3 min read

Threat Report 9/9/24

Threat Report 9/9/24
Multiple Vulnerabilities in Google Chrome
Could Allow for Arbitrary Code Execution 
 

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  


Affected Systems:

  • Chrome prior to 128.0.6613.119/200 for Windows and Mac 

  • Chrome prior to 128.0.6613.119 for Linux 


Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all devices using Google Chrome have the latest version(s) installed

  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References


Multiple Vulnerabilities in Mozilla Products
Could Allow for Arbitrary Code Execution
 
          

Multiple vulnerabilities have been discovered in Mozilla Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  

Affected Systems:

  • Firefox versions prior to 130 
  • Firefox ESR versions prior to 115.1
  • Firefox ESR versions prior to 128.2


Risk

  • Large and medium business entities: High
  • Small business entities: Medium

Remediation Recommendations

  • Ensure all versions of all Mozilla products are updated to their latest versions 
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it

References




 
Multiple Vulnerabilities in Veeam Products
Could Allow for Arbitrary Code Execution
 
 

Multiple vulnerabilities have been discovered in Veeam Products, the most severe of which could allow for remote code execution. 

  • Veeam Backup & Replication is a proprietary backup app. 
  • Veeam ONE is a solution for managing virtual and data protection environments. 
  • Veeam Service Provider Console provides centralized monitoring and management capabilities for Veeam protected virtual, Microsoft 365, and public cloud workloads. 
  • Veeam Agent for Linux is a backup agent that's designed Linux Instances. 
  • Veeam Backup for Nutanix. 
  • Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization. 

Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data. 

 

Affected Systems:

  •  Veeam Backup & Replication 12.1.2.172 and all earlier version 12 builds.
  • Veeam Agent for Linux 6.1.2.1781 and all earlier version 6 builds. 
  • Veeam ONE 12.1.0.3208 and all earlier version 12 builds. 
  • Veeam Service Provider Console 8.0.0.19552 and all earlier version 8 builds. 
  • Veeam Backup for Nutanix AHV Plug-In 12.5.1.8 and all earlier version 12 builds. 
  • Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In 12.4.1.45 and all earlier version 12 builds. 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

Remediation Recommendations

  • Ensure all devices utilizing the above software have the latest version(s) installed 
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References




NJCCIC Warns of Recent Increase in Keylogger Distribution

         

The New Jersey Cybersecurity and Communications Integration Cell’s (NJCCIC) email security solution observed a recent surge in campaigns disseminating 404 Keylogger infostealing malware. 404 Keylogger, also known as SnakeKeylogger, is both a downloader and an information-stealing malware. This malware-as-a-service can steal credentials, log keystrokes, capture screenshots, harvest emails, and grab clipboard data. 

The most recent email campaign includes messages claiming to be requests for invoices and product inquiries. The emails contain compressed executables disguised as Microsoft Word documents utilizing Packager Shell Objects (OLE) to exploit vulnerabilities found in Equation Editor. Upon successful exploitation, the LCG Kit downloads and installs AgentTesla and 404 Keylogger. 

In another campaign, the phishing emails contained Microsoft Excel attachments. OLE was also utilized to download an HTML Application (HTA) file, which invoked PowerShell to download an executable file to install 404 Keylogger. Once installed, 404 Keylogger issues further PowerShell commands to evade detection and edit scheduled tasks to maintain persistence on the victim’s device. Another security researcher recently alerted users to an uptick in 404 Keylogger attacks; however, the attack vector has not been disclosed despite calling it a zero-day detection.




Voldemort Malware Delivered via Social Engineering 

         

Proofpointdescribesa social engineering campaign that's impersonating tax authorities in Europe, Asia, and the US in order to deliver a custom strain of malware dubbed "Voldemort." The researchers explain, "The attack chain comprises multiple techniques currently popular within the threat landscape as well as uncommon methods for command and control (C2) like the use of Google Sheets. Its combination of the tactics, techniques, and procedures (TTPs), lure themes impersonating government agencies of various countries, and odd file naming and passwords like 'test' are notable. Researchers initially suspected the activity may be a red team, however the large volume of messages and analysis of the malware very quickly indicated it was a threat actor." 

The researchers don't attribute the activity to any particular threat actor, but they believe the campaign's goal is cyberespionage. 

 

Threat Report 9/19/24

Threat Report 9/19/24

Multiple Vulnerabilities in Google ChromeCould Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered in Google Chrome,...

Read More
Threat Report 9/9/24

Threat Report 9/9/24

Multiple Vulnerabilities in Google ChromeCould Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered in Google Chrome,...

Read More
Threat Report 8/16/24

Threat Report 8/16/24

Multiple Vulnerabilities in Google ChromeCould Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered in Google Chrome,...

Read More