Threat Report 12/10/24
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution Multiple vulnerabilities have been discovered in Google Android...
A vulnerability has been discovered in OpenSSH, which could allow for remote code execution. OpenSSH is a suite of secure networking utilities based on the SSH protocol and is crucial for secure communication over unsecured networks. It is widely used in enterprise environments for remote server management, secure file transfers, and various DevOps practices. Successful exploitation of this vulnerability could allow for remote code execution in the context of the administrator account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Systems:
Risk
Remediation Recommendations
References
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
Chrome prior to 126.0.6478.126/127 for Windows and Mac
Chrome prior to 126.0.6478.126 for Linux
Risk
Remediation Recommendations
References
Multiple vulnerabilities have been discovered in MOVEit products, which could allow for authentication bypass.
Successful exploitation of these vulnerabilities could allow for an attacker to bypass authentication. An attacker could then view, change, or delete data; or create new accounts with full user rights.
Affected Systems:
MOVEit Gateway versions prior to 2024.0.1
MOVEit Transfer versions prior to 2024.0.2, 2023.1.6, and 2023.0.11
Risk
Remediation Recommendations
References
Microsoft is notifying additional customers whose email correspondence with Microsoft was accessed by the Russian threat actor Midnight Blizzard, Engadget reports. Microsoft stated, "This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor. This is increased detail for customers who have already been notified and also includes new notifications."
Researchers at EVA Information Security discovered a set of vulnerabilities affecting the open-source dependency manager CocoaPods that could allow a threat actor "to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and MacOS applications." The vulnerabilities have since been patched.
EVA explains, "A 2014 migration process left thousands of orphaned packages (where the original owner is unknown), many of which are still widely used in other libraries. Using a public API and an email address that was available in the CocoaPods source code, an attacker could claim ownership over any of these packages, which would then allow the attacker to replace the original source code with their own malicious code." Additionally, "An insecure email verification workflow could be exploited to run arbitrary code on the CocoaPods ‘Trunk’ server (manages the distribution and metadata of Podspecs), which would allow an attacker to manipulate or replace the packages being downloaded." Finally, "A separate vulnerability would allow an attacker to infiltrate the CocoaPods ‘Trunk’ server and perform a near-unlimited range of exploits."
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution Multiple vulnerabilities have been discovered in Google Android...
Critical Patches Issued for Microsoft Products Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could...
Multiple Vulnerabilities in Microsoft Edge (Chromium-Based) Could Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered...