HTG Threat Report

Threat Report 1/18/24

Written by Evan Kennedy | Jan 22, 2024 4:51:30 PM
A Vulnerability in Google Chrome
Could Allow for Arbitrary Code Execution
 

A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. 

 

Affected Systems:

  • Chrome prior to 120.0.6099.224/225 for Windows  
  • Chrome prior to 120.0.6099.1234 for Mac and Linux 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all devices with Google Chrome have the latest version installed.  
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it).

References

 

Critical Patches Issued for Microsoft Products        

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. 

 

Affected Systems:

  • Popular Microsoft products including, but not limited to, .NET, Visual Studio, and Hyper-V 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure Microsoft software have the latest version(s) installed
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References

 


 
70 Million Accounts Impacted in September 2023 Data Breach  

In September 2023,over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs obtained from unnamed sources. In total, the corpus of data included 71M unique email addresses and 100M unique passwords. 

 

 
 
SonicWall Firewall Vulnerabilities 

 

Researchers at Bishop Fox warn that over 178,000 SonicWall Firewalls “are affected by two unauthenticated denial-of-service vulnerabilities with the potential for remote code execution.” The researchers note, “The impact of a widespread attack could be severe. In its default configuration, SonicOS restarts after a crash, but after three crashes in a short period of time, it boots into maintenance mode and requires administrative action to restore normal functionality. The latest available firmware protects against both vulnerabilities, so be sure to upgrade immediately (and make sure the management interface isn’t exposed to the internet).” 


 
Atlassian Patches Critical Flaw in Confluence Data Center and Confluence Server 

Atlassian has released a patch for a critical template injection vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution, Help Net Security reports. The bug, which has been assigned a CVSS score of 10, affects all versions released before December 5th. Atlassian says in its advisory, "If you are on an out-of-date version, you must immediately patch. Atlassian recommends that you patch each of your affected installations to the latest version available." 

The vulnerability's description states, "A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin."