Google Chrome emergency update fixes 6th zero-day exploited in 2023
Google has fixed the sixth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks.
The company acknowledged the existence of an exploit for the security flaw (tracked as CVE-2023-6345) in a new security advisory published today.
« Google is aware that an exploit for CVE-2023-6345 exists in the wild, » the company said.
The vulnerability has been addressed in the Stable Desktop channel, with patched versions rolling out globally to Windows users (119.0.6045.199/.200) and Mac and Linux users (119.0.6045.199).
Analysis from our SOC team
Google’s swift response to the sixth Chrome zero-day vulnerability this year highlights the persistent threat landscape. Acknowledging the active exploitation also underscores the urgency of immediate updates.
Organizations and users must prioritize updating Chrome to the latest versions (119.0.6045.199/.200) to mitigate the risk of potential attacks leveraging this vulnerability.
If you require assistance with your vulnerability management, do not hesitate to contact our SOC.
Identity services provider Okta has disclosed that it detected « additional threat actor activity » in connection with the October 2023 breach of its support case management system.
« The threat actor downloaded the names and email addresses of all Okta customer support system users, » the company said in a statement shared with The Hacker News.
The company also told the publication that while it does not have any evidence of the stolen information being actively misused, it has taken the step of notifying all customers of potential phishing and social engineering risks.
Okta, which has enlisted the help of a digital forensics firm to support its investigation, further said it « will also notify individuals that have had their information downloaded. »
Analysis from our SOC team
The extraction of names and email addresses increases the risk of targeted phishing attacks.
Organizations should remain vigilant, educate users on phishing risks, and implement additional security measures in response to potential follow-up attacks. Most of the time, names and emails are enough for a threat actor to launch phishing or social engineering attacks.
Don’t hesitate to contact us if you would like to use the expertise of our Awareness Team to educate and inform your end users.
Security experts have urged ownCloud customers to mitigate a critical zero-day vulnerability in its “graphapi” app announced last week, after observing mass exploitation by threat actors.
Security vendor GreyNoise raised the alarm after file server and collaboration platform ownCloud revealed the CVSS 10.0-rated vulnerability on November 21.
“The ‘graphapi’ app relies on a third-party library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo),” ownCloud said at the time. “This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key.”
In short, exploitation could allow malicious actors to take full administrative control of servers running ownCloud.
Analysis from our SOC team
The zero-day vulnerability in ownCloud’s « graphapi » app, with a CVSS rating of 10.0, demands immediate attention. The risk lies in the exposure of sensitive PHP environment details, potentially granting full administrative control to attackers.
ownCloud users must urgently mitigate this threat by conducting security assessments, and applying patches once available. Regular monitoring for anomalous activities is crucial to detect potential exploitation attempts.
The Approach SOC team remains available to help you implement vulnerability management and best practice.
Specially crafted malicious PDF documents can trigger a vulnerability listed below and lead to Remote Code Execution (RCE) when opened by a vulnerable version of Foxit PDF. If a user is using the browser plugin extension, the vulnerabilities can be triggered by opening a malicious PDF in the web browser or by visiting a malicious site.
The Centre for Cyber Security Belgium is aware of older vulnerabilities in Foxit PDF (CVE-2023-27363) being actively exploited. The CCB assesses threat actors will likely try to exploit these vulnerabilities.
Analysis from our SOC team
2023 is the year where we have seen, and still are seeing, frequent malicious advertisements on Google to lure people into installing malware instead of the program they’re looking for.
It’s important to bring awareness to users about threats like this as most users often click the first link on Google without thinking. As the first link is often an advertisement, it’s an easy trap for unsuspecting employees to fall in to.
Don’t hesitate to contact us to make use of the expertise from our awareness team to educate and inform your end users.
