Hackers are actively exploiting two of the vulnerabilities. One affects unpatched versions of Google Chrome, and the other concerns an open source library associated with Excel.
Cybercriminals actively exploit two bugs. The American warns against this Cybersecurity and Infrastructure Security Agency (Sissa). The first leak is in Google Chrome and has a label CVE-2023-7024. A critical bug allows attackers to execute remote code via a buffer overflow issue. The bug was discovered last year and Google released a patch on December 20. Not everyone has installed this patch and hackers are eagerly exploiting it.
Open source library
The other error is in an open source library: Spreadsheet::ParseExcel. This library allows, among other things, to import and export data from Excel. Developers use it as a compatibility layer for handling Excel files in Perl-based web applications. However, versions 0.65 and earlier of the library are vulnerable to a bug called CVE-2023-7101. This flaw allows attackers to execute their own code.
The library is used by Barracuda, among other companies, for their email security gateway. Chinese attackers targeted this product late last year. Barracuda released a patch before New Year's.
The general patching of the library vulnerability is of course a bit more complicated. Developers who have integrated the open source library should always update their applications to a version that is no longer vulnerable.
“Lifelong entrepreneur. Total writer. Internet ninja. Analyst. Friendly music enthusiast.”
More Stories
Dutch IT channel – DoubleYou strengthens security for Apple devices
Nano 8.0 version comes with better shortcut keys for cutting and pasting and a new search function – Computer – News
Bitwarden launches authenticator app for Android and iOS