May 8, 2024 at 04:28AM A high-severity vulnerability (CVE-2023-40000, CVSS score: 8.3) in the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts. The flaw, which allows for stored cross-site scripting, was disclosed in February 2024 and fixed in version 5.7.0.1. Users are urged to update and … Read more
April 30, 2024 at 01:33PM Despite competition from tech giants like Microsoft and Google, Island, a Dallas startup, secured $175 million in funding, bringing its total to $487 million. The company specializes in secure web browsing for businesses, targeting the enterprise browser market dominated by Microsoft and Google. Island boasts advanced security features and a … Read more
April 26, 2024 at 03:13PM Cyberattacks on the Philippines are on the rise, with targets including government and educational institutions. These attacks aim to spread misinformation and sow discontent, attributed to Chinese-backed hackers. Increased tensions between the Philippines and China have led to alliances with the US and Japan for cyber threat-sharing. Recommendations include enhancing … Read more
April 17, 2024 at 08:48AM Google and Mozilla released security updates addressing 35+ vulnerabilities in their browsers, including high-severity flaws. Chrome 124 patch includes 22 bugs, 13 reported externally, with $65,000 in bug bounty rewards for the flaws. Firefox 125 patch resolves 15 vulnerabilities, including 9 high-severity bugs. Mozilla also announced Firefox ESR 115.10 to … Read more
April 12, 2024 at 01:57AM Cybersecurity researchers have uncovered a credit card skimmer camouflaged in a fake Meta Pixel tracker script to evade detection. The malware is injected into websites through tools like WordPress plugins and Magento admin panel, allowing the injection of malicious JavaScript. Sites using WordPress and Magento are at risk of another … Read more
April 11, 2024 at 08:18AM Google released Chrome 123 security update, addressing high-severity memory safety bugs. Vulnerabilities include out-of-bounds write issue in Compositing and heap buffer overflow in ANGLE rendering engine. Each flaw rewarded with $10,000 or $21,000 bug bounty. No known malicious attacks exploiting these issues. Updates rolling out for Linux, Windows, and macOS … Read more
April 8, 2024 at 10:27AM Google has announced support for a V8 Sandbox in the Chrome web browser to address memory corruption issues in the V8 JavaScript and WebAssembly engine. The sandbox aims to limit V8 vulnerabilities and will be enabled by default in Chrome version 123, with a 1% performance overhead. This development comes … Read more
April 3, 2024 at 12:40PM Google has resolved a zero-day vulnerability in Chrome, tracked as CVE-2024-3159, stemming from an out-of-bounds read weakness in the Chrome V8 JavaScript engine. The flaw allowed remote attackers to gain unauthorized access to data or trigger a crash. Google also addressed two other Chrome zero-days and two Android zero-days, underscoring … Read more
April 3, 2024 at 10:15AM Google is testing Device Bound Session Credentials (DBSC) in Chrome to protect against session hijacking by malware. The feature binds authentication sessions to a device, disrupting cookie theft and making it harder to abuse stolen cookies. It uses a cryptographic approach and is initially rolled out to half of Chrome’s … Read more
April 3, 2024 at 08:11AM Google is addressing cookie theft by developing Device Bound Session Credentials (DBSC) to tie authentication data to a specific device, making stolen cookies useless. DBSC creates public/private key pairs and associates sessions with the public key, preventing correlation between keys from different sessions to protect privacy. Google expects to support … Read more