Threat Report 12/10/24
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution Multiple vulnerabilities have been discovered in Google Android...
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
Risk:
Remediation Recommendations
References
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
Risk:
Remediation Recommendations
References
A vulnerability has been discovered in Mozilla products, which could allow for arbitrary code execution.
· Mozilla Firefox is a web browser used to access the Internet.
· Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
· Mozilla Thunderbird is an email client.
Successful exploitation of this vulnerability could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
Risk:
Remediation Recommendations
References
https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
· Adobe Acrobat is used to view, create, print, and manage PDF files
· Adobe Reader is used to view, create, print, and manage PDF files
· Adobe Experience Manager is a comprehensive content management solution for building websites, mobile apps and forms
· Adobe Connect is a suite of software for remote training, web conferencing, presentation, and desktop sharing
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
Risk:
Remediation Recommendation
References
DTEX Systems has published a report conducted by the Ponemon Institute looking at the costs of insider risk: “The average annual cost of an insider risk has increased to $16.2M – a 40% increase over four years.
Meanwhile, the average number of days to contain an insider incident has increased to 86 days.” The report also found that the vast majority (90%) of insider risk budgets are spent after an insider incident has already occurred: “Only 10% of insider risk management budget (averaging $63,383 per incident) was spent on pre-incident activities: $33,596 on monitoring and surveillance, and $29,787 on ex-post analysis (this includes activities to minimize potential future insider incidents and steps taken to communicate recommendations with key stakeholders). The remaining 90% (averaging $565,363 per incident) was spent on post-incident activity cost centers: $179,209 on containment, $125,221 on remediation, $117,504 on investigation, $113,635 on incident response, and $29,794 on escalation.”
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution Multiple vulnerabilities have been discovered in Google Android...
Critical Patches Issued for Microsoft Products Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could...
Multiple Vulnerabilities in Microsoft Edge (Chromium-Based) Could Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered...