HTG Threat Report

Threat Report 8/1/24

Written by Evan Kennedy | Aug 16, 2024 6:07:10 PM
Multiple Vulnerabilities in Google Chrome
Could Allow for Arbitrary Code Execution
      

 Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could enable arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could install programs, view, change, or delete data or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.

Affected Systems:

  • Chrome prior to 127.0.6533.72/73 for Windows and Mac 
  • Chrome prior to 126.0.6533.722 for Linux


Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all devices using Google Chrome have the latest version(s) installed 
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it).

References

Vulnerability in Apple Products
Could Allow for Arbitrary Code Execution  
          

Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could enable arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could install programs, view, change, or delete data or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.

 

Affected Systems:

  • Safari versions prior to 17.6
  • iOS and iPadOS versions prior to 17.6
  • iOS and iPadOS versions prior to 16.7.9
  • macOS Sonoma versions prior to 14.6
  • macOS Ventura versions prior to 13.6.8
  • macOS Monterey versions prior to 12.7.6
  • watchOS versions prior to 10.6
  • watchOS versions prior to tvOS 17.6
  • visionOS versions prior to 1.3 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure Apple software has the latest version(s) installed 
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References

 
Microsoft Impacted by Distributed Denial of Service (DDoS) Attack 
 

Microsoft sustained a DDoS attack on July 30th that disrupted a range of Azure services, as well as Microsoft 365 and Microsoft Purview services, BleepingComputer reports. Notably, Microsoft's DDoS mitigation mechanisms actually exacerbated the attack. The company stated, "While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it." The company hasn't offered details on how this occurred but says it will publish a post-incident review within two weeks.




VMware ESXi Flaws Targeted by Ransomware Groups
 

Microsoft has warned that several ransomware actors are exploiting a vulnerability (CVE-2024-37085) in ESXi hypervisors that can be used to obtain full administrative permissions. VMware has issued patches for the flaw. Microsoft stated, "Microsoft security researchers identified a new post-compromise technique utilized by ransomware operators like Storm-0506, Storm-1175, Octo Tempest, and Manatee Tempest in numerous attacks. In several cases, this technique has led to Akira and Black Basta ransomware deployments. The technique includes running the following commands, which results in the creation of a group named 'ESX Admins' in the domain and adding a user to it." 

The US Cybersecurity and Infrastructure Security Agency (CISA) hasadded the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, ordering Federal Civilian Executive Branch (FCEB) agencies to apply patches by August 20th. 


CrowdStrike Outage Costs Fortune 500 Firms
Approximately $5.4 Billion  

 

Insurance services provider Parametrixestimates that the total direct costs faced by Fortune 500 companies due to last week's CrowdStrike outage will reach approximately $5.4 billion, ComputerWeekly reports. The outage, which was caused by a faulty CrowdStrike update that crashed Windows machines, affected around 25% of Fortune 500 firms, most heavily impacting airlines, hospitals, and banks. 

Software and IT companies (excluding Microsoft) were among the least affected, likely due to their greater reliance on Linux systems. Parametrix notes, "This could be viewed as a silver lining, because a high impact on this sector would have resulted in an even larger ripple effect, given this sector includes some of the largest service providers in the world."