The HighPoint Security Hub – Dec 13, 2023

Navigating the ever-evolving landscape of cyber threats is a constant challenge. “The Security Hub” is here to make it easier, offering a succinct overview of the most pressing developments from the past two weeks.

This week, Apple released patches for sensitive information vulnerabilities, Russian hackers exploited an Outlook weakness and Mac users are warned about a new and growing malware.

Global Developments

1. Apple has released critical patches for actively exploited zero-day vulnerabilities affecting iOS, macOS, and Safari to address potential security threats. The issues included an out-of-bounds read issue that could be exploited to leak sensitive information when processing web content, and a memory corruption bug that could result in arbitrary code execution when processing web content. Read more.
2. A newly discovered SLAM attack poses a risk to both AMD and future Intel CPUs, allowing attackers to steal sensitive data from affected processors. SLAM takes advantage of a memory feature that allows software to use untranslated address bits in 64-bit linear addresses for storing metadata. Read more.
3. Users report that Avira antivirus is causing Windows computers to freeze after boot, prompting concerns about the impact on system functionality and user experience. Approximately 20 seconds after Avira launches, the entire operating system becomes unresponsive, with the physical restart button on the case as the sole means to revive the PC. Read more.

Commonly Used Tools and Gadgets

1. Google addresses another zero-day vulnerability in Chrome amid a surge in browser attacks, emphasizing the ongoing need for prompt security patches to protect users. The vulnerability is the seventh zero-day that Google has rushed to patch amid active exploit activity this year and is the latest manifestation of growing attacker interest in Chrome and other browsers. Read more.
2. A security alert warns that threat actors can exploit AWS Security Token Service (STS) to infiltrate cloud accounts, highlighting a potential vulnerability in Amazon Web Services. The service enables threat actors to impersonate user identities and roles in cloud environments. Read more.
3. Russian hackers are reportedly exploiting a bug in Outlook to hijack Exchange accounts, raising concerns about the security of email communication and the potential compromise of sensitive information. The targeted entities include government, energy, transportation, and other key organizations in the United States, Europe, and the Middle East. Read more.
4. Microsoft’s December 2023 Patch Tuesday addresses 34 vulnerabilities, including the fixing of one zero-day flaw, underlining the importance of regular updates for maintaining system security. Read more.
5. More than 20,000 Microsoft Exchange servers are reportedly vulnerable and exposed to potential attacks, raising concerns about the security of these servers and the data they handle. The mail systems run a software version that is currently unsupported and no longer receives any type of updates, being vulnerable to multiple security issues, some with a critical severity rating. Read more.

Malware and Ransomware

1. An analysis of the LUMMA malware sheds light on the intricacies behind the attack, providing insights into the tactics, techniques, and procedures employed by the malicious software. The attacker impersonates a financial services company and sends the target an email containing a fake invoice. Read more.
2. CACTUS ransomware is identified as exploiting vulnerabilities in Qlik Sense through targeted attacks, emphasizing the need for vigilance and robust cybersecurity measures to protect against such threats. The cybersecurity company noted that the attacks are likely taking advantage of three flaws that have been disclosed over the past three months. Read more.
3. Mac users are warned about a new Trojan-proxy malware spreading through pirated software, underscoring the importance of cautious downloading practices to avoid potential security risks on macOS systems. The macOS variants propagate under the guise of legitimate multimedia, image editing, data recovery, and productivity tools. Read more.