Featured Story
Critical Remote Code Execution Vulnerability in WinRAR (CVE-2023-40477)
WinRAR versions prior to 6.23 are affected by a critical RCE vulnerability (CVE-2023-40477) caused by improper validation of user-supplied data during recovery volume processing. Exploitation requires user interaction, such as opening a crafted archive file.
WinRAR is commonly used across Windows environments, making this vulnerability a high-priority target. We recommend:
- Updating to WinRAR version 6.23 immediately
- Avoiding decompression of files from unknown sources
- Implementing endpoint protection against archive-based attacks
Our SOC can assist with patch validation and incident response in case of suspicious file activity.
Other Stories
Researchers Release PoC for Ivanti Sentry Flaw (CVE-2023-38035)
A proof-of-concept exploit has been published for a critical Ivanti Sentry vulnerability (CVSS 9.8), enabling unauthenticated access to internal APIs. This flaw impacts Sentry versions 9.18 and earlier and can lead to remote command execution or file modification.
Mitigation steps:
- Restrict MICS access to internal networks only
- Patch to the latest version immediately
- Review logs for suspicious access to port 8443
Our SOC can help with threat hunting and verification.
New Variant of XLoader macOS Malware Masquerades as “OfficeNote” App
A new variant of XLoader malware is targeting macOS users via a fake app named “OfficeNote.dmg.” Though the app fails to open visibly, it secretly installs a Launch Agent for persistence and harvests sensitive browser data from Chrome and Firefox.
Recommendations:
- Deploy cross-platform endpoint protection
- Monitor macOS LaunchAgents and startup scripts
- Limit installation of unsigned apps
Contact us if your organization needs macOS threat detection and response guidance.
Chrome’s First Weekly Security Update Fixes Multiple High-Severity Bugs
Google has released Chrome 116.0.5845.110/.111, addressing five memory safety flaws, including a use-after-free vulnerability (CVE-2023-4430) in Vulkan. Weekly patching aims to shorten exposure windows for n-day attacks.
We encourage all users to:
- Enable automatic browser updates
- Update Chrome weekly going forward
- Validate patch deployment in enterprise environments
Let our SOC assist with patch compliance and browser hardening.
Tech Support Scams Are Back – Pop-Ups Impersonate Microsoft
Safeonweb reports an increase in tech scams involving fake pop-ups claiming the victim’s system is blocked. Users are urged to call fake support numbers and provide remote access or payment information.
Tips to avoid tech scams:
- Ignore browser pop-up warnings asking to call numbers
- Reboot the system to remove the message
- Report suspicious messages to:
Our SOC is available for phishing awareness and incident triage.
