fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Mozilla Fixes Firefox Bug Letting you get Windows Admin Privileges

Mozilla Fixes Firefox Bug Letting you get Windows Admin Privileges

Mozilla released a security update to address a high severity privilege escalation vulnerability found in the Mozilla Maintenance Service.

The Mozilla Maintenance Service is an optional Firefox and Thunderbird service that makes application updates possible in the background.

This provides Firefox users with a seamless updates experience where they are no longer required to click ‘Yes’ in the Windows User Account Control (UAC) dialog before updating their web browser or email client.

Also Read: September 2021 PDPC Incidents and Undertaking: Lessons from the Cases

Mozilla fixed the privilege escalation security flaw tracked as CVE-2022-22753 today, with the release of Firefox 97.

Successful exploitation on unpatched systems can let attackers escalate their privileges to NT AUTHORITY\SYSTEM account rights (the highest level of privileges on a Windows system).

“A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access,” Mozilla explained.

“This bug only affects Firefox on Windows. Other operating systems are unaffected.”

Mozilla also said that Firefox 97 addresses multiple memory safety bugs found by Mozilla developers and community in Firefox 96 and Firefox ESR 91.5.

“Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code,” Mozilla added.

Firefox 97 also adds new features, improvements

Today’s release also comes with new features such as support for the new style of scrollbars on Windows 11 and fixes, including improvements to macOS system font loading that makes opening and switching to new tabs faster.

Also Read: The 5 Important Things To Know In Security Pen Testing

Firefox 97 also removes support for directly generating PostScript for printing on Linux, although printing to PostScript printers is still available as a supported option.

In December, Mozilla also fixed a critical memory corruption bug affecting its cross-platform Network Security Services (NSS) cryptography libraries.

On systems running vulnerable Firefox versions, exploitation could lead to a heap-based buffer overflow, with the impact ranging from program crashes and arbitrary code execution to bypassing security software if code execution is gained.

Mozilla said at the time that all PDF viewers and email clients which use NSS versions released since October 2012 for signature verification were believed to be affected.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us