Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could install programs; view, change, or delete data; or create new accounts with full rights.
Affected Systems:
Risk
Remediation Recommendations
Ensure all devices running Android OS have the latest version(s) installed
Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Multiple vulnerabilities have been discovered in Mozilla Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Systems:
Risk
Remediation Recommendations
References
Trustwave has published a report on a phishing kit called "Rockstar 2FA," which is an updated version of the DadSec/Phoenix phishing kit. Rockstar is designed to steal Microsoft 365 credentials via spoofed login pages and can intercept session cookies to bypass multifactor authentication. The phishing sites use Cloudflare Turnstile challenges to filter visitors and send unwanted users to car-themed decoy pages. The researchers note, "In the messages we analyzed, various techniques were utilized to bypass antispam detections, such as obfuscation methods and the use of FUD links, including the abuse of legitimate link services, document attachments like HTML and PDF, and even QR codes."
SailPoint has released a security advisory for a maximum severity improper access control vulnerability (CVE-2024-10905) that was patched early in the week of December 2nd. SailPoint CISO Rex Booth said in a statement, “As part of our continued commitment to transparency and security, on Monday December 2, SailPoint issued a security advisory for its Identity IQ product which was assigned CVE-2024-10905. A fix has already been released, and we’ve provided customers with guidance on how to apply it. Publishing CVEs is a voluntary practice across the industry that demonstrates dedication to security and transparency. At SailPoint, we invest in secure development practices and strive to catch vulnerabilities prior to software release, but, as with all software, new vulnerabilities can emerge as attacker tactics and detection capabilities evolve. For this reason, we continually test our products in all stages of the development lifecycle to minimize risk to our customers."
Last week, a bipartisan group of US senators sent a letter to the Department of Homeland Security's inspector general requesting an audit of the Transportation Security Administration's (TSA's) use of facial recognition technology, the Record reports. The letter stated, "This technology will soon be in use at hundreds of major and mid-size airports without an independent evaluation of the technology’s precision or an audit of whether sufficient safeguards are in place to protect passenger privacy. TSA has not provided Congress with evidence that facial recognition technology is necessary to catch fraudulent documents, decrease wait times at security checkpoints, or stop terrorists from boarding airplanes." The senators added that "this program could become one of the largest federal surveillance databases overnight without authorization from Congress."
The letter asks DHS Inspector General Joseph Cuffari "to thoroughly evaluate TSA's facial recognition program and report your findings to Congress before it becomes the default form of passenger verification at security checkpoints."