Weekly Cybersecurity Review: Chrome’s Latest Vulnerability, IngressNightmare’s Impact, Solar Bugs Challenge, and Innovative DNS Strategies
threats that even top professionals didn’t see coming.
Chrome 0-Day
Last week, Google issued an urgent update after discovering a zero-day vulnerability in their Chrome browser.
This 0-day, CVE-2019-13720, could let attackers execute code on targeted systems.
It was being actively exploited in the wild—thus the label ‘0-day’.
To date, Google has released patches to rectify this issue.
Users are strongly advised to update their Chrome browser immediately.
IngressNightmare
IngressNightmare, a new type of malware, has come to light.
It exploits misconfigured Ingress-NGINX controllers to route unwanted traffic to internal Kubernetes services.
Cybersecurity firm Unit 42 uncovered that the malware could create a fake AP to perform a variety of malicious activities.
Solar Bugs
A series of vulnerabilities in the SolarWinds Orion platform were disclosed.
The bugs, if exploited, could grant attackers administrative privileges, leading to massive network compromise.
Affected organizations are urged to update to the latest SolarWinds patches to mitigate the threat.
DNS Tactics
With the increasing use of DNS tunneling techniques by cyber criminals, organizations need to monitor DNS traffic meticulously for any anomalies.
DNS-based attacks aren’t new, but they are morphing and becoming more sophisticated, making them harder to uncover.
Conclusion
The cybersecurity landscape is continually evolving with new threats and vulnerabilities surfacing every day.
Organizations must make regular software updates, monitor their DNS traffic, and fix misconfigurations to minimize risk.
This week’s recap once again highlights the importance of taking a proactive, layered cybersecurity approach.
