The World Opinion

Tag: Cybersecurity Risks

  • CERT-In Finds Multiple Bugs In Google Chrome, GitLab |

    New Delhi: The Indian Computer Emergency Response Team (CERT-In), which comes under the Ministry of Electronics & Information Technology, has warned users of multiple vulnerabilities in Google Chrome and GitLab (an open-core company) which could allow an attacker to obtain sensitive information, bypass security restriction and cause denial-of-service (DoS) conditions on the targeted system.

    The affected software includes Chrome versions before 124.0.6367.118/.119 for Mac and Windows and Chrome versions prior to 124.0.6367.118 for Linux. For GitLab, the affected software includes -GitLab Community Edition (CE) and Enterprise Edition (EE) versions before 16.11.1, 16.10.4 and 16.9.6.

    “Multiple vulnerabilities have been reported in Google Chrome which could be exploited by a remote attacker to trigger remote code execution and DoS conditions on the targeted system,” said the CERT-In advisory. (Also Read: Now Limit Replies Only To Verified Users On X To Avoid Spam: Tesla and SpaceX CEO Elon Musk)

    According to the cyber agency, these vulnerabilities exist in Google Chrome due to the use-after-free flaw in Dawn and Picture in Picture components.

    On the other hand, multiple vulnerabilities such as authentication bypass vulnerability, security restriction bypass, and denial of service exist in GitLab due to improper authentication mechanisms, flaws in handling domain-based restrictions when processing crafted email addresses, path traversal vulnerability and an inefficient regular expression, respectively.

    As mentioned by the cyber agency, an attacker could use “these vulnerabilities by persuading a victim to visit a specially crafted website.” The agency suggested users apply appropriate security updates as mentioned by the companies.

  • Experts Warn boAt Users To Beware Of Unsuspecting, Uninitiated Contacts |

    New Delhi: Homegrown audio and wearable brand boAt has initiated an investigation into a potential data breach involving its customer information. This development has prompted experts to advise users to remain vigilant for any unexpected or unsolicited communications from the company or associated services.

    These communications may request additional information, such as passwords or two-factor authentication codes, raising concerns about potential security risks for boAt customers. Multiple reports have suggested that the cyber breach may have exposed the data of more than 7.5 million boAt customers. (Bajaj Allianz Life Introduces Premium Payment Options On WhatsApp)

    “The breach revealed that over 7.5 million customers’ sensitive information, including names, emails, phone numbers, addresses, and customer IDs, has been compromised and is now circulating on the dark web,” Maheswaran S, Country Manager South Asia, Varonis, told IANS. (Also Read: Tech Showdown: Samsung Galaxy M55 5G Vs OnePlus Nord CE4 5G; Clash of Features Under Rs 30,000)

    “This trove of data presents a lucrative opportunity for cybercriminals to orchestrate targeted and sophisticated social engineering attacks,” he added. In the 2023 IBM Cost of a Data Breach report, the average cost of a data breach for organizations reached $4.45 million, while the average cost per record reached $165, a nominal increase from 2022, which saw the average cost per record reach $164.

    According to Tenable’s senior staff research engineer Satnam Narang, the more sensitive information present in stolen data, the higher asking price can be expected. “In the case of the alleged boAt data breach, it’s been reported that it is being sold by the attacker for a little over a few $2 or around Rs 160,” Narang said.

    In addition, Harshil Doshi, Country Director, India & SAARC, Securonix, advised that affected users should change their account passwords, deploy two-factor authentication, stay alert for any social engineering attacks and look out for further updates from the company. A boAt’s Spokesperson said that the company is aware of recent data breach claims and “safeguarding customer data is our top priority.” (With IANS Inputs)