Threat Report 12/10/24
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution Multiple vulnerabilities have been discovered in Google Android...
Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
Chrome prior to 123.0.6312.86/.87 for Windows
Chrome prior to 123.0.6312.86 for Mac and Linux
Risk
Remediation Recommendations
References
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html
A vulnerability has been discovered in multiple Apple products which could allow for Arbitrary Code Execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
Safari versions prior to 17.4.1
macOS Sonoma versions prior to 14.4.1
macOS Ventura versions prior to 13.6.6
Risk
Remediation Recommendations
References
On March 29th, 2024, security researcher Andres Freund discovered a backdoor in XZ Utils versions 5.6.0 and 5.6.1. Under certain conditions, this backdoor may allow remote access to the targeted system. This disclosure was posted to the Openwall mailing list. The security researcher mentions that this supply-chain attack was discovered while investigating SSH performance issues. This vulnerability is being tracked as CVE-2024-3094 has been given a CVSS score of 10.
CVE-2024-3094 - Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Threat actors continue to use SMS text messages in phishing campaigns to steal users’ personal data, account information, and funds. SMS-based phishing (SMiShing) may be more effective than email phishing as these messages are viewed on a mobile device, making it more difficult for users to identify potentially malicious communications. This threat is compounded by businesses and organizations' legitimate use of text messages for notification and outreach purposes. Users may also be fatigued by the number of text messages they receive and act on a message by clicking a link or responding impulsively.
SMiShing messages typically claim to come from a well-known business or organization – such as Amazon, FedEx, UPS, Netflix, or the IRS – and request that the recipient click on a link, often to access a promotion, obtain information about a package delivery, or address a problem with their account. Links may be included within these messages that, if clicked, lead to fraudulent websites that capture user credentials, steal funds, or deliver malware. These messages may also request sensitive information from the user that could facilitate identity theft or account compromise.
AT&T has confirmed that information belonging to 73 million customer accounts has been leaked on the dark web. According to the Record, the data includes Social Security numbers, names, email addresses, mailing addresses, phone numbers, dates of birth, AT&T account numbers, and passcodes. The company stated, "While AT&T has made this determination, it is not yet known whether the data in those fields originated from AT&T or one of its vendors. With respect to the balance of the data set, which includes personal information such as social security numbers, the source of the data is still being assessed....Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set."
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution Multiple vulnerabilities have been discovered in Google Android...
Critical Patches Issued for Microsoft Products Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could...
Multiple Vulnerabilities in Microsoft Edge (Chromium-Based) Could Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered...