Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild. CVE-2023-4863 is a critical heap buffer overflow vulnerability in WebP, a raster graphics file format that replaces JPEG, PNG, and GIF file formats. Buffer overflows can lead to crashes, infinite loops, and can be used to execute arbitrary code. (Help Net Security)
| "Critical vulnerabilities require immediate attention in order to prevent harmful actions to your device or network. In the case of CVE-2023-4863, attackers can cause system disruptions and/or execute malicious code on vulnerable devices. Google has stated that this exploit has already been proven in the “wild”. Therefore, ensuring that the update is applied as soon as it is provided is highly recommended.” – Roman Weathermon, Tier 3 Cybersecurity Analyst at Ingalls Information Security |
Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks. (BleepingComputer)
A catastrophic breach of the United Kingdom electoral register affects tens of millions of residents following a cyberattack at the U.K. Electoral Commission. With data on more than 40 million voters accessed by unnamed hackers, the cyberattack is already one of the U.K.’s largest-ever hacks. (TechCrunch)
IBM's 2023 installment of their annual "Cost of a Breach" report has thrown up some interesting trends. Of course, breaches being costly is no longer news at this stage! What's interesting is the difference in how organizations respond to threats and which technologies are helping reduce the costs associated with every IT team's nightmare scenario. (The Hacker News)
Five critical bugs, zero-days exploited in the wild, Exchange Server, and more headline Microsoft's September 2023 Patch Tuesday release. Here's what to patch now. (Dark Reading)