Top Middle East Cyber Threats – 10 May 2021
At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cybersecurity threat landscape and are among the first in the region to learn and act upon new threats.
In this blog, we share the top cybersecurity threats our MSS team has recently come across. So, read on to learn about what you need to look out for in the weeks ahead:
Google Chrome Security Updates
The Chrome browser for Windows, Mac, and Linux was updated to version 90.0.4430.93. This recent update from Google includes nine security fixes.
The official notification from Chrome detailed the following vulnerabilities contributed by external researchers:
CVE-ID | Details | Severity |
CVE-2021-21227 | Insufficient data validation in V8 | High |
CVE-2021-21232 | Use after free in Dev Tools | High |
CVE-2021-21233 | Heap buffer overflow in ANGLE | High |
CVE-2021-21228 | Insufficient policy enforcement in extensions | Medium |
CVE-2021-21229 | Incorrect security UI in downloads | Medium |
CVE-2021-21230 | Type Confusion in V8 | Medium |
CVE-2021-21231 | Insufficient data validation in V8 | Low |
The most severe of these vulnerabilities, if successfully exploited, could allow an attacker to execute arbitrary code in the context of the browser. An attacker could view, change, or delete data depending on the application’s privileges. Exploitation of the most severe of these vulnerabilities may have less impact if this application is configured with fewer user rights on the system than if it is configured with administrative rights.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a notification informing customers to apply the necessary update as soon as possible.
RECOMMENDATIONS
- Prioritize timely patching for identified vulnerabilities of Internet-facing servers as well as internet data processing tools, such as web browsers, application plugins, and document readers. Please refer to the tips for Understanding Patches and Securing Network Infrastructure Devices from CISA.
- Review the official notification and upgrade Chrome to the latest version.
Exploit Code Available in the Wild – CVE-2021-26868
The vulnerability, tracked as CVE-2021-26868, was patched as part of Microsoft’s patch release in March 2021. Cybersecurity researchers recently discovered fully functional exploit code that targets a Windows Graphics Component and injects shellcode into winlogon.exe, resulting in SYSTEM level privilege escalation.
The exploit code was tested, and it was discovered that the base exploit (injects cmd.exe) is modified to inject a Covenant C2 implant with SYSTEM-level integrity.
RECOMMENDATIONS
- Review the March 2021 “Release Notes” and “Deployment Information” for more details and apply the necessary patches as soon as possible
- If affected by CVE-2021-26868, deploy necessary patches as soon as possible, assuming exploitation at some point.
- Refer to the tips for Understanding Patches and Securing Network Infrastructure Devices from CISA.
Critical Vulnerability Updates for Pulse Connect Secure VPNs
Pulse Secure released a patch for a “Critical”-rated vulnerability tracked as CVE-2021-22893 in its Pulse Connect Secure VPN appliances, which was actively misused by threat actors in the wild. The most recent patch addresses a remote code execution vulnerability on the Pulse Connect Secure gateway that was rated “10” on the Common Vulnerability Scoring System scale.
The Cybersecurity and Infrastructure Protection Agency (CISA) also outlined the patch’s release and the significance of updating systems to the most recent recommended version in the advisory it released on May 3. CVE-2021-22893 is one of four significant vulnerabilities discovered in the Pulse Connect Secure gateway over the last year.
RECOMMENDATIONS
- Prioritize timely patching for identified vulnerabilities of Internet-facing servers as well as internet data processing tools, such as web browsers, application plugins, and document readers. Please refer to the tips for Understanding Patches and Securing Network Infrastructure Devices from CISA.
- Review the official notification and upgrade the Pulse Connect Secure server software version to 9.1R.11.4.
- Ensure that the systems are correctly configured and that the security features are enabled.
- Disable ports and protocols that are not used for business purposes (e.g., Remote Desktop Protocol [RDP] – Transmission Control Protocol [TCP] Port 3389).
- Develop risk management and cyber hygiene practices for third parties or managed service providers (MSPs) that your organization relies on.
- Use Multi-Factor Authentication (MFA) for all services, especially webmail, virtual private networks, and accounts that access critical systems, to the extent possible.
References: