The PoC exploit code for a Chrome zero-day vulnerability tracked as CVE-2023-4863 which allows remote attackers to execute code has been published. The vulnerability can be exploited if the target user visits a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Researcher Ben Hawkes released an analysis of the CVE-2023-4863 vulnerability and researcher mistymntncop released a PoC. The heart of this vulnerability resides in Huffman coding, an algorithm that WebP uses to achieve lossless image compression. In an ideal world, this process would be flawless. However, the vulnerability emerged from an overflow in the Huffman table when decoding an image.
BORN (the Better Outcomes Registry & Network) Canada, which gathers data on pregnancies, births, the postpartum period, and childhood is the latest victim of MoveIT data breach. About 3.4 million people’s personal health information, especially that of pregnant women and infants born in Ontario between January 2010 and May 2023, was contained in the files obtained.
BORN Ontario reports said that the personal health information that was stolen was gathered from a vast network of largely Ontario-based healthcare facilities and other healthcare institutions and providers that provided services for fertility, pregnancy, newborn, and child health between January 2010 and May 2023.
The BlackCat ransomware group added Clarion, the global manufacturer of audio and video equipment for cars and other vehicles, to the list of victims on its Tor leak site. On September 23, the group announced the hack of the company and the theft of sensitive data, including partners’ documents.
Clarion Japan is the Japanese subsidiary of Clarion Co., Ltd., a global manufacturer of audio and video equipment for cars and other vehicles. Clarion’s car navigation systems are used by many car makers in Japan, and the products of the company are used by millions of Japanese motorists.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Researchers have identified a critical security issue was in TeamCity On-Premises. The flaw will enable an unauthenticated attacker with access to a TeamCity server to perform a remote code execution (RCE) attack and gain administrative control of the TeamCity server.
All versions of TeamCity On-Premises are affected by this critical security vulnerability. It has been assigned the CVE identifier CVE-2023-42793 and presents the weakness CWE-288. This issue does not impact TeamCity Cloud which was recently upgraded.
OpenSea has reportedly experienced a compromise in its API, attributed to a breach by an unidentified third-party vendor. This incident has raised concerns and prompted urgent notifications to platform users.
On September 23, 2023, several users unveiled messages they have allegedly received from the platform, indicating a security incident. The notifications highlighted a breach involving one of OpenSea’s third-party partners, potentially leading to the exposure of API keys.
Symantec has announced a new partnership with Google Cloud to embed generative artificial intelligence into the Symantec Security platform to enable customers to handle detection and response seamlessly.With this partnership, Symantec will leverage the Google Cloud Security AI Workbench and security-specific large language model Sec-PaLM 2–across its portfolio to enable natural language interfaces and generate more comprehensive and easy-to-understand threat analyses.
The Google Cloud Security AI Workbench is built on Vertex AI, and it leverages landscape visibility from Google Cloud and Mandiant to give defenders more natural, creative, and effective ways to keep their organizations safe.