Featured Story
Urgent: Chrome Zero-Day Vulnerability Exploited in the Wild
Google has patched a critical heap-based buffer overflow vulnerability in Chrome’s WebRTC framework, tracked as CVE-2023-7024. This zero-day is being actively exploited and could allow attackers to crash programs or execute arbitrary code.
It marks the eighth Chrome zero-day exploited in 2023. Users are strongly urged to update to Chrome 120.0.6099.129/130 immediately. The update also applies to Chromium-based browsers once fixes are available.
This vulnerability is under active exploitation. We strongly urge organizations and individuals to update Chrome and all Chromium-based browsers as soon as possible.
Other Stories
Resume Scam Targets Recruiters with “More_Eggs” Malware
Cybercriminal group TA4557 is impersonating job seekers in phishing emails, tricking HR professionals into downloading malware-infected resumes. The campaign delivers the “more_eggs” backdoor, enabling attackers to gain remote access and escalate privileges.
HR teams and hiring managers are highly targeted. Ensure Outlook is updated and raise awareness about malicious attachments disguised as resumes.
Outlook Zero-Click Exploit Combines Sound File and Email
Two chained vulnerabilities in Microsoft Outlook and Windows Media Foundation—CVE-2023-35384 and CVE-2023-36710—can be exploited via a malicious audio file to gain remote code execution with no user interaction.
Always apply security patches promptly. Consider disabling autoplay features and educate teams on identifying suspicious email behaviors.
Agent Tesla Malware Spread Through Excel Vulnerability
Threat actors are exploiting the old Microsoft Office flaw CVE-2017-11882 to distribute Agent Tesla malware through malicious Excel attachments. The trojan enables keylogging, credential theft, and remote access.
Ensure legacy vulnerabilities are not overlooked. This attack highlights how unpatched systems—even six years old—can be devastating.
Safeonweb: Watch Out for Holiday Scams
As holiday shopping increases, so do scams. From fake sales to phishing delivery alerts, cybercriminals are targeting unsuspecting shoppers. Always verify URLs, avoid suspicious links, and forward any fraudulent messages to suspicious@safeonweb.be.
A timely reminder that festive cheer doesn’t extend to cybercriminals. Caution is key. Share Safeonweb’s advice and contact our SOC if you need further support.
