Threat advisories

Top Middle East Cyber Threats – 10 May 2021

3 min to read
Top Middle East Cyber Threats – 10 May 2021

At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cybersecurity threat landscape and are among the first in the region to learn and act upon new threats.

In this blog, we share the top cybersecurity threats our MSS team has recently come across. So, read on to learn about what you need to look out for in the weeks ahead:

Google Chrome Security Updates

The Chrome browser for Windows, Mac, and Linux was updated to version 90.0.4430.93. This recent update from Google includes nine security fixes.

The official notification from Chrome detailed the following vulnerabilities contributed by external researchers:

CVE-IDDetailsSeverity
CVE-2021-21227Insufficient data validation in V8High
CVE-2021-21232Use after free in Dev ToolsHigh
CVE-2021-21233Heap buffer overflow in ANGLEHigh
CVE-2021-21228Insufficient policy enforcement in extensionsMedium
CVE-2021-21229Incorrect security UI in downloadsMedium
CVE-2021-21230Type Confusion in V8Medium
CVE-2021-21231Insufficient data validation in V8Low

The most severe of these vulnerabilities, if successfully exploited, could allow an attacker to execute arbitrary code in the context of the browser. An attacker could view, change, or delete data depending on the application’s privileges. Exploitation of the most severe of these vulnerabilities may have less impact if this application is configured with fewer user rights on the system than if it is configured with administrative rights.

The Cybersecurity and Infrastructure Security Agency (CISA) issued a notification informing customers to apply the necessary update as soon as possible.

RECOMMENDATIONS

Exploit Code Available in the Wild – CVE-2021-26868

The vulnerability, tracked as CVE-2021-26868, was patched as part of Microsoft’s patch release in March 2021. Cybersecurity researchers recently discovered fully functional exploit code that targets a Windows Graphics Component and injects shellcode into winlogon.exe, resulting in SYSTEM level privilege escalation.

The exploit code was tested, and it was discovered that the base exploit (injects cmd.exe) is modified to inject a Covenant C2 implant with SYSTEM-level integrity.

RECOMMENDATIONS

Critical Vulnerability Updates for Pulse Connect Secure VPNs

Pulse Secure released a patch for a “Critical”-rated vulnerability tracked as CVE-2021-22893 in its Pulse Connect Secure VPN appliances, which was actively misused by threat actors in the wild. The most recent patch addresses a remote code execution vulnerability on the Pulse Connect Secure gateway that was rated “10” on the Common Vulnerability Scoring System scale.

The Cybersecurity and Infrastructure Protection Agency (CISA) also outlined the patch’s release and the significance of updating systems to the most recent recommended version in the advisory it released on May 3. CVE-2021-22893 is one of four significant vulnerabilities discovered in the Pulse Connect Secure gateway over the last year.

RECOMMENDATIONS

  • Prioritize timely patching for identified vulnerabilities of Internet-facing servers as well as internet data processing tools, such as web browsers, application plugins, and document readers. Please refer to the tips for Understanding Patches and Securing Network Infrastructure Devices from CISA.
  • Review the official notification and upgrade the Pulse Connect Secure server software version to 9.1R.11.4.
  • Ensure that the systems are correctly configured and that the security features are enabled.
  • Disable ports and protocols that are not used for business purposes (e.g., Remote Desktop Protocol [RDP] – Transmission Control Protocol [TCP] Port 3389).
  • Develop risk management and cyber hygiene practices for third parties or managed service providers (MSPs) that your organization relies on.
  • Use Multi-Factor Authentication (MFA) for all services, especially webmail, virtual private networks, and accounts that access critical systems, to the extent possible.

References:

Share this article

title
Upcoming event

GISEC Global 2024

The super connector show for the worldwide cyberse...

  • Dubai
  • UAE