Week in review: KeePass vulnerability, Apple fixes exploited WebKit 0-days

Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409)
Apple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for many vulnerabilities but, most importantly, for CVE-2023-32409, a WebKit 0-day that “may have been actively exploited.”

Google Cloud CISO on why the Google Cybersecurity Certificate matters
In this Help Net Security interview, Phil Venables, CISO at Google Cloud, sheds light on how this initiative will create greater opportunities for individuals worldwide and contribute to meeting the increasing demand for cybersecurity professionals.

SquareX’s vision: A future where internet security is a non-issue
SquareX, the brainchild of cybersecurity trailblazer Vivek Ramachandran, is on a mission to revolutionize the cybersecurity landscape with a unique browser-based solution, designed to fortify online safety for consumers.

Enhancing open source security: Insights from the OpenSSF on addressing key challenges
In this Help Net Security interview, we meet a prominent industry leader. Brian Behlendorf, CTO at the Open Source Security Foundation (OpenSSF), shares insights on the influence of his experiences with the White House CTO office, World Economic Forum, and Linux Foundation on leading the OpenSSF and addressing open-source security challenges.

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)
A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the researcher who unearthed the flaw.

Advantech’s industrial serial device servers open to attack
Three vulnerabilities in Advantech’s EKI series of serial device servers could be exploited to execute arbitrary commands on the OS level.

DarkBERT could help automate dark web mining for cyber threat intelligence
Researchers have developed DarkBERT, a language model pretrained on dark web data, to help cybersecurity pros extract cyber threat intelligence (CTI) from the Internet’s virtual underbelly.