Security Digest (September 2023)

Advanced Computer Technologies Security Digest for June 2023

September 2023

– The Advanced Security Task Force
 
Patch Tuesday – 9/12

The 2nd Tuesday of every month is Patch Tuesday! Every Patch Tuesday, Microsoft addresses security vulnerabilities in their products via a large deployment of software updates. This month’s Patch Tuesday addressed 61 security vulnerabilities, 5 of which were considered critical. Additionally, this month’s round of patches addressed two vulnerabilities that were actively exploited in the wild and had no prior fixes available. The industry refers to publicly disclosed vulnerabilities without an official fix as “Zero-Day Vulnerabilities”.

The Zero Day Vulnerabilities addressed can be seen below:

  • CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
  • CVE-2023-36761 – Microsoft Word Information Disclosure Vulnerability

The critical vulnerabilities addressed can also be seen below:

  • CVE-2023-36796 – Visual Studio Remote Code Execution Vulnerability
  • CVE-2023-36792 – Visual Studio Remote Code Execution Vulnerability
  • CVE-2023-36793 – Visual Studio Remote Code Execution Vulnerability
  • CVE-2023-29332 – Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
  • CVE-2023-38148 – Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

Following a testing phase, Advanced deploys updates to client environments based on agreements. The criticality of security updates is determined by several factors, primarily the ease of exploitability by threat actors and if the vulnerability has been exploited in the wild.

Browser Developers Scramble to Address Zero Day Vulnerabilities From Shared Code
  • Various browser developers, including Chrome, Edge, Brave, Mozilla, and even Tor Browser, found themselves scrambling to address a critical vulnerability uncovered this week in a commonly used code library.
  • Code libraries are “packaged” bundles of code that can be used for common processes or functions across various independent applications. This code library was used to render WebP images in various web browsers.
  • When applications can share code libraries, it allows for more functional applications and less time spent debugging. Unfortunately, this also means if a vulnerability is discovered in a commonly used library, it can lead to widespread impact and critical patching for multiple vendors at once. Such was the case in the now infamous Log4J vulnerability of 2021.
  • The vulnerability, deemed CVE-2023-4863, allows a threat actor to initiate a “buffer overflow attack” on unpatched browsers. In a buffer overflow attack, a threat actor inserts more data to a memory buffer than the program is designed to hold. Successfully “overflowing” the limits of a memory buffer can cause the program to run the threat actor’s malicious code.
  • The threat actor will achieve this by sending malicious WebP images to a user directly, or covertly infiltrating and inserting malicious WebP images on commonly used sites. An end user would only need to open the malicious WebP image in an unpatched browser to be compromised.
  • Google has confirmed this vulnerability has been exploited in the wild and recommends patching immediately. Advanced customers have had updates deployed to their browsers automatically. End users are also strongly advised to update the browsers on their personal devices.
MGM Resorts Attempts Recovery After Compromise
  • MGM Resorts has been reeling following a massive cyber-attack that began on Monday evening.
  • The threat actors accessed employee information from a public LinkedIn page, called the resorts technical helpdesk, and masqueraded as the employee to access restricted systems. Analysts believe the threat actors had the access they needed after less than 10 minutes on the phone.
  •  Shortly after intrusion, the ransomware group (now identified as ‘ALPHV’), began exfiltrating and encrypting data at a massive scale.
  • This attack type, known as ‘Vishing’ (or Voice Phishing), is particularly potent, as it preys on the victim’s willingness to be helpful without performing the proper authentication checks.
  • The Casino/Resort empire felt the effects immediately, with guests reporting phone lines down, rooms inaccessible, and slot machines non-functional. For several days, the company’s primary website was taken down and replaced with the splash page seen below.

 

  • Website functionality was restored in the early hours of Friday, September 15th.
  • The company reported revenue upwards of $14.1 Billion in 2022. Projections estimate losses due to the incident will range from 6$-8$ Million dollars in revenue every da

Advanced advises all customers to verify all requests that may come in over the phone. Advanced also recommends enrolling in Security Awareness training to ensure your staff are empowered with the knowledge necessary to thwart social engineering attacks.

Silverfort Releases 2023 Research Report
  • Silverfort, an industry leader in identity protection, released it’s annual “State Of Identity Security” report this week.
  • The report is used to highlight gaps in cybersecurity resilience related to identity protection. The report analyzed data from 637 respondents in identity roles with at least 1,000 employees between May and June 2023.
  •  Findings reveal that 83% of organizations have experienced identity-related breaches, with compromised credentials being the most common root cause.
  • Despite the use of multi-factor authentication (MFA) and privileged access management (PAM), there are still critical security exposures, leaving organizations vulnerable to malicious use of compromised credentials.
  • This emphasizes the need for end user training to prepare for threat actors taking a more humanistic approach to attacks.
  • Organizations that have not implemented MFA felt the most significant impact, with 65% of employers still not utilizing the industry recommended standard.
Apple Rapid Security Response Addresses Critical Threats From Nation-State Threat Actors
  • Apple rolled out their Rapid Security Response program March of this year to administer quick, automated updates for critical vulnerabilities.
  • An update released Monday addressed two vulnerabilities, designated as CVE-2023-41064 and CVE-2023-41061. The exploits were commonly used together, or ‘chained’, to run code on end user devices without any interaction. The chain has been called BLASTPASS by researchers.
  • CVE-2023-41064 outlines a buffer overflow attack in image rendering specific to Apple devices, while CVE-2023-41061 describes a malicious attachment that can run arbitrary code when delivered to an iOS device (vendors will often leave early descriptions for their patches intentionally vague to reduce the chance of exploitation on devices that are not yet patched).
  • Apple discovered the vulnerabilities following analysis of a device owned by an employee of a Washington DC-based civil society organization. Analysts believe the end user was a high value target for international organizations exfiltrating government data.
  • The vulnerability is so potent, the U.S. Cybersecurity and Information Security Agency (CISA) has published an alert requiring all federal agencies to patch their devices by October 2nd, 2023.
  • While no compromises have yet been observed on computers, analysts believe MacOS is theoretically exploitable, and recommends updating as a priority.
  • These are the 12th and 13th Zero-Day Vulnerabilities addressed by Apple since January. Researchers believe the devices will continue to be targeted due to their widespread use.

Rapid Security Responses can keep you up to date as soon as patches are available. To enable Rapid Security Responses on your device, navigate to:

  • Settings >
    • General >
      • Software Update >
        • Automatic Updates, then make sure that “Security Responses & System Files” is turned on.

Recent Posts

Security Digest (June 2024)

July 2024 Patch Tuesday – 6/11 Deep Dive: CVSS Breakdown On Critical Vulnerability Vendor Patch Advisories Apple Updates TeamViewer Compromise Snowflake Breach Snowballs As always, Advanced

Read More »

Security Digest (May 2024)

May 2024 Patch Tuesday – 5/14 Threat Grading Overview Vendor Patch Advisories Threat Breakdown: The Return of Revenge Remote Access Trojan Looking Back: WannaCry –

Read More »

Cybersecurity Triad

New cyber threats are emerging every day, keeping us on our toes. Let’s talk about some of these threats, including credential stuffing, password spraying, and

Read More »

Security Digest (April 2024)

April 2024 Patch Tuesday – 4/9 Threat Grading Overview Deep Dive: CVE-2024-26234 and Digital Signatures – Who Can We Trust? Vendor Patch Advisories Emerging Threat:

Read More »

Categories