HTG Threat Report

Threat Report 10/5/23

Written by Evan Kennedy | Oct 5, 2023 2:31:38 PM
Multiple Vulnerabilities in Google Chrome
Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

 

Affected Systems:

  • Chrome versions prior to 117.0.5938.132 for Windows, Mac and Linux

Risk:

  • Large and medium business entities: High
  • Small business entities: Medium

Remediation Recommendations

  • Ensure Google Chrome has the latest version(s) installed.
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

 

Multiple Vulnerabilities in Apple Products
Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

  • macOS Sonoma is the current major release of macOS
  • Safari is a web browser developed by Apple

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Affected Systems:

  • macOS Sonoma prior to 14

  • Safari prior to 17

Risk:

  • Large and medium business entities: High
  • Small business entities: Medium

Remediation Recommendations

  • Ensure Apple software has the latest version(s) installed.

  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

 
Multiple Vulnerabilities in Mozilla Products
Could Allow for Arbitrary Code Execution

A vulnerability has been discovered in Mozilla products, which could allow for arbitrary code execution.

  • Mozilla Firefox is a web browser used to access the Internet.
  • Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
  • Mozilla Thunderbird is an email client.

Successful exploitation of this vulnerability could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

 

Affected Systems:

  • Firefox ESR versions prior to 115.3

  • Firefox versions prior to 118

  • Thunderbird versions prior to 115.3

Risk:

  • Large and medium business entities: High
  • Small business entities: Medium

Remediation Recommendations

  • Ensure all Mozilla products have the latest version available installed.

  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

 
A Vulnerability in Cisco Emergency Responder
Could Allow for Arbitrary Code EXECUTION

A vulnerability has been discovered in Cisco Emergency Responder that could allow for arbitrary code execution on a targeted host. Successful exploitation could allow an unauthenticated remote attacker to log in to the affected system using the root account and execute arbitrary commands. Cisco Emergency Responder is used to enhance the existing emergency 9-1-1 functionality offered by the Cisco Unified Communications Manager. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Affected Systems:

  • Cisco Emergency Responder Release 12.5(1)SU

Risk:

  • Large and medium business entities: High
  • Small business entities: High

 

Remediation Recommendation

  • Ensure Cisco Emergency Responder has the latest version available installed.

  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

 
EvilProxy Phishes for ExecutiveS

Researchers at Menlo Security warn that a phishing campaign is exploiting an open-redirect vulnerability on the job listing site Indeed to distribute a link to a spoofed Microsoft login page. The campaign is targeting C-suite employees in various industries, particularly banking and financial services, insurance, property management and real estate, and manufacturing. The threat actors are using the EvilProxy phishing-as-a-service platform.