HTG Threat Report

Threat Report 8/17/23

Written by Evan Kennedy | Aug 17, 2023 2:32:00 PM

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 

 

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the user's associated privileges, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

 

Affected Systems:

  • Google Chrome versions prior to 116.0.5845.96/.97 for Windows. 
  • Google Chrome versions prior to 116.0.5845.96 for Mac and Linux. 

Risk

  • Large and medium business entities: High
  •  Small business entities: Medium

Remediation Recommendations

  • Ensure devices using Google Chrome have installed the latest version(s).
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References:
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html

Critical Patches Issued for
Microsoft Product
s
 

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  

Affected Systems:

  • Popular Microsoft products and services including, but not limited to, .NET Core and Framework, Office, and Visual Studio 

Risk

  • Large and medium business entities: High
  •  Small business entities: Medium

Remediation Recommendations

  • Ensure all Microsoft products have the latest version available installed. 
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References:

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

 

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.

 

Affected Systems:

  • Android OS patch levels prior to 2023-08-05 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

Remediation Recommendations

  • Ensure all devices running Android OS are updated to their latest versions.
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References

https://source.android.com/docs/security/bulletin/2023-08-01#2023-08-05-security-patch-level-vulnerability-details

 

 
 
 

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 

 
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
 

Affected Systems: 

  • Acrobat DC versions 23.003.20244 and earlier  
  • Acrobat Reader DC versions 23.003.20244 and earlier  
  • Acrobat 2020 versions 20.005.30467 and earlier 
  • Acrobat Reader 2020 versions 20.005.30467 and earlier
  • Adobe Commerce versions 2.4.6-p1 and earlier
  • Adobe Commerce versions 2.4.5-p3 and earlier
  • Adobe Commerce versions 2.4.4-p4 and earlier
  • Adobe Commerce versions 2.4.3-ext-3 and earlier
  • Adobe Commerce versions 2.4.2-ext-3 and earlier
  • Adobe Commerce versions 2.4.1-ext-3 and earlier
  • Adobe Commerce versions 2.4.0-ext-3 and earlier
  • Adobe Commerce versions 2.3.7-p4-ext-3 and earlier
  • Magento Open Source 2.4.6-p1 and earlier
  • Magento Open Source 2.4.5-p3 and earlier Magento Open Source 2.4.4-p4 and earlier 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium
 

Remediation Recommendations 

  • Ensure all Adobe products are updated to their latest versions 
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References 

 

Phishing Scam Targets Executives 

Proofpoint is tracking “a dramatic surge of over 100% in successful cloud account takeover incidents impacting high-level executives at leading companies.” The threat actors used the EvilProxy phishing tool to target executives at more than one-hundred organizations around the world between March and June of 2023. The researchers state, “Amongst the hundreds of compromised users, approximately 39% were C-level executives of which 17% were Chief Financial Officers, and 9% were Presidents and CEOs. Attackers have also shown interest in lower-level management, focusing their efforts on personnel with access to financial assets or sensitive information.”