Google Chrome Exploits and Critical Azure Bugs: Cybersecurity News for the Week of 09/13/21

Published 9/23/2021, 9:30am

In this week’s cybersecurity news roundup, security researchers have discovered new Azure vulnerabilities that can lead to remote code execution and privilege escalation. Google Chrome has updated its browser to patch several vulnerabilities, including two that are currently being exploited in the wild. And the ZLoader malware has returned to target banking credentials.

• This week in cloud security: Microsoft warns of OMIGOD Azure vulnerabilities
• More Google Chrome exploits discovered in the wild, Updates issued
• Fifteen-year-old malware ‘ZLoader’ malware has returned

Final Words

While the return of ZLoader is notable, more interesting this week is the ‘Tale of Two Patches.’ 

In response to the discovered Chrome exploits, Google has issued a new version of Chrome to patch the vulnerabilities. The new version automatically updates when the user launches the browser.

In contrast, Azure administrators must manually update their systems to install patches to eradicate the OMIGOD Azure vulnerability.

The number of vulnerabilities discovered every week seems endless, and managing the interminable flow of those vulnerabilities can be a daunting task for any organization, regardless of size. Compounding the constant backlog of vulnerabilities to remediate, patch management is only one small part of a cybersecurity or IT professional’s daily tasks.

With skilled cybersecurity practitioners in short supply, staying on top of the constant stream of vulnerabilities, bugs, exploits, zero-days, and patches can be overwhelming. While it is nice when vendors automatically update their solutions without requiring user interaction, the reality is that this isn’t always possible. But even when it is possible, deploying a patch is only part of the challenge. Businesses need to make sure that the new patch won’t cause performance issues or problems with other connected applications or business-critical systems, which can lead to maintaining unpatched software until testing is complete.

Patch management needs to be seen as part of a business’s overall security strategy—one that involves the application of a vulnerability management solution that includes vulnerability scanning, governance, integration and automation, and overall health checks to continually optimize a business’s security posture and effectiveness.