Articles of interest from the week of September 11, 2023

Chrome Zero-Day Exploited in the Wild, Patch Now! (CVE-2023-4863)

Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild. CVE-2023-4863 is a critical heap buffer overflow vulnerability in WebP, a raster graphics file format that replaces JPEG, PNG, and GIF file formats. Buffer overflows can lead to crashes, infinite loops, and can be used to execute arbitrary code. (Help Net Security)

"Critical vulnerabilities require immediate attention in order to prevent harmful actions to your device or network. In the case of CVE-2023-4863, attackers can cause system disruptions and/or execute malicious code on vulnerable devices. Google has stated that this exploit has already been proven in the “wild”. Therefore, ensuring that the update is applied as soon as it is provided is highly recommended.” – Roman Weathermon, Tier 3 Cybersecurity Analyst at Ingalls Information Security

Cisco Warns of VPN Zero-Day Exploited by Ransomware Gangs

Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks. (BleepingComputer)

Parsing the UK Electoral Register Cyberattack

A catastrophic breach of the United Kingdom electoral register affects tens of millions of residents following a cyberattack at the U.K. Electoral Commission. With data on more than 40 million voters accessed by unnamed hackers, the cyberattack is already one of the U.K.’s largest-ever hacks. (TechCrunch)

Key Cybersecurity Tools That Can Mitigate the Cost of a Breach

IBM's 2023 installment of their annual "Cost of a Breach" report has thrown up some interesting trends. Of course, breaches being costly is no longer news at this stage! What's interesting is the difference in how organizations respond to threats and which technologies are helping reduce the costs associated with every IT team's nightmare scenario. (The Hacker News)

Microsoft Patches a Pair of Actively Exploited Zero-Days

Five critical bugs, zero-days exploited in the wild, Exchange Server, and more headline Microsoft's September 2023 Patch Tuesday release. Here's what to patch now. (Dark Reading)