Subscribe to NetSec News
Articles of interest from the week of May 27, 2024
New ShrinkLocker Ransomware Uses BitLocker to Encrypt Your Files A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt...
1 min read
Chrome Zero-Day Exploited in the Wild, Patch Now! (CVE-2023-4863)
Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild. CVE-2023-4863 is a critical heap buffer overflow vulnerability in WebP, a raster graphics file format that replaces JPEG, PNG, and GIF file formats. Buffer overflows can lead to crashes, infinite loops, and can be used to execute arbitrary code. (Help Net Security)
 |
| "Critical vulnerabilities require immediate attention in order to prevent harmful actions to your device or network. In the case of CVE-2023-4863, attackers can cause system disruptions and/or execute malicious code on vulnerable devices. Google has stated that this exploit has already been proven in the “wild”. Therefore, ensuring that the update is applied as soon as it is provided is highly recommended.” – Roman Weathermon, Tier 3 Cybersecurity Analyst at Ingalls Information Security |
Cisco Warns of VPN Zero-Day Exploited by Ransomware Gangs
Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks. (BleepingComputer)
Parsing the UK Electoral Register Cyberattack
A catastrophic breach of the United Kingdom electoral register affects tens of millions of residents following a cyberattack at the U.K. Electoral Commission. With data on more than 40 million voters accessed by unnamed hackers, the cyberattack is already one of the U.K.’s largest-ever hacks. (TechCrunch)
Key Cybersecurity Tools That Can Mitigate the Cost of a Breach
IBM's 2023 installment of their annual "Cost of a Breach" report has thrown up some interesting trends. Of course, breaches being costly is no longer news at this stage! What's interesting is the difference in how organizations respond to threats and which technologies are helping reduce the costs associated with every IT team's nightmare scenario. (The Hacker News)
Microsoft Patches a Pair of Actively Exploited Zero-Days
Five critical bugs, zero-days exploited in the wild, Exchange Server, and more headline Microsoft's September 2023 Patch Tuesday release. Here's what to patch now. (Dark Reading)
Articles of interest from the week of August 28, 2023
New Cyber Incident Notification Requirements for Credit Unions Beginning on September 1, 2023, all federally insured credit unions must notify the...
Articles of interest from the week of June 5, 2023
Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now! Google on Monday released security updates to patch a high-severity...