Multiple Vulnerabilities in Google Chrome
Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the user's associated privileges, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.
Affected Systems:
- Chrome versions prior to 125.0.6422.141/.142 for Windows and Mac
- Chrome versions prior to 125.0.6422.141 for Linux
Risk
- Large and medium business entities: High
- Small business entities: High
Remediation Recommendations
- Ensure all devices with Google Chrome have the latest version installed
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Multiple Vulnerabilities in Fortinet FortiSIEM
Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Fortinet FortiSIEM which could allow for remote code execution. FortiSIEM is a multi-tenant SIEM that offers real-time infrastructure and user awareness for precise threat detection, analysis, and reporting. Successful exploitation could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
- Fortinet FortiSIEM versions 7.1.0 - 7.1.1, 7.0.0 - 7.0.2, 6.7.0 - 6.7.8, 6.6.0 - 6.6.3, 6.5.0 - 6.5.2, 6.4.0 - 6.4.2
Risk
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all devices utilizing FortiSIEM has the latest version(s) installed
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
A Vulnerability in Check Point Security Gateways
Could Allow for Credential Access
A vulnerability has been discovered in Check Point Security Gateway Products that could allow for credential access. A Check Point Security Gateway sits between an organization’s environment and the Internet to enforce policy and block threats and malware. Successful exploitation of this vulnerability could allow for credential access to local accounts due to an arbitrary file read vulnerability. Other sensitive files such as SSH keys and certificates may also be read. Depending on the privileges associated with the accounts, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Local accounts that are configured to have fewer rights on the system could be less impacted than those that operate with administrative rights.
Affected Systems:
- Quantum Security Gateway and CloudGuard Network Security prior to R81.20, R81.10, R81, R80.40
- Quantum Maestro and Quantum Scalable Chassis prior to R81.20, R81.10, R80.40, R80.30SP, R80.20SP
- Quantum Spark Gateways prior to R81.10.x, R80.20.x, R77.20.x
Risk
- Large and medium business entities: High
- Small business entities: High
Remediation Recommendations
- Ensure all devices utilizing the above software have the latest version installed
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Multiple Vulnerabilities in Progress Telerik Report Server
Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Progress Telerik Report Server, which could allow for remote code execution. Telerik Report Server provides centralized management for Progress’ business intelligence reporting suite through a web application. Successful chain exploitation of these vulnerabilities could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Services whose accounts are configured to have fewer rights on the system could be less impacted than those that operate with administrative rights.
Affected Systems:
- Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.514)
Risk
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all systems running Progress Telerik Report Server have the latest version installed
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Ticketmaster Breach Affects 560 Million Users
On May 31, Ticketmaster’s parent company, Live Nation Entertainment, revealed in an 8-K filing with the federal Securities and Exchange Commission that it had discovered unauthorized activity regarding Ticketmaster data about a week and a half earlier. A public company files an 8-K when an unexpected major event occurs of interest to shareholders and investors. Live Nation’s investigation found that the data was for sale on the dark web, the secretive corridors of the internet where criminals barter illegally obtained consumer information.
The hacker group ShinyHunters is responsible for the theft of 1.3 terabytes of personally identifiable information, impacting 560 million Ticketmaster customers.
