Threat Report 12/10/24
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution Multiple vulnerabilities have been discovered in Google Android...
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Systems:
Risk
Remediation Recommendations
References:
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Systems:
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.
· Mozilla Firefox is a web browser used to access the Internet.
· Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
· Mozilla Thunderbird is an email client.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Systems:
Risk
Remediation Recommendations
References:
Multiple vulnerabilities have been discovered in ChromeOS, the most severe of which could allow for arbitrary code execution. ChromeOS is a Linux-based operating system developed and designed by Google. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Systems:
Risk
Remediation Recommendations
References
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html
Affected Systems:
Remediation Recommendations
References
Flashpoint is tracking a new threat actor called “Ransomed” that conducts data theft and uses a new tactic to coerce victims into paying the ransom: “Ransomed is leveraging an extortion tactic that has not been observed before—according to communications from the group, they use data protection laws like the EU’s GDPR to threaten victims with fines if they do not pay the ransom. This tactic marks a departure from typical extortionist operations by twisting protective laws against victims to justify their illegal attacks.”
The group sets ransom demands between €50,000 and €200,000—relatively low compared to the fines typically imposed under GDPR. It’s worth noting that this tactic depends on the victim concealing the breach, which could lead to even heftier fines if this comes to light later on.
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution Multiple vulnerabilities have been discovered in Google Android...
Critical Patches Issued for Microsoft Products Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could...
Multiple Vulnerabilities in Microsoft Edge (Chromium-Based) Could Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered...