HTG Threat Report

Threat Report 2/1/24

Written by Evan Kennedy | Feb 1, 2024 3:52:10 PM
A Vulnerability in Google Chrome
Could Allow for Arbitrary Code Execution
  

A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. 

 

Affected Systems:

  • Chrome prior to 121.0.6167.139/140 for Windows 
  • Chrome prior to 121.0.6167.139 for Mac and Linux 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all devices with Google Chrome have the latest version installed.  
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it).

References

 

Multiple Vulnerabilities in Apple Products
Could Allow for Arbitrary Code Execution       

Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. 

 

Affected Systems:

  • Versions prior to macOS Sonoma 14.3 
  • Versions prior to macOS Ventura 13.6.4 
  • Versions prior to macOS Monterey 12.7.3 
  • Versions prior to watchOS 10.3 
  • Versions prior to tvOS 17.3 
  • Versions prior to iOS 15.8.1 and iPadOS 15.8.1 
  • Versions prior to iOS 16.7.5 and iPadOS 16.7.5 
  • Versions prior to iOS 17.3 and iPadOS 17.3 
  • Versions prior to Safari 17.3 


Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all Apple devices have the latest version(s) of their operating system installed.
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References


 
Multiple Vulnerabilities in Mozilla Products
Could Allow for Arbitrary Code Execution
      

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.  Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. 

 

Affected Systems:

  • Firefox ESR versions prior to 115.7 
  • Thunderbird versions prior to 115.7 
  • Firefox versions prior to 122 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all devices running Mozilla products have the latest version(s) installed.
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References

 
 
Multiple Vulnerabilities in VMware Products
Could Allow for Remote Code Execution
 

 

Multiple vulnerabilities have been discovered in VMware vCenter Server and Cloud Foundation, the most severe of which could allow for remote code execution. VMware vCenter Server is the centralized management utility for VMware. VMware Cloud Foundation is a multi-cloud platform that provides a full-stack hyperconverged infrastructure (HCI) that is made for modernizing data centers and deploying modern container-based applications. Successful exploitation of these vulnerabilities could allow for remote code execution in the context of the administrator account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  

 

Affected Systems:

  • VMware vCenter Server versions prior to 8.0U2 
  • VMware vCenter Server versions prior to 8.0U1d 
  • VMware vCenter Server versions prior to 7.0U3o 
  • VMware Cloud Foundation (VMware vCenter Server) versions prior to KB88287 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all devices running VMware products have the latest version(s) installed.
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References


 
Microsoft Teams Abused for Phishing 

AT&T Cybersecurity warns that threat actors are abusing Microsoft Teams to launch phishing attacks: "Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats. Perhaps predictably, this feature has provided malicious actors a new avenue by which to exploit untrained or unaware users." The researchers observed a threat actor using this vector to send phishing lures delivering the DarkGate malware. 

The researchers conclude, "Unless absolutely necessary for daily business use, disabling External Access in Microsoft Teams is advisable for most companies, as email is generally a more secure and more closely monitored communication channel."