A backdoor, a critical vulnerability, and a new zero-day vulnerability. It seems the cyber threats are taking a ride for the second week of november 2021
Two NPM Packages With 22 Million Weekly Downloads Found Backdoored
After gaining unauthorised access to the respective developer’s accounts, packages with nearly 22 million weekly downloads were discovered to be compromised with malicious code.
The two libraries in question are “coa,” a command-line option parser, and “rc,” a configuration loader, both of which were tampered with by an unidentified threat actor to include “identical” password-stealing malware.
Users of coa versions beginning with 2.0.3 and higher — 2.0.3, 2.0.4, 2.1.1, 2.1.3, 3.0.1, and 3.1.3 — are advised to downgrade to a lower version.
Critical RCE Vulnerability Reported in Linux Kernel’s TIPC Module
Researchers in cybersecurity have discovered a security flaw in the Linux kernel’s Transparent Inter-Process Communication (TIPC) module, which could be exploited both locally and remotely to execute arbitrary code within the kernel and take control of vulnerable machines.
The heap overflow vulnerability tracked as CVE-2021-43267 (CVSS score: 9.8) “can be exploited locally or remotely within a network to gain kernel privileges, and would allow an attacker to compromise the entire system,” cybersecurity firm SentinelOne said in a report published today and shared with The Hacker News.
Google Warns of New Android 0-Day Vulnerability Under Active Targeted Attacks
Google has released its monthly Android security patches, including fixes for 39 flaws, including a zero-day vulnerability that the company claims is being actively exploited in the wild in limited, targeted attacks.
The zero-day bug, identified as CVE-2021-1048, is described as a use-after-free vulnerability in the kernel that can be exploited for local privilege escalation. Use-after-free issues are dangerous because they allow a threat actor to access or refer to memory after it has been freed, resulting in a “write-what-where” condition that allows a threat actor to execute arbitrary code to gain control of a victim’s system.
Get the latest news on cybersecurity