Mia Davis
May 20, 2024
3 Min

Threat Report 20.05.24

Google releases fixes for Google Chrome, addressing new zero-day vulnerability

Google has released a new set of fixes addressing nine new security issues in Google Chrome, including another actively exploited zero-day vulnerability.

The vulnerability, tracked as CVE-2024-4947, is a type confusion flaw in the V8 JavaScript and WebAssembly engine. Further information has not been released to prevent any further exploitation by threat actors, but typically a vulnerability of this kind could allow an attacker to access out-of-bounds memory, cause a crash, and execute arbitrary code.

To mitigate this issue and prevent any exploitation, it is recommended to update to the latest version of Google Chrome as soon as possible. This is especially important as this vulnerability has been proven to be actively exploited by threat actors.

XM Cyber releases research revealing 80% exposures from misconfigurations

XM Cyber has released a report analysing the prevalent causes of security exposures from 2023. The report is based on hundreds of thousands of attack path assessments conducted via their platform.

This report reveals that for the majority of organisations, 80% of exposures stem from identity and credential misconfigurations. Of these, a third are said to have put critical assets at direct risk. Remote code execution vulnerabilities, while having much more emphasis placed upon them, account for less than 1% of all exposures and 11% of critical exposures.

For any devices, it is important to ensure that credentials are mandated to be strong to prevent exposures such as these. Organisations should also ensure their devices and systems are configured correctly to meet their needs and recommended best practices.

Threat actors abuse Microsoft Quick Assist feature in social engineering attacks

Microsoft has released warnings of threat actors exploiting their Quick Assist feature to perform ransomware attacks by pretending to be trusted contacts from technical support from Microsoft or the target’s company. Quick Assist is a Microsoft Windows feature that allows a user to view or control a remote Windows computer over a network or the Internet.

The attack is a social engineering attack which tricks the user through voice phishing into installing remote monitoring and management tools that the threat actor can use to work to deploy ransomware. To make the attack more convincing, the threat actor will sign up the target’s email address to various legitimate email subscription services to flood their inbox with spam emails. They will then get in contact with the target masquerading as IT support and offer help by convincing them to allow access to their device through usage of Quick Assist to take care of the spam emails.

To protect yourself, it is recommended to be vigilant at all times that you are talking to someone legitimate. Where there is confusion, it is best to verify with your organisation’s security team or IT support team to ensure who you are talking to is who they say they are.

Read similar blogs