The all in one place for non-profit security aid.
Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host.
Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date.
"As StackRot is a Linux kernel vulnerability found in the memory Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Chrome 115 Update for Windows, MacOS, and Linux – 20 Vulnerabilities Patched
Google released Chrome 115 to the stable channel for Windows, MacOS, and Linux on Tuesday, patching 20 vulnerabilities, including 11 that were discovered by external researchers.
Four security issues were assessed to be of “high severity,” while six were determined to be of “medium severity.”
This browser update also fixes a ‘low-severity’ issue with Themes’ insufficient validation of untrusted input.
The two use-after-free issues affecting the WebRTC component tracked as CVE-2023-3727 and CVE-2023-3728, are the most significant flaws identified.
These vulnerabilities, recognized by Google and rewarded with a $7,000 bounty each, are as major as they are critical.
CVE-2023-3730, a use-after-free weakness in Tab Groups, is another high-severity defect that Chrome 115 fixes. The researcher who discovered it received a $2,000 bug prize.
Additionally, Mark Brand of Google Project Zero identified CVE-2023-3732, an out-of-bounds memory access in Mojo. No bug bounty was offered for this internal discovery by Google’s rules.
System failures or data corruption may result from a use-after-free vulnerability that enables an attacker to run arbitrary code.
On the other side, a vulnerability that allows for out-of-bounds memory access might allow a hacker to access data that they are not meant to, potentially resulting in data breaches.
Additionally, Chrome 115 fixes six medium-severity vulnerabilities that were reported externally.
Inappropriate implementations of several components, including Picture in Picture, Custom Tabs, Notifications, Autofill, WebApp Installs, and Web API Permission Prompts, caused the flaws.
If exploited, these flaws might have adverse effects, including enabling attackers to get around access restrictions and take illegal acts.
Although Google has not revealed any ongoing exploits of these vulnerabilities, it is strongly encouraged to apply its update immediately to protect against prospective attacks.
For ‘low-severity’ insufficient validation of untrusted input bugs in Themes, the reporting researchers have received a total of $34,000 in bug bounty awards.
Chrome for Linux and macOS: Chrome 115.0.5790.98
Chrome for Windows: Chrome 115.0.5790.98 or Chrome 115.0.5790.99
By choosing Menu > Help > About Google Chrome or by typing chrome://settings/help straight into the browser’s address bar, users may determine the version that is currently installed.
When a website is opened on a desktop machine, Google Chrome shows the installed version and checks for updates.
To shield the browser and system against potential vulnerabilities, it is advised to apply the update as soon as possible.
Stay up-to-date with the latest Cyber Security News; follow us on GoogleNews, Linkedin, Twitter, and Facebook.
The post Chrome 115 Update for Windows, MacOS, and Linux – 20 Vulnerabilities Patched appeared first on Cyber Security News.
Cyber Security News
Authorities Seized Notorious Data Leak Site BreachForums
The notorious data leak site BreachForums has been taken over by the police.
Cybercrime and data leaks are still being fought, but this is a big win.
As a replacement for the notorious RaidForums, BreachForums has been a hub for hackers since the beginning.
Between early 2015 and February 2022, Raidforums was open and hackers could use it to buy and sell stolen data.
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
After it was shut down, BreachForums returned in March 2022 and quickly became a big name in the dark web community.
Before March 2023, when the accused operator, who went by the name “Pompompurin,” was arrested in New York by U.S. police, BreachForums was at its first stage.
People who work with cybercriminals were shocked by this arrest, but it did not mean the end of BreachForums.
A new administrator took over and promised to keep the group running smoothly while Pompompurin was being held.
However, on March 21, 2023, this supervisor said that BreachForums would be shut down because of unresolved problems.
With the account name “Baphomet,” another forum leader took over after the shutdown was announced.
BreachForums kept running with Baphomet in charge, making it easier to sell data that had been stolen.
Customer information from 2017 to 2024 stolen from Dell was sold on the site just last week.
FBI has also seized the site’s Telegram channel
The FBI has taken down the BreachForums website and the Telegram account that was linked to it.
Law enforcement officers have been sending messages to the channel on Baphomet’s behalf, which shows that they are in charge of it.
The taking down of BreachForums is a big step forward in the fight against hacking.
It would prevent a large market for stolen data from working, which could prevent many data breaches and identity thefts.
Cybercriminals are tough, though, and it will be interesting to see how they deal with this new setback.
People are being asked to protect their personal information by taking action because of these changes.
You can use our free Digital Footprint check to determine how much of your information is available online.
We’ll give you a free report after you fill in the email address you’re interested in (it’s best to use the one you use most often).
This will likely happen on the dark web as officials continue to crack down on cybercriminal activities.
There may be new sites and old ones that are more private. Still, the fact that BreachForums was taken over shows that law enforcement is serious about fighting cybercrime and keeping people’s info safe.
On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free
The post Authorities Seized Notorious Data Leak Site BreachForums appeared first on Cyber Security News.
Emerging standards for emerging technologies.
New year, new post-quantum cryptography standards. OSS and SBOM guidance from the National Security Agency. Trusting misinformation. Is effective altruism as altruistic as it claims to be? The impact of the European Data Act. Read More
The CyberWire