Cyber Threat Pulse
#1, October 2023
WebP Vulnerability Hazards Numerous Applications
NIST Base Score: 8.8 HIGH, NIST Base Score: 7.8 HIGH
Incorrect functioning of the libwebp library, a component of applications with billions of users, may be used for Buffer Overflow*. Libwebp is used by applications and operating systems, which include MacOS, iOS, Chrome, Firefox, Signal, Telegram, Slack, Thunderbird, LibreOffice, Gimp and others. Specially created webp images and HTML pages were spotted as exploits.
Learn more
*Buffer Overflow is a software bug that allows you to exceed the application's memory limits, writing arbitrary, often malicious, code into RAM with the possibility of subsequent execution.
CVE-2023-26369: Active exploitation of Adobe products
NIST Base Score: 7.8 HIGH
Adobe has announced a fix for a vulnerability in its products that it classified as “Out-of-bounds write.” The vulnerability entails the same consequences as the previous one, namely the possibility of executing malicious code on a workstation. It is reported that hackers have already taken advantage of this vulnerability; to date, attempts to exploit it in the “wild” have been noticed. Vulnerable versions of the application are:
● Acrobat DC and Acrobat Reader DC — vulnerable version 23.003.20284 and less
● Acrobat 2020 and Acrobat Reader 2020 — vulnerable version 20.005.30516 (Mac), 20.005.30514 (Win) and less
Learn more
How to protect yourself?
The considered vulnerabilities are caused by errors in the source code of the programs, so only developers can fix them. Users can protect themselves from possible exploitation of such vulnerabilities in the following ways:
● Before patches are released, remove vulnerable software, if possible;
● Once patches are released, immediately update the affected software. For many affected applications, such updates are already available.
● Use Endpoint Protection Platform class solutions with protection functionality against exploits, in particular against buffer overflows. EDR and XDR class solutions will help in deeper tracking and elimination of possible exploits
CVE-2023-27470: System compromise via file deletion
NIST Base Score: 7.0 HIGH
Arbitrary file deletion vulnerabilities in Windows are serious threats that can lead to a complete compromise of the system. CVE-2023-27470, although related to file deletion, allows attackers to create new processes with the highest privileges on the system. In their research, Mandiant described in detail how to exploit this vulnerability, as well as the necessary measures to protect systems from compromise.
Learn more
Explore Turla Tools
MITRE ATT&CK Details
The Turla group, also known as Pensive Ursa, Uroburos, Snake, is a Russian criminal group operating since 2004, associated with the FSB of the Russian Federation. A study by Palo Alto Unit42 describes the top 10 malicious tools available in the arsenal of this APT group, as well as ways to counter and eliminate such threats. Read more: https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/
Learn more