A Vulnerability in Google Chrome
Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
Risk
- Large and medium business entities: High
- Small business entities: High
Remediation Recommendations
- Ensure all devices with Google Chrome have the latest version installed.
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Vulnerability in Apple Products
Could Allow for Arbitrary Code Execution
A vulnerability has been discovered in multiple Apple products which could allow for Arbitrary Code Execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
-
Safari versions prior to 17.4.1
-
macOS Sonoma versions prior to 14.4.1
-
macOS Ventura versions prior to 13.6.6
Risk
- Large and medium business entities: Medium
- Small business entities: Medium
Remediation Recommendations
- Ensure all Apple products have the latest version(s) installed.
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
XZ Utils SSHd Backdoor
On March 29th, 2024, security researcher Andres Freund discovered a backdoor in XZ Utils versions 5.6.0 and 5.6.1. Under certain conditions, this backdoor may allow remote access to the targeted system. This disclosure was posted to the Openwall mailing list. The security researcher mentions that this supply-chain attack was discovered while investigating SSH performance issues. This vulnerability is being tracked as CVE-2024-3094 has been given a CVSS score of 10.
CVE-2024-3094 - Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Continuation of SMS Text Phishing
Threat actors continue to use SMS text messages in phishing campaigns to steal users’ personal data, account information, and funds. SMS-based phishing (SMiShing) may be more effective than email phishing as these messages are viewed on a mobile device, making it more difficult for users to identify potentially malicious communications. This threat is compounded by businesses and organizations' legitimate use of text messages for notification and outreach purposes. Users may also be fatigued by the number of text messages they receive and act on a message by clicking a link or responding impulsively.
SMiShing messages typically claim to come from a well-known business or organization – such as Amazon, FedEx, UPS, Netflix, or the IRS – and request that the recipient click on a link, often to access a promotion, obtain information about a package delivery, or address a problem with their account. Links may be included within these messages that, if clicked, lead to fraudulent websites that capture user credentials, steal funds, or deliver malware. These messages may also request sensitive information from the user that could facilitate identity theft or account compromise.
AT&T Confirms Data Breach Affecting 73 Million Accounts
AT&T has confirmed that information belonging to 73 million customer accounts has been leaked on the dark web. According to the Record, the data includes Social Security numbers, names, email addresses, mailing addresses, phone numbers, dates of birth, AT&T account numbers, and passcodes. The company stated, "While AT&T has made this determination, it is not yet known whether the data in those fields originated from AT&T or one of its vendors. With respect to the balance of the data set, which includes personal information such as social security numbers, the source of the data is still being assessed....Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set."
