Zero-Day Alert: Chrome’s New Patch Secures Vulnerable Users Against Actively Exploited Flaw
According to the National Institute of Standards and Technology’s National Vulnerability Database (NVD), the flaw could enable a remote attacker to exploit heap corruption using a specially designed HTML page. The tech giant has remained largely silent about the attacks, only noting the existence of a CVE-2023-3079 exploit in the wild. This marks the third zero-day actively exploited in Chrome this year, and Google recommends users upgrade to version 114.0.5735.110 for Windows, or 114.0.5735.106 for macOS and Linux. Chromium-based browsers users, including Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the patches as they become available.
Barracuda Advises Urgent Replacement of Compromised ESG Appliances
Barracuda, an enterprise security firm, is urgently calling on customers impacted by a recent zero-day flaw in their Email Security Gateway (ESG) appliances to replace them promptly. The reason behind the necessity for total replacement remains unclear, though speculation suggests that threat actors could have tampered with the firmware at a level beyond patch repair capabilities.
This move follows the disclosure by Barracuda of a critical flaw in the ESG devices (CVE-2023-2868, CVSS score: 9.8), which has been exploited as a zero-day since October 2022 to deliver custom malware and data theft. This vulnerability relates to remote code injection in versions 5.1.3.001 through 9.2.0.006, arising from incomplete validation of email attachments. Remedial measures were implemented on May 20 and May 21, 2023, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to apply fixes by June 16, 2023.
Cl0p Ransomware Gang Suspected of Exploiting MOVEit Transfer Flaw Since 2021
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint advisory about the active exploitation of a recently disclosed flaw in Progress Software’s MOVEit Transfer application by the Cl0p ransomware gang. The gang, known as TA505, has reportedly been exploiting a previously unknown SQL injection vulnerability to plant ransomware. Microsoft has been tracking the gang’s activities under the label Lace Tempest (aka Storm-0950), which has been linked to a broad range of activities in the cybercrime ecosystem. In July 2021, an IP address previously associated with the Cl0p group was linked to attempts to exploit flaws in SolarWinds’ Serv-U product.
Critical Flaws Addressed by Cisco and VMware in Urgent Security Updates
VMware has issued security updates to resolve three vulnerabilities in Aria Operations for Networks that could lead to information disclosure and remote code execution. Meanwhile, Cisco has also released fixes for a critical flaw in its Expressway Series and TelePresence Video Communication Server that could enable an attacker with Administrator-level read-only credentials to escalate their privileges to Administrator with read-write credentials on an affected system. Users are advised to apply the available updates as soon as possible in order to mitigate the risks of potential exploitation.
Active Exploitation of Patched Windows Vulnerability Under Scrutiny
Recently, details about a now-patched, actively exploited vulnerability in Microsoft Windows have surfaced. Identified as CVE-2023-29336, the flaw is considered severe with a rating of 7.8 and involves an elevation of privilege bug in the Win32k component. Successful exploitation of this vulnerability could allow a threat actor to gain SYSTEM privileges. This discovery was credited to Avast researchers Jan Vojtěšek, Milánek, and Luigino Camastra. As the specifics surrounding the real-world exploitation of the flaw remain unclear, Numen Cyber has reverse-engineered Microsoft’s patch to create a proof-of-concept (PoC) exploit for Windows Server 2016. The Singapore-based cybersecurity firm discovered that the vulnerability hinges on a leaked kernel handle address in the heap memory to secure a read-write primitive.
New Critical SQL Injection Vulnerabilities Found in MOVEit Transfer
Progress Software, the company behind the MOVEit Transfer application, has issued patches to resolve a series of new SQL injection vulnerabilities that affect the file transfer solution and could lead to the theft of sensitive data. According to an advisory released by the company on June 9, 2023, “Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database.” In response, the company recommends an immediate update to MOVEit Transfer versions 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2). The vulnerabilities were reported by cybersecurity firm Huntress during a code review. Currently, there are no known instances of these flaws being exploited in the wild.