Browser Security Updates - February 2024

LATEST INDUSTRY NEWS AND TAKEAWAYS

Google Fixes First Actively Exploited Chrome Zero-Day of 2024

Learn more here

What happened?

Google has addressed the first actively exploited Chrome zero-day vulnerability of 2024. The security flaw, identified as CVE-2024-20023, allowed attackers to execute arbitrary code within the browser, posing a significant risk to users. The patch was part of the stable channel update for Chrome, emphasizing the importance of prompt updates to mitigate potential threats. ?

LayerX recommendation:

Keeping your browser updated is critical in protecting against zero-day vulnerabilities. Most users are unaware of the risks associated with unpatched browsers.? The LayerX platform gives full visibility to all browser versions in the workspace, while also utilizing policies to notify and educate users, prompting them to update their browser.

WordPress Sites are Under Attack

Learn more here, here and here

What happened? During January 2024, users of WordPress sites were targeted:

• Over 150,000 WordPress sites are at risk of takeover due to a vulnerable plugin. The security flaw, present in the UpdraftPlus WordPress plugin, could allow attackers to remotely execute arbitrary code, potentially leading to site compromise.
• A new malware campaign involving the Balada Injector has successfully infected approximately 6,700 WordPress websites. The Balada Injector is a malicious script designed to compromise web pages and inject malicious content, potentially leading to the distribution of malware or unauthorized access to sensitive information.
• Hackers are directing their attention to a popular WordPress database plugin, wpDiscuz, active on over 1 million sites, with the goal of exploiting vulnerabilities and potentially gain unauthorized access to sensitive information stored in the associated databases.?

?

LayerX recommendation:

Compromised websites can serve as breeding grounds for cyber attacks, exploiting vulnerabilities to launch malicious activities. LayerX recommends immediate updating of the plugins on WordPress sites to the latest version to mitigate the risk of site takeover through a recently discovered security flaw. ?Additionally, LayerX provides regular monitoring and updates, which will help to mitigate the risks posed by the ongoing Balada Injector.?

X Users are Targeted Using Malicious Crypto Ads. Learn more here

What happened?

Users of X, formerly known as Twitter, have been voicing their discontent over the persistent barrage of malicious cryptocurrency ads that they encounter while browsing. These ads not only disrupt the user experience but also raise significant security and privacy concerns.?

?

LayerX?recommendation:

We strongly recommend users to behave with caution when clicking on ads in general. LayerX provides AI-powered secure browsing that runs from within the browser, equipped with just-in-time threat intelligence and real-time code scanning. Its continuous risk assessment would block attacks of this sort.

LATEST FROM THE LAYERX BLOG?

Enterprise Browser's and Extensions Buyers Guide

Get a concrete and actionable checklist for finding an enterprise browser extension solution. The guide includes everything you need to know to answer the security needs of your organization.

Read the full post

NEW COLLATERAL BY LAYERX