Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild – Update ASAP
Google has released security updates for the Chrome web browser to address a zero-day flaw (CVE-2023-7024) that has been actively exploited.
Discovered by Google’s Threat Analysis Group, the vulnerability is a heap-based buffer overflow bug in the WebRTC framework, posing risks of program crashes or arbitrary code execution. Details about the flaw are withheld to prevent further abuse, and it remains unclear if the impact extends beyond Chrome.
This incident marks the eighth actively exploited zero-day in Chrome in 2023, with users urged to update to Chrome version 120.0.6099.129/130 to mitigate potential threats. Chromium-based browser users are also advised to apply fixes when available.
Analysis from our SOC team
Google’s swift response to the eighth Chrome zero-day vulnerability this year highlights the persistent threat landscape. Acknowledging the active exploitation also underscores the urgency of immediate updates.
Organizations and users must prioritize updating Chrome as well as Chromium-based browser to the latest versions (120.0.6099.129/130) to mitigate the risk of potential attacks leveraging this vulnerability.
If you require assistance with your vulnerability management, do not hesitate to contact our SOC.
A cybercrime group is targeting hiring managers and recruiters in a spear phishing campaign to distribute the « more_eggs » backdoor malware.
The attackers use social engineering tactics, posing as job seekers, and lure victims to download malicious « resume » files. The campaign, orchestrated by threat actor TA4557, employs sophisticated methods to bypass secure email gateways. The attacks start with seemingly benign emails inquiring about job openings, leading to the victim downloading a resume from a fabricated « personal website. »
By exploiting two vulnerabilities individually or in combination, the attackers achieve a zero-click remote code execution exploit against Outlook clients. Users are urged to stay vigilant and apply the latest security patches to mitigate these risks.
The « more_eggs » malware, associated with Russian cyber gangs, operates as a malware-as-a-service (MaaS) and has been linked to previous email campaigns and attacks targeting Russian businesses. TA4557’s unique tactics distinguish it from other threat actors, making attribution challenging.
Analysis from our SOC team
The article highlights that the attack specifically targets recruiters and hiring managers, exploiting their potential vulnerability due to lower awareness.
To address this issue, it is recommended to update Outlook to the latest version, as the attack exploits a vulnerability in the application.
Additionally, exercising caution when reviewing such emails is crucial, and our awareness team is available to provide assistance.
Feel free to reach out to the Approach SOC team for further support.
Researchers have disclosed two security vulnerabilities in Microsoft Outlook that, when combined, allow attackers to execute arbitrary code on affected systems without user interaction.
The flaws, tracked as CVE-2023-35384 and CVE-2023-36710, involve a privilege escalation vulnerability in Outlook and a remote code execution (RCE) vulnerability in Windows Media Foundation related to parsing sound files. By chaining these vulnerabilities, attackers can create a zero-click RCE exploit against Outlook clients.
The first flaw (CVE-2023-35384) allows attackers to trigger the vulnerability by sending an email reminder with a custom notification sound, while the second flaw (CVE-2023-36710) involves autoplaying a malicious sound file downloaded from an attacker-controlled server. Despite a patch issued in August, researchers discovered a second bypass, highlighting the complexity and potential vulnerabilities in the original patch. Users are advised to apply the latest patches to mitigate these risks.
Analysis from our SOC team
In certain sectors, receiving audio files via email is less common. Exercise caution and refrain from opening emails of this nature from unfamiliar sources. It is recommended to install the latest security patches and maintain heightened vigilance against such phishing attempts.
Approach SOC can help provide expertise in creating an awareness campaign educating employees and preventing potential incident.
A resurgence of phishing campaigns exploits an old Microsoft Office vulnerability (CVE-2017-11882) to distribute the Agent Tesla malware. Attackers use invoice-themed emails with decoy Excel documents to trigger the memory corruption flaw in Office’s Equation Editor. Once opened, Excel communicates with a malicious server, downloading additional files and initiating a multi-stage infection process.
The malware, Agent Tesla, is an advanced keylogger and remote access trojan that harvests sensitive information.
Analysis from our SOC team
It appears that threat actors are leveraging old vulnerabilities in their latest attack campaigns, as detailed in the article.
This six-year-old vulnerability is currently being exploited by threat actors. If you haven’t applied the patch, it is crucial to do so promptly and actively seek any signs of potential exploitation.
Reach out to our SOC for assistance if needed.
As the festive season approaches, cybersecurity experts warn of increased cybercriminal activity. Shoppers are advised to stay vigilant and follow essential precautions:
- Be cautious of overly attractive offers, as they may be scams.
- Verify website URLs before making purchases, checking for details like extra letters or dots that could indicate phishing attempts.
- Visit online sales sites by entering the official URL manually rather than clicking on links in suspicious messages.
- Avoid making online purchases on insecure public Wi-Fi networks.
- Be wary of fake delivery notices related to online orders.
- If you receive a suspicious message, forward it to suspicious@safeonweb.be and never share sensitive information.
- In case of a security breach:
- Notify Card Stop immediately if bank or credit card details are compromised.
- Contact your bank to block payments and potentially the account.
- Report the incident to the local police.
Analysis from our SOC team
The festive season began recently, but caution is essential. Remember, the Internet isn’t always your ally, and seemingly irresistible opportunities can still pose a threat. The advice provided in this article remains relevant.
Suspicious messages can be forwarded to any of the three email addresses from Safeonweb.
– verdacht@safeonweb.be
– suspect@safeonweb.be
– suspicious@safeonweb.be
Our SOC is also available to assist in case there are any doubts or suspicions about text or mail messages.
