Patch Now: Another Google Zero-Day Under Exploit in the Wild
Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it’s addressed in the past week.
« Google is aware that an exploit for CVE-2024-4947 exists in the wild, » according to the advisory, released May 15.
The bug also affects Chromium-based browsers such as Microsoft Edge; Microsoft said that it’s working on a fix.
Analysis from our SOC team
For the seventh time this year, third time this week, Google is forced to update its browser. Microsoft, whose Edge browser is based on the same engine, is affected too.
Browsers are ubiquious in our connected world. The Chromium engine being used by the two leading browsers on the market is a favourite target of threat agents that are willing to abuse vulnerabilities.
A worrying trend is that the vulnerabitlities are exploited faster and faster. Last year, it was still acceptable to wait for one month before upgrading a browser. This is no longer the case.
A message is currently circulating that abuses the logo and name of the Centre for Cybersecurity Belgium (CCB). In the message, you are encouraged to deposit € 190 only to be refunded € 90,450 just like that.
It is clearly an attempted scam. This message does not originate from the CCB.
Analysis from our SOC team
Scammers tend to abuse the most known and common names to acheive their goals.
The fact that they are abusing the colors of the very same entity that is fighting them is quite funny. It indicates scammers are aware of the work of the CCB and that the reporting email suspicious@safeonweb.be is really efficient to hurt their business.
[…] This document caught our attention because it had a rather descriptive file name, which indicated that it contained information about a vulnerability in Windows OS. Inside we found a brief description of a Windows Desktop Window Manager (DWM) vulnerability and how it could be exploited to gain system privileges, everything written in very broken English. The exploitation process described in this document was identical to that used in the previously mentioned zero-day exploit for CVE-2023-36033, but the vulnerability was different. Judging by the quality of the writing and the fact that the document was missing some important details about how to actually trigger the vulnerability, there was a high chance that the described vulnerability was completely made up or was present in code that could not be accessed or controlled by attackers. But we still decided to investigate it, and a quick check showed that this is a real zero-day vulnerability that can be used to escalate privileges. We promptly reported our findings to Microsoft, the vulnerability was designated CVE-2024-30051, and a patch was released on May 14, 2024, as part of Patch Tuesday.
After sending our findings to Microsoft, we began to closely monitor our statistics in search of exploits and attacks that exploit this zero-day vulnerability, and in mid-April we discovered an exploit for this zero-day vulnerability. We have seen it used together with QakBot and other malware, and believe that multiple threat actors have access to it.
Analysis from our SOC team
As part of the latest Microsoft Patch Tuesday, the vulnerabitlity CVE-2024-30051 has been fixed. According to Kaspersky researchers, this vulnerability was already being exploited by one of the major malware strain currently active.
If more « zero-day » vulnerabilities like this one tend to pop up on our radars, we should start to worry. It means that threat agents start to be sufficiently funded to discover or buy vulnerabilities and exploit them before software vendors can patch them.
Around half (44%) of cybersecurity professionals struggle to comply with cybersecurity legislation due to its complexity and time consumption, research from Infosecurity Europe has found.
The survey of 200 IT security decision makers analysed perspectives on 12 cybersecurity-related regulations either in force or soon to be enforced, including US Sarbanes-Oxley Act (SOX) and the EU’s NIS2 directive.
Regulations such as SOX were considered ‘very complex’ to comply with by 41% of respondents.
Additionally, three-quarters said the UK’s Data Protection Act (DPA), NIS/NIS2 and the EU Cybersecurity Act were ‘somewhat complex.’
Only with SOX and the EU Cybersecurity Act had over 50% of organisations achieved full compliance, highlighting the difficulties faced in staying up to speed with growing regulatory obligations.
Just 0.50% of respondents said that none of the 12 regulations applied to their organisation.
Analysis from our SOC team
Within Approach Cyber, we have a dedicated team of consultants specialized in compliance management. With the upcoming NIS2 directive coming into force in November this year, they are quite busy with requests from our customers.
In the SOC team we are also affected. Whether we are dealing with managed service (i.e. monitoring your EDR or your SIEM) or with incidents, we ensure that all our actions are in line with the most recent legislative framework.
Millions of IoT devices in sectors such as financial services, telecommunications, healthcare, and automotive are at risk of compromise from several vulnerabilities in a cellular modem technology the devices use to communicate with each other and with centralized servers.
The vulnerabilities in Cinterion modems from Telit include remote code execution flaws, including some that require an attacker to have local access to an affected machine before they can be exploited. The most serious one is a memory heap overflow vulnerability (CVE-2023-47610) that gives remote attackers a way to execute arbitrary code via SMS on affected devices.
Analysis from our SOC team
Internet of Things (IoT) has historically be weak in terms of cybersecurity. The priorities for those devices were ruggedness, low power, reliability, fast-to-market.
But when you connect devices built with such a philosophy to publicly accessible networks, you are calling for trouble.
