Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
Chrome prior to 128.0.6613.119/200 for Windows and Mac
Chrome prior to 128.0.6613.119 for Linux
Risk
Remediation Recommendations
Ensure all devices using Google Chrome have the latest version(s) installed
Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Multiple vulnerabilities have been discovered in Mozilla Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Systems:
Risk
Remediation Recommendations
References
Multiple vulnerabilities have been discovered in Veeam Products, the most severe of which could allow for remote code execution.
Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.
Affected Systems:
Risk
Remediation Recommendations
Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
The New Jersey Cybersecurity and Communications Integration Cell’s (NJCCIC) email security solution observed a recent surge in campaigns disseminating 404 Keylogger infostealing malware. 404 Keylogger, also known as SnakeKeylogger, is both a downloader and an information-stealing malware. This malware-as-a-service can steal credentials, log keystrokes, capture screenshots, harvest emails, and grab clipboard data.
The most recent email campaign includes messages claiming to be requests for invoices and product inquiries. The emails contain compressed executables disguised as Microsoft Word documents utilizing Packager Shell Objects (OLE) to exploit vulnerabilities found in Equation Editor. Upon successful exploitation, the LCG Kit downloads and installs AgentTesla and 404 Keylogger.
In another campaign, the phishing emails contained Microsoft Excel attachments. OLE was also utilized to download an HTML Application (HTA) file, which invoked PowerShell to download an executable file to install 404 Keylogger. Once installed, 404 Keylogger issues further PowerShell commands to evade detection and edit scheduled tasks to maintain persistence on the victim’s device. Another security researcher recently alerted users to an uptick in 404 Keylogger attacks; however, the attack vector has not been disclosed despite calling it a zero-day detection.
Proofpoint describes a social engineering campaign that's impersonating tax authorities in Europe, Asia, and the US in order to deliver a custom strain of malware dubbed "Voldemort." The researchers explain, "The attack chain comprises multiple techniques currently popular within the threat landscape as well as uncommon methods for command and control (C2) like the use of Google Sheets. Its combination of the tactics, techniques, and procedures (TTPs), lure themes impersonating government agencies of various countries, and odd file naming and passwords like 'test' are notable. Researchers initially suspected the activity may be a red team, however the large volume of messages and analysis of the malware very quickly indicated it was a threat actor."
The researchers don't attribute the activity to any particular threat actor, but they believe the campaign's goal is cyberespionage.