3 min read

Threat Report 11/7/24

Threat Report 11/7/24
Multiple Vulnerabilities in Microsoft Edge (Chromium-Based) Could Allow for Arbitrary Code Execution
 

Multiple vulnerabilities have been discovered in Microsoft Edge (Chromium-based), the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.


Affected Systems:

  • Microsoft Edge versions prior to 130.0.2849.46


Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all devices with Edge installed have the latest version(s) installed.

  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

 
 
Vulnerability in Apple Products
Could Allow for Arbitrary Code ExecutioN

 

Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Affected Systems:

  • Versions prior to iOS 18.1 and iPadOS 18.1
  • Versions prior to Safari 18.1
  • Versions prior to iOS 17.7.1 and iPadOS 17.7.1
  • Versions prior to macOS Sequoia 15.1
  • Versions prior to macOS Sonoma 14.7.1
  • Versions prior to macOS Ventura 13.7.1
  • Versions prior to watchOS 11.1
  • Versions prior to tvOS 18.1
  • Versions prior to visionOS 2.1
 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure Apple software has the latest version(s) installed
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it


References


A Vulnerability in Fortinet FortiManager
Could Allow for Remote Code Execution
  

A vulnerability has been discovered in Fortinet FortiManager which could allow for remote code execution. FortiManager is a network and security management tool that provides centralized management of Fortinet devices from a single console. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

 

Affected Systems:

  • FortiManager 7.6.0
  • FortiManager 7.4.0 through 7.4.4
  • FortiManager 7.2.0 through 7.2.7
  • FortiManager 7.0.0 through 7.0.12
  • FortiManager 6.4.0 through 6.4.14
  • FortiManager 6.2.0 through 6.2.12
  • FortiManager Cloud 7.4.1 through 7.4.4
  • FortiManager Cloud 7.2.1 through 7.2.7
  • FortiManager Cloud 7.0.1 through 7.0.12
  • FortiManager Cloud 6.4 all versions

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all versions of products are updated to their latest versions 

  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

  • https://www.fortiguard.com/psirt/FG-IR-24-423






Oracle Quarterly Critical Patches Issued October 15, 2024  
  

Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution.

 

Affected Systems:

  • Most Oracle products including, but not limited to, Oracle Communications, Oracle Java SE, and MySQL

Risk

  • Large and medium business entities: High
  • Small business entities: High

 

Remediation Recommendations

  • Ensure all devices utilizing Oracle products have the latest version(s) installed 

  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References




Midnight Blizzard Launches Widespread
Spearphishing Campaign Using RDP Files
 

Microsoft has published a report on a major spearphishing campaign launched by Midnight Blizzard (also known as "Cozy Bear" or "APT29"), a threat actor attributed to Russia's Foreign Intelligence Service (SVR). The threat actor sent spearphishing emails to thousands of individuals at over a hundred organizations in the government, academia, defense, NGOs, and other sectors. The emails impersonated Microsoft employees to deliver a signed Remote Desktop Protocol (RDP) configuration file, which is a new access vector for the threat actor.

Microsoft explains, "In this campaign, the malicious .RDP attachment contained several sensitive settings that would lead to significant information exposure. Once the target system was compromised, it connected to the actor-controlled server and bidirectionally mapped the targeted user’s local device’s resources to the server. Resources sent to the server may include, but are not limited to, all logical hard disks, clipboard contents, printers, connected peripheral devices, audio, and authentication features and facilities of the Windows operating system, including smart cards. This access could enable the threat actor to install malware on the target’s local drive(s) and mapped network share(s), particularly in AutoStart folders, or install additional tools such as remote access trojans (RATs) to maintain access when the RDP session is closed."

 

Threat Report 12/10/24

Threat Report 12/10/24

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution Multiple vulnerabilities have been discovered in Google Android...

Read More
Threat Report 11/21/24

Threat Report 11/21/24

Critical Patches Issued for Microsoft Products Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could...

Read More
Threat Report 11/7/24

Threat Report 11/7/24

Multiple Vulnerabilities in Microsoft Edge (Chromium-Based) Could Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered...

Read More