Weekly Vulnerabilities Review (October 4 – October 10)
Weekly Vulnerabilities Review (October 4 – October 10)

Let’s take a look at a brief overview of new cybersecurity solutions from last week. In the spotlight: WordPress, tagDiv Composer, Citrix NetScaler, SlowMist, Balancer, ConnectedIO, Looney Tunables, GNU C, Debian, Ubuntu, Fedora, Sony, MOVEit Transfer, Microsoft, Edge, Microsoft Teams, Skype, Google, Chrome.

Cybersecurity experts have identified a vulnerability in the tagDiv Composer plugin for the CMS WordPress. Identified as CVE-2023-3169, this flaw allowed hackers to inject malicious code into approximately 10,000 websites.

Attackers are exploiting a vulnerability, CVE-2020-33519, in Citrix NetScaler systems. This security flaw lets them inject malicious JavaScript scripts and pilfer user data, including login credentials.

On August 22, 2023, the Balancer protocol development team reported a critical vulnerability after cybersecurity firm SlowMist uncovered a hack. This vulnerability affects several V2 Boost pools.

High-risk vulnerabilities were found in ConnectedIO routers and their corresponding cloud management platform. Exploitation of these security lapses can allow adversaries to execute malicious code and access sensitive data.

Cybersecurity professionals have issued a warning regarding the appearance of PoC exploits for the Looney Tunables vulnerability found in the GNU C library’s dynamic linker. This flaw, which allows local attackers to gain root access, affects several renowned Linux distributions, including Debian, Ubuntu, and Fedora.

A significant data breach has hit Sony due to the exploitation of a zero-day vulnerability in MOVEit Transfer, identified as CVE-2023-34362.

Microsoft Corp has announced an early release of patches addressing two vulnerabilities in popular open-source libraries, affecting major products like the Edge browser, Microsoft Teams, and Skype.

Google Corp has rolled out an urgent security update for the Chrome browser across Windows, macOS, and Linux platforms. This update rectifies a critical zero-day vulnerability, CVE-2020-35217, associated with a buffer overflow in the VP8 codec within the libvpx library. It’s reported that this flaw is currently being exploited in the wild.