🛡 H3lium@infosec.exchange/:~# :blinking_cursor:<p>"⚠️ Alert: Google Chrome Zero-Day CVE-2023-7024 Exploited in the Wild! 🌐💥"</p><p>Google's latest patch addresses a critical zero-day vulnerability in Chrome, CVE-2023-7024. Identified as a heap-based buffer overflow in WebRTC, it's exploited in the wild. Chrome versions before 120.0.6099.129 are vulnerable. 🚨</p><p>Details: CVE-2023-7024, discovered by Google TAG, affects several browsers using WebRTC. It's the eighth zero-day patched by Google this year, underscoring the evolving cybersecurity landscape.</p><p>Mitigation: Users should urgently update to Chrome 120.0.6099.129/130 (for Windows) or 120.0.6099.129 (for Mac/Linux) to protect against this and other security fixes included in recent Chrome updates. 🛡️</p><p>Source: <a href="https://threatprotect.qualys.com/2023/12/21/google-chrome-zero-day-vulnerability-exploited-in-the-wild-cve-2023-7024/" rel="nofollow noopener" target="_blank">Qualys ThreatPROTECT</a> by Diksha Ojha; <a href="https://chromereleases.googleblog.com/2023" rel="nofollow noopener" target="_blank">Chrome Releases Blog</a></p><p>Tags: <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/GoogleChrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleChrome</span></a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://infosec.exchange/tags/CVE2023" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2023</span></a> <a href="https://infosec.exchange/tags/WebRTC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebRTC</span></a> <a href="https://infosec.exchange/tags/UpdateNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UpdateNow</span></a> <a href="https://infosec.exchange/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAttack</span></a> <a href="https://infosec.exchange/tags/InfoSecExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSecExchange</span></a></p>
med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon
Administered by:
Server stats:
339active users
med-mastodon.com: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#cve2023
0 posts · 0 participants · 0 posts today
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:<p>"🚨 <a href="https://infosec.exchange/tags/CitrixHypervisor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CitrixHypervisor</span></a> Security Alert! 🚨"</p><p>Citrix has identified several security issues in Citrix Hypervisor 8.2 CU1 LTSR that could potentially compromise system security. These issues include AMD-based host compromise through a PCI device (CVE-2023-34326), host compromise with specific administrative actions (CVE-2022-1304), host crashes or unresponsiveness (CVE-2023-34324), and crashing of other VMs on AMD-based hosts (CVE-2023-34327). Additionally, a security problem affecting certain AMD CPUs, which may allow code in a guest VM to access previous integer divides in code running on the same CPU core, has been disclosed as CVE-2023-20588.</p><p>Mitigating factors include the dependency on AMD CPUs and the use of specific features. Customers not using AMD CPUs or PCI passthrough features may not be affected by some of these issues.</p><p>Citrix has released multiple security updates for Citrix Hypervisor 8.2 CU1 LTSR. Several vulnerabilities have been discovered:</p><ol><li><strong>CVE-2023-34326</strong>: A threat that allows malicious privileged code in a guest VM to compromise an AMD-based host via a passed-through PCI device.</li><li><strong>CVE-2022-1304</strong>: A vulnerability that can compromise the host when a specific administrative action is taken.</li><li><strong>CVE-2023-34324</strong>: A flaw that can cause the host to crash or become unresponsive.</li><li><strong>CVE-2023-34327</strong>: A vulnerability that can cause a different VM running on the AMD-based host to crash.</li><li><strong>CVE-2023-20588</strong>: A security issue affecting certain AMD CPUs, allowing code in a guest VM to determine values from previous integer divides in code running on the same CPU core.</li></ol><p>Citrix has provided hotfixes for these vulnerabilities. Affected users are advised to install these updates and follow the provided instructions. For more details, check the official Citrix article <a href="https://support.citrix.com/article/CTX575089" rel="nofollow noopener" target="_blank">here</a>.</p><p>Tags: <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Citrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Citrix</span></a> <a href="https://infosec.exchange/tags/Hypervisor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hypervisor</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/AMD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AMD</span></a> <a href="https://infosec.exchange/tags/CVE2023" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2023</span></a> <a href="https://infosec.exchange/tags/CVE2022" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2022</span></a> <a href="https://infosec.exchange/tags/SecurityUpdates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityUpdates</span></a> 🛡️🔧</p>
Ian Towner :donor:<p><a href="https://infosec.exchange/tags/keepass" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keepass</span></a> discussion on password exporting without explicitly entering the master password:</p><p><a href="https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">sourceforge.net/p/keepass/disc</span><span class="invisible">ussion/329220/thread/a146e5cf6b/</span></a></p><p>CVE details:<br><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-24055" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nvd.nist.gov/vuln/detail/CVE-2</span><span class="invisible">023-24055</span></a></p><p>I’ve not tried this out yet but it doesn’t sound great, the premise that admin access to your computer should mean compromise of all passwords in keepass vault is pretty ridiculous!</p><p><a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a>-2023-24055<br><a href="https://infosec.exchange/tags/cve2023" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve2023</span></a>-24055</p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload