blog.onsec.io Open in urlscan Pro
172.67.176.31  Public Scan

Form analysis
0 forms found in the DOM

Text Content

ONSEC: Boutique Penetration Testing Agency
 * Latest Cyber News & Articles
 * About Us
 * Request a Quote
 * Book a Call with Us

Sign in Subscribe


CYBER DAILY 11/7: GOOGLE AND CISCO PATCH CRITICAL VULNERABILITIES, OPEN REDIRECT
ATTACKS EXPLOITED, SPORTS SECTOR CYBER VULNERABILITY, CYBERSECURITY IN
HEALTHCARE AND ELECTIONS

ONSEC.IO RESEARCH TEAM

Nov 7, 2024 3 min

Welcome to the November 7th issue of ONSEC Cyber Daily. Today, we're diving into
the murky waters of open redirect attacks, a versatile tool that cybercriminals
are using to scale their attacks. We'll also explore the potential cyber
vulnerabilities in the sports sector, particularly among volunteers. In the tech
world, Cisco is making headlines with a series of high severity vulnerabilities.
We'll take a closer look at the flaws and the patches released to combat them.
Google is also stepping up its game, blocking two critical Android zero-days in
its latest security update. We'll also discuss the importance of cyber
resilience in the healthcare sector, and how new SEC rules are impacting CISOs.
Plus, we've got a roundup of the latest cybersecurity podcasts and episodes to
keep you informed and ahead of the threats. Lastly, we'll touch on the recent
zero-day reveal from Synology and why NAS device users need to patch
immediately. Stay tuned for these stories and more in today's ONSEC Cyber Daily.


EXPLOITS ALERT

 1. Understanding and Preventing Open Redirect Attacks: Open redirection is a
    potent tool for cybercriminals, allowing them to amplify the scale of their
    attacks. It's crucial to understand and prevent these attacks to safeguard
    your digital assets. Source: SC Media
 2. Cyber Vulnerability in the Sports Sector: The frequency of cyberattacks is
    on the rise, partly due to the use of artificial intelligence (AI). The
    sports sector, particularly volunteers, has been identified as a significant
    cyber vulnerability. It's essential to address this issue to protect the
    sector from potential threats. Source: Insurance Business America


VULNERABILITIES & PATCHES

 1. Cisco Industrial Wireless Software Flaw: A high severity vulnerability,
    CVE-2024-20418, has been discovered in Cisco's Industrial Wireless Software
    that could allow attackers to run commands as a root user. Cisco has
    released a patch to address this issue. Source: Cybersecurity News
 2. Critical Vulnerabilities in Cisco URWB and HPE Aruba Access Points: Cisco
    has addressed a maximum severity vulnerability, CVE-2024-20418, affecting
    Unified Industrial Wireless Software for Cisco URWB in their recent security
    updates. Source: SOCRADAR
 3. Cisco Patches Vulnerability in Industrial Networking Solution: Cisco has
    patched a high-severity bug, CVE-2024-20536, in the Nexus Dashboard Fabric
    Controller (NDFC) in their latest release. Source: SecurityWeek
 4. Downgrade Attacks Open Patched Systems to Malware: A stack elevation of
    privilege vulnerability, CVE-2024-38202, in Windows update was addressed in
    the company's October Patch Tuesday. However, patched systems are still open
    to downgrade attacks. Source: Security Boulevard
 5. Synology Urges NAS Device Users to Patch Immediately: Synology has urged
    users to immediately patch a vulnerability, CVE-2024-10443, found in
    DiskStation and BeePhotos. The vulnerability was revealed during the recent
    Pwn2Own Ireland. Source: TechRadar


PODCASTS

 1. Secure Your Healthcare Organization with Better Cyber Resilience: David
    Sampson, VP of Cyber Risk and Strategy at Thrive, emphasizes the need for
    healthcare organizations to reassess their cybersecurity measures. He
    suggests a proactive approach to cyber resilience to ensure the safety of
    sensitive health data. Source: Healthcare IT Today
 2. How Are New SEC Rules Impacting CISOs?: This episode of the CISO Series
    Podcast discusses the increasing importance of cybersecurity in light of new
    SEC rules. The conversation revolves around the impact of these rules on
    CISOs and their strategic planning. Source: CISO Series
 3. EU-Startups Podcast | Episode 94: Paulo Rodriguez, Head of International at
    Vanta: Paulo Rodriguez, Head of International at Vanta, highlights the need
    for proactive security measures and the importance of educating families
    about cybersecurity. Source: EU-Startups
 4. Episode 324 – 2024 Election Forecast: Divided Government On The Horizon?:
    This podcast episode discusses the potential impact of a divided government
    on cybersecurity, particularly in relation to the Cybersecurity Maturity
    Model Certification 2.0 Program in the United States. Source: Mondaq
 5. Ahead of the Threat Podcast: Episode Two - Kevin Mandia: In this episode,
    FBI Assistant Director Bryan Vorndran and FBI Strategic Engagement Advisor
    Jamil Farshchi speak to Kevin Mandia about the evolving cybersecurity threat
    landscape. Source: YouTube


WISDOM FROM THE ONSEC FOUNDERS' VAULT

GitHub commit parsing for email and fun. During security audits, sensitive
information like source code, API keys, and developer emails can be uncovered
using tools like GitHub Commit Parser, which analyzes commit data to establish
connections with the target company and identify potential vulnerabilities,
aiding penetration testing. Source


FINAL WORDS

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We hope you found
these updates enlightening and useful. Remember, knowledge is power, and in the
realm of cybersecurity, staying informed is your first line of defense. From
understanding open redirect attacks to the latest vulnerabilities in Cisco and
Google's Android, we've covered a lot of ground today. We've also touched on the
increasing importance of cybersecurity in various sectors, including sports and
healthcare, and the role of CISOs in navigating new SEC rules. Remember, the
world of cybersecurity is ever-evolving, and it's crucial to stay one step
ahead. So, don't forget to patch your systems, educate your teams, and always be
on the lookout for potential threats. If you found this newsletter helpful,
please consider sharing it with your friends and colleagues. Let's work together
to create a safer digital world. Until tomorrow, stay safe and secure.

Request Your Quote for the Next Pentest with ONSEC


SUBSCRIBE TO ONSEC: BOUTIQUE PENETRATION TESTING AGENCY

Don't miss out on the latest news.
Subscribe now
 * Sign up

ONSEC: Boutique Penetration Testing Agency © 2024. Powered by Ghost