Logo Logo
  • Home
  • Modshield SB
  • services
    • Application Security Testing
    • IoT Security Testing
    • Infrastructure Security Testing
    • Testing for Compliance
    • Red Team Exercise
    • Performance Testing
  • Training
    • Cybersecurity Awareness Program
    • Cybersecurity For Developers(Web Application)
    • Cybersecurity For Developers(Mobile Application)
  • Resources
    • Blog
    • CyberNews
  • About
    • Partners
    • Contact

Top CyberNews November 2021 – Week 2

  • Home
  • Blog Details
November 10 2021
  • CyberNews

A backdoor, a critical vulnerability, and a new zero-day vulnerability. It seems the cyber threats are taking a ride for the second week of november 2021

 

Two NPM Packages With 22 Million Weekly Downloads Found Backdoored

After gaining unauthorised access to the respective developer’s accounts, packages with nearly 22 million weekly downloads were discovered to be compromised with malicious code.

The two libraries in question are “coa,” a command-line option parser, and “rc,” a configuration loader, both of which were tampered with by an unidentified threat actor to include “identical” password-stealing malware.

After gaining unauthorised access to the respective developer's accounts, packages with nearly 22 million weekly downloads were discovered to be compromised with malicious code.
22 million weekly downloads were compromised

Users of coa versions beginning with 2.0.3 and higher — 2.0.3, 2.0.4, 2.1.1, 2.1.3, 3.0.1, and 3.1.3 — are advised to downgrade to a lower version.

Critical RCE Vulnerability Reported in Linux Kernel’s TIPC Module

Researchers in cybersecurity have discovered a security flaw in the Linux kernel’s Transparent Inter-Process Communication (TIPC) module, which could be exploited both locally and remotely to execute arbitrary code within the kernel and take control of vulnerable machines.

Researchers in cybersecurity have discovered a security flaw in the Linux kernel's Transparent Inter-Process Communication (TIPC) module, which could be exploited both locally and remotely to execute arbitrary code within the kernel and take control of vulnerable machines.
Critical RCE Vulnerability in Linux Kernel’s TIPC Module

The heap overflow vulnerability tracked as CVE-2021-43267 (CVSS score: 9.8) “can be exploited locally or remotely within a network to gain kernel privileges, and would allow an attacker to compromise the entire system,” cybersecurity firm SentinelOne said in a report published today and shared with The Hacker News.

Google Warns of New Android 0-Day Vulnerability Under Active Targeted Attacks

Google has released its monthly Android security patches, including fixes for 39 flaws, including a zero-day vulnerability that the company claims is being actively exploited in the wild in limited, targeted attacks.

Google Warns of New Android 0-Day Vulnerability Under Active Targeted Attacks
New Android 0-Day Vulnerability

The zero-day bug, identified as CVE-2021-1048, is described as a use-after-free vulnerability in the kernel that can be exploited for local privilege escalation. Use-after-free issues are dangerous because they allow a threat actor to access or refer to memory after it has been freed, resulting in a “write-what-where” condition that allows a threat actor to execute arbitrary code to gain control of a victim’s system.

Get the latest news on cybersecurity

Previous Post Next Post

Leave a Comment

Recent Posts

  • SOC 2 Compliance – Complete Guide
  • What is compliance and why do you need it?
  • OWASP WAF – Web Application Firewall
  • Top Cyber News April Week 3
  • Top Cyber News April Week 2

Recent Comments

  1. Vishnu on IEC 62443 – Cybersecurity for Industrial Automation and Control Systems

Archives

  • July 2022
  • June 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • June 2020

Categories

  • Blog
  • CyberNews
© Copyright 2020. Anada WordPres Theme By WordPressRiver