of ONSEC Cyber Daily. Today, we're sounding the alarm on a series of critical vulnerabilities and cyber threats that are making headlines. First up, Microsoft has issued a 10-day deadline for Windows users to update their systems or risk being unable to use

Cyber Daily 10/18: GitHub and Mozilla Firefox Vulnerabilities, US Indicts Russia's GRU Unit, Critical Patches for Kubernetes and VMware, Podcast Insights from CISO Rubrik

Welcome to your ONSEC Cyber Daily dose for October 18th. Today, we're diving deep into the world of cybersecurity, exploring the critical role of VAPT in fortifying our digital defenses. With over 72% of organizations worldwide falling victim to at least one ransomware attack, the need for robust

Cyber Daily 10/17: China's Intel Alert, India's Firefox Warning, Trend Micro Vulnerability, Patch Updates from Oracle, Cisco

Welcome to the latest issue of ONSEC Cyber Daily. Today, we're diving into a world where cybersecurity threats are escalating and vulnerabilities are being exploited. China's spy agency is sounding the alarm on growing cybersecurity threats, particularly highlighting the vulnerabilities in Intel chips. Meanwhile, India'

Cyber Daily 10/16: GitHub Patches Critical Flaw, Muah.ai Faces Extortion Threats, Russian Cyber Campaign Threatens UK

Good morning, ONSEC Cyber Daily readers! Today’s highlights include GitHub patching a critical Enterprise Server flaw to prevent unauthorized access and the Muah.ai breach exposing cyber vulnerabilities and leading to extortion threats. Organizations must also address exploited SolarWinds Web Help Desk vulnerabilities and stay alert to a new

Cyber Daily 10/15: High-Risk Android, Chrome Warnings, Veeam Exploits, muah.ai Breach, CERT-In Alerts, NSA on Russian Threats, GitLab Patches, AI Cybersecurity Podcasts

Hello ONSEC Cyber Daily readers! Today’s edition covers critical cybersecurity updates. CERT-In has issued a high-risk warning for Android devices and Google Chrome, highlighting vulnerabilities that could be exploited through malicious apps or websites. The National Cyber Security Centre also reports a rise in denial-of-service (DoS) attacks disrupting organizations.

ONSEC Cyber Daily 10/14: Critical Cyber Alerts: Android and Chrome Risks in India and Vietnam, Jamaica’s Vulnerability, Fortinet and Firefox Patches

Welcome to your daily briefing from ONSEC Cyber Daily. Today, we spotlight a surge of global cyber threats raising alarms across nations. In India, Android and Google Chrome users face critical risks, prompting the government to issue an urgent advisory. CERT-In has flagged severe vulnerabilities that could pave the way

Cyber Daily 10/11: AI Revives XSS Threats, Critical Flaws Exposed, and Global Cyber Alerts

Welcome to your daily dose of ONSEC Cyber Daily. Today, we're diving into the murky waters of data breaches and liability, with insights from CyberRisk Alliance's editorial director, Jessica C. Davis. We're also shining a light on the resurgence of XSS vulnerabilities, thanks to

Cyber Daily 10/9: Google and Adobe Patch High-Severity Vulnerabilities, Microsoft and Samsung Address Browser Risks, Ivanti Zero-Days Exploited

Welcome to today's ONSEC Cyber Daily. As a leading penetration testing company, we're committed to delivering the latest cybersecurity news and insights. Staying informed is crucial in today's digital landscape. In this issue, we'll cover critical security updates from Google, Adobe, Microsoft,

Our First (!!!) Cyber Daily 10/8: American Water Works Under Cyberattack, SatCom Cybersecurity Threats, FINRA Warns of Third-Party Risks, Qualcomm Patches Critical Flaws

Welcome to the inaugural ONSEC Cyber Daily for October 8, 2024. As a leading penetration testing company, we're launching this new rubric to deliver the latest cybersecurity news and insights. Staying informed and proactive is essential in today's digital landscape. In this issue, we'll

Lock'n'load. History of vulnerabilities in the Counter Strike series - Part 3

Source engine: CS:S, CS GO, Team Fortress 2 Creation History Source is a 3D game engine developed by Valve. Its official debut appearance was in 2004 with the release of Half-Life: Source, Counter-Strike: Source, and Half-Life 2. Source became the successor to the GoldSrc engine, on which legendary games

Lock'n'load. History of vulnerabilities in the Counter Strike series - Part 2

Introduction In this part of the article, we will thoroughly examine vulnerabilities found in various games of the Counter-Strike series. Over the years, numerous vulnerabilities have been discovered, each affecting the security of players in its own way. Valve, the developer of the Counter-Strike series, actively supports a Bug Bounty

Crack NTLM over LM

Let's suppose you have successfully taken control of a domain controller and can dump the password hashes of all domain users. You could run hashcat -m 1000 and wait, but what if you don't want to wait and you need the passwords immediately? For instance, you

Lock'n'load. History of vulnerabilities in the Counter Strike series - Part 1

Buffer Overflow Introduction Since this article will largely focus on the topic of buffer overflow, let's dive into this topic. Buffer Overflow is one of the most well-known and widely exploited vulnerabilities in cybersecurity. This vulnerability allows attackers to overwrite data in a program's memory and

Securing the Game: The Role of Penetration Testing in the Gaming Industry

The gaming industry has experienced exponential growth over the past decade, transforming from simple arcade games into complex, interactive, and highly immersive experiences. With the rise of online multiplayer games, virtual economies, and e-sports, the stakes have never been higher. However, with great popularity comes great risk. Cybersecurity threats are

AWS S3 for Pentesters

Discovering and Exploiting Misconfiguration Introduction This article is intended for pentesters and security professionals who work with Amazon S3 buckets. It covers methods for discovering buckets, checking access permissions, extracting data, and providing recommendations for securing them. Amazon S3 (Simple Storage Service) is a widely used object storage service for

Everything You Always Wanted to Know About Pentest (But Were Afraid to Ask)

What is pentest? A penetration test, generally known as a pentest, is an authorized simulated cyberattack on a computer system performed to evaluate the system's security, as Wikipedia tells us. Simply put, you hire hackers to identify vulnerabilities and weaknesses in your system in controlled conditions that real

From Zero to Hero: Phishing Campaign. Part 3

See also: Part 1 Part 2 Chapter 4: Results The phishing campaign presented in this article lasted one day. The attacked employees of the organization are IT specialists from the development and administration departments - 42 people. The target organization participates in training on countering phishing attacks. Events since the

From Zero to Hero: Phishing Campaign. Part 2

See also: Part 1 Part 3 Chapter 2: Technical Implementation Architecture The phishing campaign scheme I'm considering is an example of a MitM attack to capture access credentials and sessions of attacked employees, including two-factor authorization (2FA) confirmation via TOTP codes and push notifications. Infrastructure components: * Phishing server.

From Zero to Hero: Phishing Campaign. Part 1

Chapter 0: Introduction Warning: This material is provided for informational purposes only. Only repeat these actions in practice with proper authorization and agreement! The author is not responsible for the consequences of applying the information obtained in this article. With this post, I am starting a series of articles on

Exploring Online Gambling in Europe: Understanding Cybersecurity Challenges

Gambling has deep roots in European history, spanning centuries and weaving into the cultural fabric of the continent. From the grandeur of Monaco's casinos to the quaint charm of UK betting shops, it's been a cherished pastime. In recent times, though, the landscape has shifted dramatically

Lab for pentesting iOS applications. Part 2

In this part of the guide, we'll walk through setting up the environment and interacting with iOS applications. Target application: DVIA-v2 Preparation At this point, your iPhone should already be jailbroken, and Frida should be installed. You can easily verify this by connecting your phone to your MacBook

Lab for pentesting iOS applications. Part 1

Introduction Goal: prepare a lab for pentesting iOS applications and MiTM traffic using Frida and BurpSuite. This step-by-step guide consists of two parts. The first part is dedicated to preparing the equipment (installing the required software and jailbreaking multiple versions of iOS), while the second part covers some basic features

Why is security important for MedTech?

Healthcare is one of the most critical and sensitive areas of human activity. Over the years, it has undergone changes and innovations to improve the quality of care and provide better services to patients. Modern technology has brought to this field the convenience of customer management, patient monitoring, and the

TCP Tarpit and Port Scanning. Barricades on Both Sides.

Introduction Thousands of articles have been written about port scanning, discussing techniques, methodologies, tools... Yet, even in such a seemingly straightforward topic, there are several less-covered nuances. If you regularly scan subnets, participate in bug bounties, perform penetration testing, or automate this process, then this article might be useful to

GitHub commit parsing for email and fun

During security audits, we check for potential leaks of sensitive information such as source code and API keys related to the object of the investigation. These findings can expand the scope of the research and provide additional access points to the system. To verify the connection between a discovered repository

When you're so bored, you start debugging someone else's code: bug hunting in a random Cloud-Native project

Intro Our team has the challenge of finding bugs in popular Cloud-Native projects on Github. It's a fun activity that is a good alternative to platforms like HTB and benefits the project we're researching. However, unlike HTB, finding a bug is not guaranteed. We wanted to

Sandbox escape or How to catch all servers of the company

We would like to describe how we discovered three RCE vulnerabilities, managed to escape the sandbox, and gained access to all of the company's servers. As part of the pentest, we identified a service for managing virtual and physical servers called Foreman. It appeared to be interesting to

CodeQL vs Semgrep: Fun and Friendly Showdown of SAST tools🥊

In the world of application security, choosing the right Static Application Security Testing (SAST) tool can feel like a never-ending game of "Eeny, meeny, miny, moe." 🤔 But fear not, dear reader, for today we'll dive deep into the showdown of two popular SAST contenders: CodeQL and

Fresh Blood: Why Changing Pentest Providers Can Improve Your Security Posture

Penetration testing (pentesting) is a crucial component of an effective security program. It involves simulating an attack on an organization's network or systems to identify vulnerabilities that could be exploited by malicious actors. A pentest can help identify security weaknesses that may have been overlooked or not yet

Getting ready for your first pentest: startup founders guide

Congratulations on taking the next step toward ensuring the security of your startup! If you're reading this guide, chances are that you have received requests from your B2B sales partners or customers for SOC2 compliance, and you're now exploring your options to meet these requirements. As

Pentests Matrix for Top Security Compliances

The multitude of guidelines and regulations can be overwhelming, especially when it comes to understanding the penetration testing requirements for each. Determining what each compliance standard requires from a penetration test can be a headache, but it's crucial to get it right. To simplify the process, we'

A Guide to Resource Discovery for Penetration Testing

Introduction Resource enumeration is an essential part of both the pentest preparation and reconnaissance during the pentest. Our team often finds customer internal resources in public access or vulnerable services that are not reflected in the original scope. It is always important to understand that there may be a resource/

White, black, gray, or crystal? Unpacking pentests.

We often hear about different types of penetration tests, however, it's still not clear how they are different and beneficial. In this article, you can find all these answers and comparison tables. There are several different types of pen testing, each with their own set of benefits and

Deep Dive into the CVE-2022-29464 RCE exploit

WSO2 is the leading API Management solution company. It provides various software products for connecting, managing, and securing APIs (Application Programming Interfaces). Organizations in various industries, including financial services, healthcare, government, telecommunications, and retail, use WSO2 products. In April 2022, security researchers recently found a critical vulnerability in certain WSO2