Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Google Fixes Chrome Zero-Day Actively Exploited In The Wild

Google Fixes Chrome Zero-Day Actively Exploited In The Wild

Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released today, February 4th, 2020, to the Stable desktop channel for Windows, Mac, and Linux users.

“Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,” the Google Chrome 88.0.4324.150 announcement reads.

This version is rolling out to the entire userbase during the next days/weeks. Windows, Mac, and Linux desktop users can upgrade to Chrome 88 by going to Settings -> Help -> About Google Chrome.

The Google Chrome web browser will then automatically check for the new update and install it when available.

Chrome 88.0.4324.150

Also Read: How a Smart Contract Audit Works and Why it is Important

V8 vulnerability under active exploitation

The vulnerability rated by Google as high severity is being tracked as CVE-2021-21148 and was reported by Mattias Buelens on January 24th, 2021.

Microsoft disclosed on January 28th that a North Korean government-backed hacking group tracked as ZINC ‘likely’ used a Chrome browser exploit chain (with zero-day or patch gap exploits) to target vulnerability researchers.

The zero-day is described as a heap buffer overflow bug in V8, Google’s open-source and C++ based high-performance WebAssembly and JavaScript engine.

While buffer overflows generally lead to crashes, they can also be exploited by attackers to execute arbitrary code on systems running vulnerable software.

No details on attacks exploiting the zero-day

Even though Google says that it “is aware of reports that an exploit for CVE-2020-16009 exists in the wild,” the company did not provide any details regarding the threat actors behind these attacks.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google adds.

“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

This should provide Chrome users with additional time to install the security update released today and to prevent attackers from creating other exploits targeting this zero-day bug.

Also Read: Data Centre Regulations Singapore: Does It Help To Progress?

Last year, Google fixed five Chrome zero-days actively exploited in the wild, all within a single month, between October 20 and November 12.

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us