Several zero-day vulnerabilities have been reported recently that could potentially compromise the internet security of individuals and organizations using various software solutions. These include the popular password manager KeePass, the MOVEit file sharing and management tool, and Chromium-based web browsers such as Google Chrome and Microsoft Edge.
KeePass, a widely used open-source password manager, had a critical bug in its version 2.53 that made it vulnerable to a master password crack. As users typed in their passwords, the strings of characters acted as memory flags that revealed the successive password characters to anyone with access to the computer. The author of KeePass quickly issued a patch in version 2.54, which users should immediately download.
MOVEit Transfer and MOVEit Cloud, products of Progress Software Corporation, suffered a SQL injection vulnerability in their web front end (CVE-2023-34362). Cybercriminals could use this zero-day exploit to access databases, steal information, inject web shells, and blackmail organizations into paying ransoms. Progress Software quickly issued patches that cloud users can benefit from, but on-premises users should update their systems as soon as possible. Organizations should also perform post-attack threat hunting to ensure no cybercriminals still have unauthorized access to their networks.
A zero-day exploit for Chromium-based browsers (CVE-2023-3079) has been reported “in the wild” and could affect users of Google Chrome and Microsoft Edge. Type confusion in V8, the JavaScript engine that processes and executes JavaScript code in these browsers, is responsible for the vulnerability. Details are scarce at the moment, and Google has not disclosed much, but users should ensure they have the updates that strengthen the security of these web browsers.
Internet security experts recommend the following best practices:
– Keep your software up to date with the latest patches and updates.
– Use complex passwords and allow multi-factor authentication wherever possible.
– Avoid using public Wi-Fi networks and install a reputable VPN software.
– Regularly back up critical data and store it offline.
– Perform regular security audits and penetration testing to expose vulnerabilities early on.
Online security threats have become more diverse and sophisticated, and no single solution can guarantee complete protection. However, staying alert and adopting best practices can minimize risks and safeguard individuals and organizations from costly cyberattacks.
<< photo by madeleine ragsdale >>
You might want to read !
- Eisai Hit by Ransomware Attack, Suspends Systems Access.
- The Importance of Robust API Security for Your Business
- Microsoft’s $20M Fine for Violating Children’s Privacy Laws with Xbox Data Collection
- Easily Exploitable Spoofing Bug in Visual Studio Raises Alarm among Researchers
- The Vulnerability of Think Tanks and News Media to Kimsuky’s Social Engineering Attacks
- The Rise of Malicious Minecraft Modifications: A Warning for Players and Developers
- The Ethics and Implications of China’s Embrace of AI, Facial Recognition, and Surveillance Technologies.
- The Rise of AI-Powered Fraud: Can Technology Stop It?
- “Fitness App Privacy Breach: How a Loophole Led to Revealing Home Addresses”
- The Emerging Threat of Deepfake-based Sextortion Scams
- The Vulnerability of US National Security: Another Aerospace Contractor Hacked With ‘PowerDrop’ Backdoor.
- “Combatting Ransomware Attacks: Enhancing Cybersecurity with Identity-Focused Protection”
- The Herculean Task of Identifying Compromised Data: A Logistical Nightmare
- Data Security Innovator Immuta Secures Funding from Databricks Ventures