Top Middle East Cyber Threats – 2 August 2022
At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cybersecurity threat landscape and are among the first in the region to learn and act upon new threats.
In this blog, we share the top cybersecurity threats our MSS team has recently come across. So, read on to learn about what you need to look out for in the weeks ahead:
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Google has published a security update to address multiple vulnerabilities in Chrome browser that are fixed now in Chrome latest version (103.0.5060.134).
The update includes 11 security fixes and 6 of them were contributed by external researchers. The most severe of these could allow for arbitrary code execution. The most severe of these could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
| CVE | Risk level |
| CVE-2022-2477 | High |
| CVE-2022-2278 | High |
| CVE-2022-2479 | High |
| CVE-2022-2480 | High |
| CVE-2022-2481 | High |
| CVE-2022-2163 | Low |
RECOMMENDATIONS
- Ensure all systems are patched and updated.
Cisco Releases Patches to Address 45 Vulnerabilities
Cisco has released security patches addressing 45 vulnerabilities affecting a variety of products, with one vulnerability rated critical, three rated high, and 41 are rated medium in severity.
Some of these could be exploited to execute arbitrary actions with elevated permissions on affected systems.
The most severe issues impact Cisco Nexus Dashboard for data centers and cloud network infrastructures.
Could enable an unauthenticated remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.
There are no reports that these vulnerabilities are being exploited.
RECOMMENDATIONS
- Ensure all systems are patched and updated.
Apple Releases Software Fixes to Address Several Vulnerabilities
Apple has released software fixes addressing several vulnerabilities affecting macOS Catalina, iOS and iPadOS platforms in a range of iOS/iPadOS components, including AppleAVD, AppleMobileFileIntegrity, Apple Neural Engine, CoreText, ImageIO and WebKit.
These could be exploited through unauthorized permissions being granted to an attacker, app, or user.
The patches cover for numerous gaping memory safety flaws.
There are no reports that these vulnerabilities are being exploited.
RECOMMENDATIONS
- Ensure all systems are patched and updated.
Zero-day vulnerability in Google Chrome (CVE-2022-2294) exploited to attack users in the Middle East
Based on the observation from the attack analysis, researchers have confidently attributed this activity to Candiru. It was seen targeting users located in Lebanon, Turkey, Yemen, and Palestine via watering hole attacks using zero-day exploits for Google Chrome and a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties.
A watering hole attack works by compromising a website that’s frequently visited by users within a targeted organization, or even an entire sector and luring them to a malicious site or download malware.
The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process and Google have released the patch for the same.
RECOMMENDATIONS
- Ensure all systems are patched and updated including Google Chrome.
- Avoid clicking or opening untrusted or unknown links, files or attachments.
- Don’t enable macros for unknown MS Office files.
- Enable software restriction policies and application whitelisting.
- Ensure that email server is configured to block any suspicious attached files.
- Enforce the Restricted PowerShell script execution policy for end users.
- Monitor your network for abnormal behavior and relevant indicators of compromise (IoCs).
- Block the IoCs within respective security controls organization wide.
- Ensure frequent backups are in place.
- Educate employees about detecting and reporting phishing / suspicious emails.
References:
- https://support.apple.com/en-us/HT213343
- https://support.apple.com/kb/HT213344
- https://support.apple.com/kb/HT213345
- https://support.apple.com/en-us/HT213346
- https://tools.cisco.com/security/center/publicationListing.x
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
- https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/
