HTG Threat Report

Threat Report 9/7/23

Written by Evan Kennedy | Sep 7, 2023 6:58:00 PM

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 

 

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

 

Affected Systems:

  • Chrome versions prior to 116.0.5845.180 for Windows
  • Chrome versions prior to 116.0.5845.179 for Mac and Linux

Risk

  • Large and medium business entities: High
  •  Small business entities: Medium

Remediation Recommendations

  • Ensure devices using Google Chrome have the latest version(s) installed.
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it.


References:
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html

 

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  

Affected Systems:

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.

· Mozilla Firefox is a web browser used to access the Internet.

· Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.

· Mozilla Thunderbird is an email client.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Affected Systems:

  • Firefox ESR versions prior to 102.15
  • Firefox ESR versions prior to 115.2
  • Firefox versions prior to 117
  • Thunderbird versions prior to 102.15
  • Thunderbird versions prior to 115.2


Risk

  • Large and medium business entities: High
  •  Small business entities: Medium

Remediation Recommendations

  •  Ensure all Mozilla products have the latest version available installed.
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References:

 

Multiple Vulnerabilities in ChromeOS
Could Allow for Arbitrary Code Execution

 

Multiple vulnerabilities have been discovered in ChromeOS, the most severe of which could allow for arbitrary code execution. ChromeOS is a Linux-based operating system developed and designed by Google. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

 

Affected Systems:

  • ChromeOS versions prior to 116.0.5845.120 (Platform version: 15509.63.0)

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

Remediation Recommendations

  • Ensure all devices running ChromeOS are updated to their latest versions.
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html

 

 
 
 

Security Advisory - CVE-2023-38831 - WinRAR

 
On August 23rd, information regarding critical vulnerability in WinRAR, a popular tool to open Zip files and other archives, was made public. This vulnerability allows an attacker to execute code on a computer, via an infected ZIP file. If the ZIP file is unpacked by a vulnerable version of WinRAR, a malicious payload is released and executed. This can expose an affected computer to password and data leaks and create a point of entry to your network.
 

Affected Systems: 

  • WinRAR versions prior to v6.23

 

Remediation Recommendations 

  • Ensure WinRAR is updated to the latest version.
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References 

CVE-2023-38831 Detail

The Emergence of a New Ransomware Threat

 

Flashpoint is tracking a new threat actor called “Ransomed” that conducts data theft and uses a new tactic to coerce victims into paying the ransom: “Ransomed is leveraging an extortion tactic that has not been observed before—according to communications from the group, they use data protection laws like the EU’s GDPR to threaten victims with fines if they do not pay the ransom. This tactic marks a departure from typical extortionist operations by twisting protective laws against victims to justify their illegal attacks.”

The group sets ransom demands between €50,000 and €200,000—relatively low compared to the fines typically imposed under GDPR. It’s worth noting that this tactic depends on the victim concealing the breach, which could lead to even heftier fines if this comes to light later on.