Cybersecurity Weekly
By A G
Cybersecurity WeeklyJan 18, 2024
18 Jan 2024: News Nuggets: Chrome Vulnerable
Google has released crucial updates for its Chrome browser, addressing four security vulnerabilities, one of which is an actively exploited zero-day flaw.
The identified issue, known as CVE-2024-0519, revolves around an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine. This flaw could be exploited by malicious actors to provoke a crash. By reading out-of-bounds memory, attackers might obtain secret values, such as memory addresses, enabling them to bypass protection mechanisms like Address space layout randomization (ASLR).
This enhances the chances of exploiting another weakness to achieve code execution rather than mere denial of service. The specifics of the attacks and the threat actors involved have been withheld to prevent further exploitation. This zero-day was reported anonymously on January 11, 2024.
According to the Common Weakness Enumeration (CWE) by MITRE, the out-of-bounds memory access in V8 before Chrome version 120.0.6099.224 could allow a remote attacker to potentially exploit heap corruption through a crafted HTML page.
This incident marks Google's first patch for an actively exploited zero-day in Chrome for 2024. Notably, the company resolved eight such actively exploited zero-days in the browser in the previous year.
To mitigate potential threats, users are strongly advised to upgrade to the latest Chrome version—120.0.6099.224/225 for Windows, 120.0.6099.234 for macOS, and 120.0.6099.224 for Linux. Users of Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, should also promptly apply the fixes as they become available.
Stay secure by keeping your browser up to date.
CISSP Nuggets - Episode 5
CISSP Nuggets are here to help you prepare you for the the Certified Information Systems Security Professional examinations on the go. I will be uploading 3 questions per nugget (want more? tell me about it on https://www.linkedin.com/company/cybersecurity-weekly).
Here's a link to the Udemy course with 3 full 3h tests: https://www.udemy.com/course/cissp-tests/?couponCode=4D6B28349036096FBF41
PS: I give away 100% free access to this Udemy course for 3 days every month. Follow our linkedin page for catching up the discount code for this month. Since the discount code changes every time, you will have to use the latest code. Reach out to me for more.
Best Wishes!
-AG
CISSP Nuggets - Episode 4
CISSP Nuggets are here to help you prepare you for the the Certified Information Systems Security Professional examinations on the go. I will be uploading 3 questions per nugget (want more? tell me about it on https://www.linkedin.com/company/cybersecurity-weekly).
Here's a link to the Udemy course with 3 full 3h tests: https://www.udemy.com/course/cissp-tests/?couponCode=4D6B28349036096FBF41
PS: I give away 100% free access to this Udemy course for 3 days every month. Follow our linkedin page for catching up the discount code for this month.
Best Wishes!
-AG
CISSP Nuggets - Episode 3
CISSP Nuggets are here to help you prepare you for the the Certified Information Systems Security Professional examinations on the go. I will be uploading 3 questions per nugget (want more? tell me about it on https://www.linkedin.com/company/cybersecurity-weekly).
Here's a link to the Udemy course with 3 full 3h tests: https://www.udemy.com/course/cissp-tests/?couponCode=4D6B28349036096FBF41
PS: I give away 100% free access to this Udemy course for 3 days every month. Follow our linkedin page for catching up the discount code for this month.
Best Wishes!
-AG
CISSP Nuggets - Episode 2
CISSP Nuggets are here to help you prepare you for the the Certified Information Systems Security Professional examinations on the go. I will be uploading 3 questions per nugget (want more? tell me about it on https://www.linkedin.com/company/cybersecurity-weekly).
Here's a link to the Udemy course with 3 full 3h tests: https://www.udemy.com/course/cissp-tests/?couponCode=4D6B28349036096FBF41
PS: I give away 100% free access to this Udemy course for 3 days every month. Follow our linkedin page for catching up the discount code for this month.
Best Wishes!
-AG
CISSP Nuggets - Episode 1
CISSP Nuggets are here to help you prepare you for the the Certified Information Systems Security Professional examinations on the go. I will be uploading 3 questions per nugget (want more? tell me about it on https://www.linkedin.com/company/cybersecurity-weekly).
Here's a link to the Udemy course with 3 full 3h tests: https://www.udemy.com/course/cissp-tests/?couponCode=4D6B28349036096FBF41
PS: I give away 100% free access to this Udemy course for 3 days every month. Follow our linkedin page for catching up the discount code for this month.
Best Wishes!
-AG
Virtual Private Network (VPN) - the glorified untrustworthy internet - #CSW #TechTalks - Ep. 2
Why should you use VPN? Does VPN make your private browsing Secure? FAQs and Myths Unfolded
In this episode we take leap into understanding Virtual Private Networks (VPN) with cybersecurity researcher Sina Davanian who is a postdoctoral researcher at University of California Berkley. It is an interesting episode as we talk about some basic issues with present day VPNs vs their real intended use cases. Is VPN at all trustable for your common, confidential and binging use cases (yea, privacy too).
Cybersecurity Insurance as a risk management strategy - #CSW #TechTalks - Ep. 1
In this episode we meet a known reseracher in the domain of cybersecurity and risk management - Dr. Kate Labunets. Dr. Kate is has worked across the globe and her publications are well known in the cybersec domain. She has been working as a postdoctoral reseracher at TU Delft, Netherlands and CYBECO. Today we will be talking to Dr. Kate about 'useful' cybersecurity, cyber insurances her expert opinions on risk management strategies.