2 min read

Threat Report 1/5/24

Threat Report 1/5/24
A Vulnerability in Google Chrome
Could Allow for Arbitrary Code Execution
  

 

A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. 

Affected Systems:

  • Chrome prior to 120.0.6099.199/200 for Windows  
  • Chrome prior to 120.0.6099.199 for Mac and Linux 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

Remediation Recommendations

  • Ensure all devices with Google Chrome have the latest version installed. 
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it).

References


 

Quishing Scams Represent a Growing Threat 
     

The US Federal Trade Commission (FTC) last week issued an alert outlining an increase in QR code phishing (or “quishing”), ZDNet reports. The FTC notes, “There are reports of scammers covering up QR codes on parking meters with a QR code of their own. And some crafty scammers might send you a QR code by text message or email and make up a reason for you to scan it.” The codes will bring users to a phishing site designed to steal their information or install malware. 

 


 
Ransomware Incident at Xerox

 

The US division of Xerox has sustained a cyberattack that may have involved the theft of personal information, the Record reports. BleepingComputer notes that the INC Ransom ransomware gang added the company to its data leak site on December 29th. 

The company said in a statement, “The incident had no impact on Xerox’s corporate systems, operations, or data, and no effect on XBS operations.  However, our preliminary investigation indicates that limited personal information in the XBS environment may have been affected. As per our policy and standard operating procedure, we will notify all affected individuals as required.” 

Incidents such as this serve as good reminders of the ever-present threat of ransomware. Always ensure that both technical and social security measures have been put in place to help mitigate the threat of ransomware infiltrating your organization’s network. 

 


 
Data Breach Blamed on Password Reuse 

 

Genetic testing company 23andMe has attracted criticism for its response to a major data breach the company sustained in December, TechCrunch reports. The hackers gained initial access by brute-forcing the accounts of 14,000 customers, then gaining access to the data of 6.9 million users who had opted-in to the service’s DNA Relatives feature. 23andMe’s response to the breach has been widely perceived as victim-blaming. 

The company stated in an email to customers who are suing the company that “users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe. Therefore, the incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures.” 

Hassan Zavareei, one of the lawyers representing victims of the breach, told TechCrunch, “23andMe knew or should have known that many consumers use recycled passwords and thus that 23andMe should have implemented some of the many safeguards available to protect against credential stuffing — especially considering that 23andMe stores personal identifying information, health information, and genetic information on its platform.” 






 
BlackBasta Decryptor 

 

Researchers from SRLabs have released a decryptor for the BlackBasta ransomware, allowing victims of the ransomware since November 2022 to recover their files. BleepingComputer reports that BlackBasta’s developers last week patched the flaw exploited by the decryptor, so it won’t work for newer attacks. 

SRLabs explains, “[F]iles can be recovered if the plaintext of 64 encrypted bytes is known. Whether a file is fully or partially recoverable depends on the size of the file. Files below the size of 5000 bytes cannot be recovered. For files between 5000 bytes and 1GB in size, full recovery is possible. For files larger than 1GB, the first 5000 bytes will be lost but the remainder can be recovered.” 

 

Threat Report 12/10/24

Threat Report 12/10/24

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution Multiple vulnerabilities have been discovered in Google Android...

Read More
Threat Report 11/21/24

Threat Report 11/21/24

Critical Patches Issued for Microsoft Products Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could...

Read More
Threat Report 11/7/24

Threat Report 11/7/24

Multiple Vulnerabilities in Microsoft Edge (Chromium-Based) Could Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered...

Read More