Google Urgently Patches Actively Exploited Chrome Zero-Day Vulnerability
Google has released an out-of-band update to fix an actively exploited zero-day vulnerability in its Chrome web browser, tracked as CVE-2023-2033. The high-severity flaw is a type confusion issue in the V8 JavaScript engine, reported by Clement Lecigne of Google’s Threat Analysis Group. Google acknowledged that an exploit exists in the wild but refrained from providing technical specifics or indicators of compromise. This vulnerability shares similarities with four other actively abused type confusion flaws in V8 that were addressed by Google in 2022. Users are advised to upgrade to version 112.0.5615.121 for Windows, macOS, and Linux to mitigate potential threats.
Microsoft Patches 97 Flaws, Including Active Ransomware Exploit
Microsoft has released security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks. Seven bugs are rated Critical and 90 are rated Important in severity. The actively exploited flaw is CVE-2023-28252, a privilege escalation bug in the Windows Common Log File System (CLFS) Driver. Russian cybersecurity firm Kaspersky reported that the vulnerability has been weaponized by a cybercrime group to deploy Nokoyawa ransomware against small and medium-sized businesses in the Middle East, North America, and Asia.
Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen
Open-source media player software provider Kodi confirmed a data breach after threat actors stole the company’s MyBB forum database containing user data and private messages. The data dump, comprising 400,635 Kodi users, was attempted to be sold on the now-defunct BreachForums cybercrime marketplace. Kodi stated that there is no evidence of unauthorized access to the underlying server hosting the MyBB software, suggesting credential theft. Users are recommended to change their passwords on other sites if the same password has been used.
New Python-Based “Legion” Hacking Tool Emerges on Telegram
A new Python-based credential harvester and hacking tool named Legion is being marketed via Telegram for threat actors to break into various online services for further exploitation. Legion includes modules for SMTP server enumeration, remote code execution attacks, and exploits for unpatched Apache versions. The malware’s primary goal is to enable threat actors to hijack the services and weaponize the infrastructure for follow-on attacks, including mass spam and opportunistic phishing campaigns.
WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks
WhatsApp has announced a new account verification feature called Device Verification to prevent account takeover attacks. This security measure is designed to block threat actors’ connections and allow targets of malware infections to use the app without interruption. The feature is part of a broader set of new enhancements that authenticate and verify users’ identities, including displaying alerts when there is an attempt to migrate a WhatsApp account from one device to another.
Google Launches Cybersecurity Initiatives to Strengthen Vulnerability Management
Google has outlined several initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. The company is forming a Hacking Policy Council to ensure new policies and regulations support best practices for vulnerability management and disclosure. Google also emphasized its commitment to publicly disclose incidents when it finds evidence of active exploitation of vulnerabilities across its product portfolio.
Leave a Comment