Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities.jpg)
Cyber Security Briefing, 28 October - 3 November
Google patches 15 vulnerabilities in Chrome
Google released Chrome 119 patching a total of 15 vulnerabilities, of which three of these security flaws are considered high severity. Specifically, these are described as improper implementation in Payments (CVE-2023-5480), insufficient data validation in USB (CVE-2023-5482) and USB integer overflow (CVE-2023-5849).
In addition, eight of the remaining ten vulnerabilities reported by external researchers have a medium severity rating and two have a low severity rating. The medium severity ones affect components such as printing, profiles, reading mode and Chrome side panel, as well as improper security issues in the user interface and improper deployment flaws in downloads. While the low severity ones include issues in WebApp Provider and Picture In Picture UI.
So far, there is no mention of these vulnerabilities being exploited in the wild. And as usual, Google is keeping access to the bugs restricted until most users update. Chrome version 119 is available for Linux, macOS and Windows, with updates for Chrome on Android and iOS.
Spying via WhatsApp Mods
Unknown cybercriminals are targeting Arabic-speaking users with spyware-type malware distributed through user-created WhatsApp mods that customize or add new features to the application.
These mods, initially harmless, were injected with malicious code and have been active since mid-August 2023. Their main distribution channel has been through various Telegram channels that have thousands of followers. During the month of October, Kaspersky has thwarted more than 340,000 attacks of this new spyware in more than one hundred countries, the most affected being Azerbaijan, Saudi Arabia, Yemen, Turkey and Egypt.
These mods have also been found on unofficial websites. It is recommended to use only official downloads to avoid becoming a victim of these attacks.
Flaw in Apple devices exposes users' MAC addresses
An investigation by Ars Techica has shown that Apple's privacy feature that hid users' MAC (Media Access Control) address when connecting to Wifi was not working properly. According to the published report, this feature was created with the aim of randomizing MAC addresses, which are sent when connecting to the network, to avoid tracking users' Wifi connections.
However, as it malfunctioned, Apple devices continued to display the real MAC address instead of the randomized private one, which in turn was transmitted to all devices connected to the network. The vulnerability that prevented this feature from working properly, CVE-2023-42846, has now been patched by Apple in iOS 17.1.
Apple has not provided details about how this security flaw has gone unnoticed for three years, stating only that the vulnerable code has been removed.
34 vulnerable Windows drivers identified
VMware's team of researchers has published research in which they point out that 34 WDM and WDF Windows drivers are vulnerable. The experts specifically point out that threat actors could exploit them without the need for privileges with the ability to gain full control of the devices and execute arbitrary code. Some of the drivers that have vulnerability records are PDFWKRNL.sys, CVE-2023-20598 and CVSSv3 of 7.8, or TdkLib64.sys, CVE-2023-35841.
It should be noted that a total of 6 drivers would allow access to kernel memory, which could be exploited to escalate privileges and override security solutions. On the other hand, 12 drivers could be exploited to subvert security mechanisms and 7 others could be used to erase firmware in SPI flash memory, rendering the system unbootable. Some of them are already patched to prevent this type of problem.
New Lazarus campaign against software vendor
The Lazarus Group has been linked to a new cyber-attack campaign targeting an unnamed software vendor. According to a note published by security firm Kaspersky, the Lazarus Group has exploited a vulnerability in a high-profile software vendor to compromise its victims.
The attack chain involved the deployment of malware such as SIGNBT and LPEClient, although the exact method of distribution has not been disclosed. The software vendor had apparently been previously attacked by Lazarus, suggesting an attempt to steal source code or disrupt the supply chain.
The report does not mention victims or the vulnerabilities exploited; it is only known that these were not new and the vendor had not fixed them despite warnings. It also states that several targets were attacked via legitimate web communications encryption software.
Kaspersky finally emphasizes that these attacks highlight the dangerousness of exploiting vulnerabilities in high-profile software to spread malware after initial infections; and that Lazarus has demonstrated a continuous effort to improve the sophistication and effectiveness of its malware.
.jpg "Responsible disclosure of vulnerabilities: Sometimes earlier is not better")
Image from Freepik.
