Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild.
Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. "Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," according to the NIST's National Vulnerability Database (NVD). (The Hacker News)
| "This is a serious vulnerability that affects a widely used Web browser. It allows bad actors to essentially run whatever they want to on a victim's computer, so if you use Chrome, make sure it gets patched ASAP." – Jason Ingalls, Founder & CEO at Ingalls Information Security |
Microsoft Outlook was down for thousands of American users Monday after pro-Russian hacktivist group Anonymous Sudan claims to have started a new campaign dedicated to targeting US companies and infrastructure. (Cybernews)
CISA has added an actively exploited security bug in the Progress MOVEit Transfer managed file transfer (MFT) solution to its list of known exploited vulnerabilities, ordering U.S. federal agencies to patch their systems by June 23.
The critical flaw (tracked as CVE-2023-34362) is an SQL injection vulnerability that enables unauthenticated, remote attackers to gain access to MOVEit Transfer's database and execute arbitrary code. (BleepingComputer)
A number of ransomware gangs have stopped using malware to encrypt targets’ files and have switched to a data theft/extortion approach to get paid; 0mega – a low-profile and seemingly not very active threat actor – seems to be among them. (Help Net Security)
While currently used to push adware, the campaign can redirect users to other types of malware, such as banking trojans to steal credentials and financial information or ransomware. (CSO)