A new Google Chrome vulnerability has been uncovered and exploited, marking the sixth zero-day incident in 2024 alone. In response, Google swiftly released an emergency update to patch the issue. This latest Chrome vulnerability, identified as CVE-2024-4761, targets Chrome's V8 JavaScript engine, a crucial component responsible for executing JavaScript code within the browser. 

Decoding the New Google Chrome Vulnerability 

Specifically, the flaw involves an out-of-bounds write problem, a type of issue where a program oversteps its designated memory boundaries, potentially leading to unauthorized data access or even arbitrary code execution. Google acted promptly upon becoming aware of the exploit, rolling out updates to address the vulnerability across different platforms, including Mac, Windows, and Linux.  While the fix is being progressively deployed to users worldwide, those keen on ensuring their safety can manually check for updates by navigating to Settings > About Chrome and initiating the update process. This Chrome vulnerability follows closely on the heels of another zero-day exploit, CVE-2024-4671, which Google addressed just days prior. This recurrent pattern highlights the shift in vulnerability management where the most secure products are facing crises due to active exploitation by ransomware groups and dark web actors.

Multiple Zero-day Chrome Vulnerabilities

Notably, Google has refrained from divulging specific details regarding the exploits, a common practice aimed at preventing further exploitation until a majority of users have applied the necessary patches. Despite the lack of explicit details, the severity of these Google Chrome vulnerabilities is apparent, with Google's designation of an "emergency patch" signaling the urgency of the matter. The string of zero-day vulnerabilities identified in 2024 highlights the persistent efforts of threat actors to exploit weaknesses in popular software like Google Chrome. From out-of-bounds memory access to use-after-free issues, these vulnerabilities represent various avenues through which attackers can compromise user security. Several critical vulnerabilities have been identified in Google Chrome throughout the year 2024. These include CVE-2024-0519, an out-of-bounds memory access issue in the Chrome JavaScript engine discovered in January.  In March, CVE-2024-2887, a type confusion flaw in WebAssembly, was demonstrated by Manfred Paul during Pwn2Own 2024, alongside CVE-2024-2886, a use-after-free problem in WebCodecs, highlighted by Seunghyun Lee.  Additionally, CVE-2024-3159, another out-of-bounds memory access flaw in the V8 JavaScript engine, was showcased by Edouard Bochin and Tao Yan of Palo Alto Networks during the same event.  Finally, in May, CVE-2024-4671, a use-after-free issue within the Visuals component, was uncovered, further emphasizing the ongoing challenges in securing the Chrome browser against various vulnerabilities. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Source: securelist.com – Author: Boris Larin, Mert Degirmenci Software Software 14 May 2024 minute read In early April 2024, we decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the wild. While searching for samples related to this […]

La entrada QakBot attacks with Windows zero-day (CVE-2024-30051) – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

The MITRE Corporation revealed on April 19 that it was one of over 1700 organizations compromised by a state-backed hacking group in January 2024. The MITRE data breach, which involved chaining two Ivanti VPN zero-days, highlights the evolving nature of cyber threats and the challenges organizations face in defending against them.

The MITRE data breach was detected after suspicious activity was noticed on MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified collaborative network used for research and development. [caption id="attachment_63933" align="aligncenter" width="609"] Source: X[/caption]

MITRE DATA Breach Discovery and Response

Following the detection, MITRE promptly took NERVE offline and launched an investigation with the assistance of both internal and external cybersecurity experts. "Following detection of the incident, MITRE took prompt action to contain the incident, including taking the NERVE environment offline, and quickly launched an investigation with the support of in-house and leading third-party experts. The investigation is ongoing, including to determine the scope of information that may be involved," reads the Official notice. MITRE CEO Jason Providakes emphasized that "no organization is immune from this type of cyber attack, not even one that strives to maintain the highest cybersecurity possible." Providakes highlighted the importance of disclosing the incident in a timely manner to promote best practices and enhance enterprise security. “We are disclosing this incident in a timely manner because of our commitment to operate in the public interest and to advocate for best practices that enhance enterprise security as well as necessary measures to improve the industry’s current cyber defense posture. The threats and cyber attacks are becoming more sophisticated and require increased vigilance and defense approaches. As we have previously, we will share our learnings from this experience to help others and evolve our own practices,” said Providakes. Charles Clancy, MITRE's Chief Technology Officer, provided additional insights, explaining that the threat actor compromised the Ivanti Connect Secure appliance used to provide connectivity into trusted networks. Clancy stressed the need for the industry to adopt more sophisticated cybersecurity solutions in response to increasingly advanced threats. MITRE outlined four key recommendations:

1. Advance Secure by Design Principles: Hardware and software should be inherently secure.
2. Operationalize Secure Supply Chains: Utilize software bill of materials to understand threats in upstream software systems.
3. Deploy Zero Trust Architectures: Implement micro-segmentation of networks in addition to multi-factor authentication.
4. Adopt Adversary Engagement: Make adversary engagement a routine part of cyber defense to provide detection and deterrence.

MITRE has a long history of contributing to cybersecurity research and development in the public interest. The organization has developed frameworks like ATT&CK®, Engage™, D3FEND™, and CALDERA™, which are used by the global cybersecurity community.

Details of the MITRE Data Breach

The MITRE data breach involved two zero-day vulnerabilities: an authentication bypass (CVE-2023-46805) and a command injection (CVE-2024-21887). These vulnerabilities allowed threat actors to bypass multi-factor authentication defenses and move laterally through compromised networks using hijacked administrator accounts. The attackers utilized sophisticated webshells and backdoors to maintain access to hacked systems and harvest credentials. Since early December, the vulnerabilities have been exploited to deploy multiple malware families for espionage purposes. Mandiant has attributed these attacks to an advanced persistent threat (APT) known as UNC5221, while Volexity has reported signs of Chinese state-sponsored actors exploiting the zero-days. Volexity discovered over 2,100 compromised Ivanti appliances, affecting organizations of various sizes globally, including Fortune 500 companies. The scale and severity of the attacks prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue an emergency directive on January 19, instructing federal agencies to mitigate the Ivanti zero-days immediately. MITRE's disclosure serves as a reminder of the ongoing threat posed by cyber adversaries and the critical need for organizations to continually enhance their cybersecurity defenses. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.