Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities.jpg)
Cyber Security Briefing, 23 - 29 September
Google patches an actively exploited Chrome 0-day
Google has released a new security update for Chrome patching a total of ten security flaws, including three high severity vulnerabilities. Among the patched flaws is a 0-day being exploited in attacks since early 2023, named CVE-2023-5217, which is caused by a buffer overflow weakness in the VP8 encoding of the libvpx library.
The impact of this vulnerability ranges from application crashes to arbitrary code execution by an attacker. The other two vulnerabilities are use-after-free and affect Passwords (CVE-2023-5186) and Extensions (CVE-2023-5187).
According to Google, the 117.0.5938.132 update will be available for Windows, Mac and Linux in the coming days. The company has also stated that it will not disclose further details about the bugs until the patches have been deployed to the majority of users for security reasons.
Mozilla patches high-severity vulnerabilities in Firefox and Thunderbird
Mozilla issued security updates for Firefox and Thunderbird, addressing nine vulnerabilities, some of high severity. The Firefox 118 update includes patches for five high-criticality vulnerabilities according to the vendor, which are primarily memory issues with exploitable potential.
- The first two vulnerabilities, CVE-2023-5168 and CVE-2023-5169, involve out-of-bounds write issues in browser components.
- The third security flaw, CVE-2023-5170, is a memory leak that could allow escape from the test environment.
Another vulnerability, CVE-2023-5171, was found in the Ion compiler and could lead to a potentially exploitable crash. CVE-2023-5172, which involves memory corruption issues, was also resolved.
Likewise, for Thunderbird multiple memory security bugs were patched, CVE-2023-5176, with risk of code execution. Although no malicious attacks are mentioned, Mozilla emphasizes that these updates are critical to protect systems.
Progress Software warns of critical vulnerabilities in WS_FTP Server
Progress Software, developer of MoveIT Transfer, whose vulnerabilities have been massively exploited by the Cl0p ransomware group, has warned of two critical vulnerabilities in WS_FTP Server, its FTP server software solution.
Progress has released two new security updates that patch a total of eight vulnerabilities, including two critical and three high severity.
- The first critical vulnerability, CVE-2023-40044, would allow a previously authenticated attacker to exploit a .NET deserialisation vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying server.
- The second critical vulnerability, CVE-2023-42657, supports directory traversal attacks. This could allow an attacker to manipulate paths to access, delete, or modify files outside of their permitted directories. Vulnerabilities CVE-2023-40045, CVE-2023-40047, CVE-2023-40046, CVE-2023-40048, CVE-2022-27665 and CVE-2023-40049 have also been identified.
Three Apple 0-days exploited to distribute Predator malware
Researchers at Citizen Lab, in collaboration with Google's Threat Analysis Group (TAG), published an investigation in which they report on the exploitation of three Apple 0-day vulnerabilities to install the Predator spyware.
These security flaws were patched last Thursday by the company, and according to experts they were previously exploited to infect the mobile device of Ahmed Eltantawy, a candidate in Egypt's 2024 presidential election.
According to the researchers, malicious actors had exploited the vulnerabilities CVE-2023-41993, exploited for remote code execution in Safari using maliciously crafted web pages, followed by the flaw CVE-2023-41991, which allows signature validation to be bypassed, and finally CVE-2023-41992, which causes kernel privilege escalation. It should be noted that these actions would have taken place between May and September 2023, using SMS and WhatsApp messages as an input vector.
ZeroFont: new Outlook phishing technique
A report by ISC Sans has revealed a new phishing technique, in which zero-point fonts are used to make malicious emails appear to be safely scanned by Microsoft Outlook security tools.
This technique, called ZeroFont, involves inserting hidden words or characters into emails by setting the font size to zero, making the text invisible to people and keeping it readable with NLP algorithms.
Security filters are evaded by inserting these invisible characters, along with suspicious content, distorting the AI's interpretation of the content and the outcome of security checks.
A victim receiving the email with a previous message from the security scan may believe that it is a legitimate email.
Image from Rawpixel.com on Freepik.
.jpg "Artificial Intelligence risks: injecting prompts into chatbots")
