Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Cyber Security Briefing, 16 - 22 December
New 0-day in Google Chrome
Google released its eighth emergency update so far this year to patch a new 0-day vulnerability in Chrome, discovered by Google's Threat Analysis Group (TAG).
The flaw, known as CVE-2023-7024, would allow buffer overflow in WebRTC. This flaw could be exploited by an attacker to execute malicious code or cause unwanted behavior in the application using WebRTC.
Although Google would not have the patch ready for a few days, the browser update is now available and all users are urged to update to version 120.0.6099.129 on Mac and Linux devices and to version 120.0.6099.129/130 on Windows.
Ivanti fixes multiple critical vulnerabilities
The company Ivanti issued a security advisory in which it fixes a total of 20 vulnerabilities, 13 of which are considered critical. These security flaws affect the Avalanche mobile device management solution and are due to a flaw in the WLAvalancheService stack or buffer overflow weaknesses.
According to the company, a threat actor could exploit these vulnerabilities by sending specially crafted data packets to the mobile device server triggering a denial of service (DoS) condition or allowing remote code execution without requiring interaction from the user of the vulnerable device.
It should be noted that the rest of the vulnerabilities have been categorized as medium and high risk. It is recommended to update the asset to the latest version of Avalanche 6.4.2, since these security flaws are affected in versions of Avalanche 6.3.1 and higher.
CISA calls for an end to default passwords
The Cybersecurity Agency CISA has issued an advisory calling on technology manufacturers to stop using default passwords on their devices and software.
They claim that using this type of password can be used by threat actors to gain access to those devices. Instead of using a single default password, they recommend that manufacturers provide unique and tailored configuration passwords for each product. It also suggests implementing temporary passwords that are disabled after initial configuration, as well as promoting the use of phishing-resistant multi-factor authentication.
CISA had already issued a similar warning ten years ago, highlighting the risks associated with default passwords, especially in critical infrastructures.
MongoDB Security Incident Exposes Customer Data
MongoDB, a database management company, has suffered a security incident that resulted in unauthorized access to corporate systems. The intrusion, identified on December 13, triggered an immediate investigation.
Customer account metadata and contact information were reportedly exposed, raising concerns about possible misuse of sensitive data. Although the company immediately activated its incident response upon discovering suspicious activity, it is believed that the unauthorized access may have taken place long before detection.
MongoDB's CISO, Lena Smart, notified customers about the incident via email, warning of potential social engineering and phishing threats; further recommending that all users enable multi-factor authentication on their accounts and change passwords.
MongoDB assures so far that there are no indications of data exposure in MongoDB Atlas, its cloud database service.
Terrapin, a new attack targeting OpenSSH connections
Academic researchers at Ruhr-University Bochum have developed a new attack they have named Terrapin, which exploits weaknesses in the SSH transport layer protocol. Attackers manipulate sequence numbers through Terrapin and are able to delete or modify messages exchanged over the communication channel, leading to the degradation of public key algorithms used for user authentication and to disable protection against attacks on OpenSSH.
The researchers also disclosed implementation flaws in AsyncSSH and have classified the vulnerabilities as CVE-2023-48795, CVE-2023-46445, CVSSv3 5.9 and CVE-2023-46446, CVSSv3 6.8. It should be noted that for successful exploitation, attackers must be in MiTM (Man in The Middle) position to intercept and modify the link protocol change, as well as the connection being secured by ChaCha20-Poly1305 or CBC with Encrypt-then-MAC.
Some vendors are mitigating the failures, although there is not yet a universal solution.
Image by Freepik.
