Here is a non-exhaustive list of possible mitigations to prevent the exploitation of CVE 2023-4863 in the LibWebP library. This library has a heap buffer overflow available across all operating systems, most browsers, an exceptional number of Electron framework applications.
This CVE is rated a 10 after previously being rated 8.8. This was due to an original disclosure from Google stating that Chrome was the only effected application. After investigation, it was discovered that all instances of the LibWebP library were vulnerable across all platforms.
Silicon Valley Bank collapsed this month causing credit ratings of major banks to drop and another to fail. While a multitude of information about this is available we find it most interesting because threat actors are using the collapse as pretext for scam emails. These emails are sent to trusted third-party businesses asking for updates to the accounts payable or EFT details to threat actor controlled accounts.
Discussions will be held around Ukraine and Russia’s use of civilian mobile network infrastructure, the dangers of geo-location data, and the largest roaming disablement in mobile networking history.
With Microsoft’s recent changes to macros within the Office and M365 suite, Threat Actors have changed their TTPs to utilize the OneNote (.one) file type for Malicious Code Delivery
TL;DR (.one) files are a binary blob capable of embedding any file type. Threat actors are utilizing the prolific nature of OneNote to execute malicious code on endpoints. Block (.one) files from incoming email and dissociate commonly abused file extensions.
The Problem
Microsoft recently modified the way legacy Office applications and M365 applications handle macros within documents. With the restrictions on macros tightening, threat actors have been forced to find new techniques to deliver malicious code to the endpoint.
Microsoft is set to introduce significant changes to the Windows enterprise over the next year. With multiple security settings going from recommended to enforced.
Highlights include the EOL for AD Connector 2.0.x, changes to MFA, and the end of standalone Office Apps for 2016/19.
Caniphish’s Sebastian Salla published a review of thousands of misconfigured SPF records today allowing emails to be sent on behalf of foreign governments, the Massachusetts Institute of Technology, the University of Miami, among others.
The “No TikTok on Government Devices Act” bans the use of the Chinese-owned ByteDance company’s TikTok social media platform on goverment owned devices with power being given to the Director of the Cybersecurity and Infrastructure Security Agency (CISA) to dictate how application management is performed.
Section 3305 will require the FDA to ensure cybersecurity requirements are placed on medical devices. This is a change in posture from the FDA’s previous encouragement to follow cybersecurity best practices. Lawfare gives a breakdown of Section 3305.
Chair of the Senate Select Committee on Intelligence, and former techie, Sen. Mark Warner (D-VA) gave an interview via TechCrunch at the 2023 Consumer Electronics Show. In the interview, Warner discusses his legislation preventing the use of Huawei technologies, TikTok on federal devices, and the FTC’s handling of acquisitions and monopolies.
Google Chrome 110, slated for release on Feb 7th will drop support for Windows 7 and Windows 8.1. This matches Microsoft’s end-of-life date for Windows 7 and 8.1 extended support.
Raspberry Robin targets financial institutions in Europe, current victim profiles seem to show Threat Actors targeting Spanish and Portugeuse speaking institutions. The offensive framework recently underwent updates to provide polymorphic code, preventing hashes or signatures to have much effect against detection. Regardless, researches have identified threat actor infrastructure to develop indicators of compromise.
Most of the Information Security community has fled Twitter in favor of a Mastodon instance Infosec.Exchange
Mastodon is a federated replacement for Twitter and has balloned from 100k user to over 2.5m users since Musk’s takeover of the Twitter platform. As most vendors, businesses, consultants, and infosec personalities made the move to Mastodon, so has the public zeitgeist of up-to-date security news and disclosures. To keep tabs, you can check out the public feeds CTI and ThreatIntel (These tags do not require an account to view.)
I am continually fascinated by the amount of users from the Twitter Diaspora who are decrying the lack of robust fixes for socialogical issues within the Fediverse at large, but specifically within the Mastodon social media realm.
It is not any surprise to those of us that have studied human behavior or history that bigots and other practicers of vile “-isms” are to be found on the fediverse as every where else.
