Subscribe to NetSec News
Articles of interest from the week of January 1, 2024
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining Poorly secured Linux SSH servers are being targeted by bad actors to...
1 min read
Chrome Zero-Day Exploited in the Wild, Patch Now! (CVE-2023-4863)
Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild. CVE-2023-4863 is a critical heap buffer overflow vulnerability in WebP, a raster graphics file format that replaces JPEG, PNG, and GIF file formats. Buffer overflows can lead to crashes, infinite loops, and can be used to execute arbitrary code. (Help Net Security)
 |
| "Critical vulnerabilities require immediate attention in order to prevent harmful actions to your device or network. In the case of CVE-2023-4863, attackers can cause system disruptions and/or execute malicious code on vulnerable devices. Google has stated that this exploit has already been proven in the “wild”. Therefore, ensuring that the update is applied as soon as it is provided is highly recommended.” – Roman Weathermon, Tier 3 Cybersecurity Analyst at Ingalls Information Security |
Cisco Warns of VPN Zero-Day Exploited by Ransomware Gangs
Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks. (BleepingComputer)
Parsing the UK Electoral Register Cyberattack
A catastrophic breach of the United Kingdom electoral register affects tens of millions of residents following a cyberattack at the U.K. Electoral Commission. With data on more than 40 million voters accessed by unnamed hackers, the cyberattack is already one of the U.K.’s largest-ever hacks. (TechCrunch)
Key Cybersecurity Tools That Can Mitigate the Cost of a Breach
IBM's 2023 installment of their annual "Cost of a Breach" report has thrown up some interesting trends. Of course, breaches being costly is no longer news at this stage! What's interesting is the difference in how organizations respond to threats and which technologies are helping reduce the costs associated with every IT team's nightmare scenario. (The Hacker News)
Microsoft Patches a Pair of Actively Exploited Zero-Days
Five critical bugs, zero-days exploited in the wild, Exchange Server, and more headline Microsoft's September 2023 Patch Tuesday release. Here's what to patch now. (Dark Reading)
Articles of interest from the week of March 18, 2024
Over 15,000 Hacked Roku Accounts Sold for 50¢ Each To Buy Hardware Roku has disclosed a data breach impacting over 15,000 customers after hacked...
Articles of interest from the week of January 15, 2024
IRS, Security Summit Partners Warn of Surge in “New Client” Scams Aimed at Tax Pros As 2024 Filing Season Approaches The Internal Revenue Service and...