Weekly Security News – 12th February 2024

Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.¬†

Vulnerabilities and Patches

Exploitation of Google Chromium Vulnerability CVE-2023-4762

Chromium V8 is an open-source JavaScript and WebAssembly engine developed for Chromium and Google Chrome web browsers. The vulnerability CVE-2023-4762 was reported in September 2023 and concerns Type Confusion in V8 in versions of Chromium prior to 116.0.5845.179. Microsoft Edge (Chromium-based), which ingests Chromium, is also affected. A remote attacker could exploit this vulnerability to execute arbitrary code via a crafted HTML page. Exploitation of this vulnerability has been reported.

Affected organisations are encouraged to review the Chrome release from September 2023. To remediate against this vulnerability, affected devices should be updated to at least 116.0.5845.179. To fully remediate against this and other more recent vulnerabilities disclosed for Google Chrome, please visit the current Stable Channel Update for Desktop. For Microsoft Edge products, please review Chromium: CVE-2023-4762 Type Confusion in V8 for details. 

Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation

Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762¬†(CVSS score: 9.6), allows for the execution of arbitrary code and commands. “A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests,” the company said¬†in a bulletin released Thursday. It further acknowledged that the issue is “potentially being exploited in the wild,” without giving additional specifics about how it’s being weaponized and by whom.

Multiple Zero-Day Vulnerabilities in Hitron Systems Security Camera DVRs

Hitron Systems have released a security advisory to address six improper input validation vulnerabilities affecting a range of Security Camera DVRs. Each vulnerability has a CVSSv3 score of 7.4 and actively exploited vulnerabilities could allow an authenticated, remote attacker to achieve operating system command injection or to trigger a denial-of- service condition on affected Hitron System DVRs. Affected organisations are encouraged to review CISA ICS Advisory ICSA-24-030-04 and apply the necessary updates. The following Hitron Systems Security Camera DVR  platforms are known to be affected:

  • DVR HVR-4781: prior to Version 4.03
  • DVR HVR-8781: prior to Version 4.03
  • DVR HVR-16781: prior to Version 4.03
  • DVR LGUVR-4H: prior to Version 4.03
  • DVR LGUVR-8H: prior to Version 4.03
  • DVR LGUVR-16H: prior to Version 4.03

Cyber Attacks

New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack

The emergence of a new banking Trojan named ‘Coyote’ is causing concern in Brazil’s financial cybersecurity landscape. With its ability to target 61 online banking applications and evade detection, Coyote is a significant threat. This article explores Coyote’s capabilities, its impact on Brazil, and the ongoing fight against financial cybercrime. “This malware utilizes the Squirrel installer for distribution, leveraging Node.js and a relatively new multi-platform programming language called Nim as a loader to complete its infection,” Russian cybersecurity firm Kaspersky said¬†in a Thursday report.

New Zardoor Backdoor Targets Saudi Islamic Charity Organization

An unnamed Islamic non-profit organization in Saudi Arabia has been targeted as part of a stealthy cyber espionage campaign designed to drop a previously undocumented backdoor called Zardoor. Cisco Talos, which discovered the activity in May 2023, said the campaign has likely persisted since at least March 2021, adding it has identified only one compromised target to date, although it’s suspected that there could be other victims. “Throughout the campaign, the adversary used living-off-the-land binaries (LoLBins) to deploy backdoors, establish command-and-control (C2), and maintain persistence,” security researchers Jungsoo An, Wayne Lee, and Vanja Svajcer said, calling out the threat actor’s ability to maintain long-term access to victim environments without attracting attention.

Articles

Ransomware Payments Surpassed $1 Billion in 2023: Analysis

The payments made by victims of ransomware attacks doubled in 2023 compared to the previous year, exceeding $1 billion, according to blockchain analysis firm Chainalysis. The company has looked at the cryptocurrency wallets known to be used by cybercrime groups to receive ransom payments from victims and found a total of $1.1 billion, up from $557 million in 2022.