Featured Story
Google Chrome emergency update fixes 6th zero-day exploited in 2023
Google has fixed the sixth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks.
The company acknowledged the existence of an exploit for the security flaw (tracked as CVE-2023-6345) in a new security advisory published today.
“Google is aware that an exploit for CVE-2023-6345 exists in the wild,” the company said.
The vulnerability has been addressed in the Stable Desktop channel, with patched versions rolling out globally to Windows users (119.0.6045.199/.200) and Mac and Linux users (119.0.6045.199).
Google’s swift response to this sixth Chrome zero-day this year highlights the persistent threat landscape. Acknowledging the active exploitation underscores the urgency of immediate updates.
Organizations and users must prioritize updating Chrome to the latest versions (119.0.6045.199/.200) to mitigate risk.
If you require assistance with your vulnerability management, do not hesitate to contact our SOC.
Other Stories
Okta Discloses Broader Impact Linked to October 2023 Support System Breach
Okta disclosed further threat actor activity linked to the October 2023 support system breach. The attacker downloaded names and email addresses of all Okta customer support system users.
Although there’s no evidence of misuse, customers are warned about potential phishing and social engineering risks. Okta has engaged digital forensics support and will notify affected individuals.
Names and emails alone are enough to launch targeted phishing attacks. Educate your users, stay vigilant, and implement protective measures.
Contact our Awareness Team for phishing prevention support.
Hackers Exploit Critical Vulnerability in ownCloud
A CVSS 10.0-rated zero-day in ownCloud’s “graphapi” app allows attackers to extract PHP configuration data, including sensitive credentials like admin passwords and license keys.
Mass exploitation has been observed. Admins must mitigate exposure urgently, especially in containerized environments.
This is a critical vulnerability with real-world exploitation. Admin credentials and mail server access are at risk.
Apply available patches and monitor for signs of compromise. Our SOC can assist with assessment and remediation.
Warning: Multiple vulnerabilities in Foxit PDF, Patch Immediately!
Malicious PDFs can trigger vulnerabilities in outdated Foxit PDF versions, leading to remote code execution. If using the browser plugin, users can be compromised just by visiting a malicious site.
Older vulnerabilities (e.g., CVE-2023-27363) have already been exploited. More attempts are expected.
User awareness is key. Inform your teams about fake software download ads and malicious PDF files.
We’ve seen a surge in malware delivered through fake search ads—help your users avoid the trap. Contact our Awareness Team for help.
