HTG Threat Report

Threat Report 5/2/24

Written by Evan Kennedy | May 16, 2024 2:19:22 PM
A Vulnerability in Google Chrome
Could Allow for
Arbitrary Code Execution
 
     

Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the user's associated privileges, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights. 


 

Affected Systems:

  • Chrome versions prior to 124.0.6367.118/.119 for Windows and Mac
  • Chrome versions prior to 124.0.6367.118 for Linux 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all devices with Google Chrome have the latest version installed.
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References

 
Verizon Releases 2024 Data Breach Investigations Report   
        

Verizon hasreleasedits Data Breach Investigations Report (DBIR) for 2024, finding that ransomware and related extortion attacks were responsible for 32% of all breaches last year. Additionally, exploitation of vulnerabilities as an initial access point tripled last year compared to 2022, accounting for 14% of breaches. The researchers note, "This spike was driven primarily by the increasing frequency of attacks targeting vulnerabilities on unpatched systems and devices (zero-day vulnerabilities) by ransomware actors. The MOVEit software breach was one of the largest drivers of these cyberattacks, first in the education sector and later spreading to finance and insurance industries. 

 

The report also notes that "[m]ost breaches (68%), whether they include a third party or not, involve a non-malicious human element, which refers to a person making an error or falling prey to a social engineering attack." 


 
Change Healthcare Hackers Gained Access
via Stolen Credentials & Lack of MFA
 
 

UnitedHealth Group CEO Andrew Witty has provided his written testimony for his appearance before Congress on May 2nd, disclosing that the Change Healthcare hackers gained initial access via stolen credentials against a Citrix portal that did not have multifactor authentication enabled, TechCrunch reports. Witty stated, "Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data. Ransomware was deployed nine days later." He added that he made the decision to pay the ransom, and that the threat actors stole "files containing protected health information (PHI) and personally identifiable information (PII), which could cover a substantial proportion of people in America." 



 
U.S. Senate Passes Bill to Ban TikTok 

 

On April 23rd, the US Senate passed legislation that would force TikTok's parent company ByteDance to sell the platform or face a ban in the United States, the Associated Pressreports. President Biden has since signed the bill. Senate Commerce Committee Chairwoman Maria Cantwell stated, "Congress is not acting to punish ByteDance, TikTok or any other individual company. Congress is acting to prevent foreign adversaries from conducting espionage, surveillance, maligned operations, harming vulnerable Americans, our servicemen and women, and our U.S. government personnel." 


 
JP Morgan Discloses Breach 

 

JP Morgan has disclosed a data breach that affected more than 451,000 individuals, Cybernewsreports. The bank said in anotification to the Maine Attorney General's office that a software issue gave three of its employees access to information they weren't entitled to see, including names, addresses, Social Security numbers, payment and deduction amounts, and in some cases bank routing and account numbers. The company is offering two years of Experian identity theft protection to affected customers, adding that there's been no indication of data misuse so far.