Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

by | Sep 28, 2023 | Threat Advisories

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

DOWNLOAD PDF

OVERVIEW
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

THREAT INTELLIGENCE

Google is aware that an exploit for vulnerability CVE-2023-5217 exists in the wild.

SYSTEMS AFFECTED:

  • Chrome versions prior to 117.0.5938.132 for Windows, Mac and Linux

RISK
Government:

  • Large and medium government entities: High
  • Small government entities: Medium

Businesses:

  • Large and medium business entities: High
  • Small business entities: Medium

Home users: Low

TECHNICAL SUMMARY
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:

TacticInitial Access (TA0001)

Technique: Drive-By Compromise (T1189)

  • Heap buffer overflow in vp8 encoding in libvpx. (CVE-2023-5217)
  • Use after free in Extensions. (CVE-2023-51872)
  • Use after free Passwords. (CVE-2023-5186)

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

RECOMMENDATIONS
We recommend the following actions be taken:

  • Apply appropriate updates provided by Google to vulnerable systems immediately after appropriate testing. (M1051: Update Software)
    • Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
    • Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
    • Safeguard 7.7: Remediate Detected Vulnerabilities: Remediate detected vulnerabilities in software through processes and tooling on a monthly, or more frequent, basis, based on the remediation process.
    • Safeguard 9.1: Ensure Use of Only Fully Supported Browsers and Email Clients: Ensure only fully supported browsers and email clients are allowed to execute in the enterprise, only using the latest version of browsers and email clients provided through the vendor.
  • Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. (M1026: Privileged Account Management)
    • Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.
    • Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.
  • Restrict execution of code to a virtual environment on or in transit to an endpoint system. (M1048: Application Isolation and Sandboxing)
  • Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
    • Safeguard 10.5:  Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.
  • Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc. (M1021: Restrict Web-Based Content)
    • Safeguard 9.2: Use DNS Filtering Services: Use DNS filtering services on all enterprise assets to block access to known malicious domains.
    • Safeguard 9.3: Maintain and Enforce Network-Based URL Filters: Enforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Example implementations include category-based filtering, reputation-based filtering, or through the use of block lists. Enforce filters for all enterprise assets.
    • Safeguard 9.6: Block Unnecessary File Types: Block unnecessary file types attempting to enter the enterprise’s email gateway.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources. Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. (M1017: User Training)
    • Safeguard 14.1: Establish and Maintain a Security Awareness Program: Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.
    • Safeguard 14.2: Train Workforce Members to Recognize Social Engineering Attacks: Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating.

REFERENCES

Google:
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217

 

BLACKSWAN CYBERSECURITY NAMED TO MSSP ALERT’S 2023 LIST OF TOP 250 MSSPs

BLACKSWAN CYBERSECURITY NAMED TO MSSP ALERT’S 2023 LIST OF TOP 250 MSSPs

by | Sep 28, 2023 | News

Seventh-Annual List Reveals Leading MSSP, MDR and MSP Security Companies Expect Strong Revenue Growth in 2023 vs. 2022

2023 Top 250 PR Blackswan Cybersecurity

DALLAS, TX – September 28 – Blackswan Cybersecurity ranks among the Top 250 MSSPs (https://www.msspalert.com/top-250) for 2023, according to MSSP Alert, a CyberRisk Alliance resource.

The Top 250 MSSPs honorees were announced in a live webcast on September 14.

Key findings include:

  • MSSP Revenue Growth & Financial Performance: MSSP honorees, on average, expect to generate $56.3 million in revenue for 2023, more than double the number from our 2022 report. However, the 2023 Top 250 reported 2022 revenues averaged $47 million.
  • Geography: Honorees are headquartered in 37 different countries.
  • Profits: 87% of MSSPs surveyed expect to be profitable for fiscal year 2023.
  • Security Operations Centers: 67% have in-house SOCs, 23% are hybrid, 8% completely outsource their SOCs, and 1% are reevaluating their SOC strategies.
  • Cyberattack Trends: The most frequent attacks targeting MSSP customers in 2023 include phishing (95%), vulnerability exploits (91%) and ransomware (86%).
  • Cybersecurity Solutions: Larger MSSPs were more likely to run their SOC entirely in-house (85%) while just half of our smaller segment MSPs ran their SOCs in-house and 33% took a hybrid approach (a portion in-house and a portion outsourced.)
  • Key Managed Security Services Offered: Almost all of the larger MSSPs (90%) provided 24/7 security event monitoring and response for threat detection use cases on their own. While 61% of the smaller MSSPs provided these services on their own, 35% partnered with another company for these services and 4% of the smaller MSSPs did not offer them at all.

Blackswan Cybersecurity was ranked among the Top 250 MSSPs for 2023.

“We are incredibly honored to be named among the Top MSSPs for the second year in a row – an achievement that highlights the continued effort of our team at Blackswan,” said Professor Mike Saylor, CEO, Blackswan Cybersecurity. “Blackswan’s Cyber Fusion Center takes the concept of a U.S.-based SOC to the next level by infusing managed monitoring/detection/response services with 24/7 availability of security experts, guidance, and threat intelligence. The result is a security solution that is right-sized for your particular environment and budget, which, when coupled with best-in-class, customer-focused services, make Blackswan Cybersecurity more of an extension of your security team than traditional MSSPs. I firmly believe it is the caliber of our team at Blackswan that makes all the difference.”

“MSSP Alert and CyberRisk Alliance congratulate Blackswan Cybersecurity on this honor,” said Jessica C. Davis, editorial director of MSSP Alert, a CyberRisk Alliance resource. “The Top 250 MSSPs continue to outperform the overall cybersecurity services market in 2023. It’s an indication of the strength of managed security services provided by these specialists at a time when cybercrime has accelerated and threatens businesses of every size and from every industry.”

MSSP Alert’s Top 250 MSSPs list and research report are overseen by Jessica C. Davis, editorial director, MSSP Alert and ChannelE2E.

Click here to download the list and associated report.

An agile, full-lifecycle cybersecurity firm, Blackswan Cybersecurity addresses the cost problem by providing customized solutions to maximize existing efficiencies while eliminating waste in unwanted/unneeded services. Utilizing a lean, fit-for-purpose approach, clients can scale their cybersecurity programs according to their individual needs and budgets.

“True to our roots, focusing on fit-for-purpose solutions, Blackswan strives to democratize security for everyone; cybersecurity should be accessible for all, not just something larger firms can afford to enjoy,” said Christopher Roach, COO, Blackswan Cybersecurity. “In short, our people make the difference and want to level the playing field.”

 

About Blackswan Cybersecurity

Blackswan Cybersecurity is a leader in fit-for-purpose cybersecurity solutions. Blackswan helps companies identify the right safeguards for protecting their data assets and outperforming cybersecurity compliance requirements by offering customizable, comprehensive suite of skills, capabilities, and services. These services range from comprehensive 24/7/365 managed security services (SOC-as-a-service), assessment-level gap analysis, vulnerability identification and remediation, incident and breach response, user awareness training, GRC assessments and analysis, and virtual CISO services. Powered by Blackswan’s Fusion Center, Blackswan Cybersecurity provides around-the-clock access to cyber professionals and ‘eyes-on-glass’ threat monitoring, detection, and remediation services from their North Texas-based Cyber Fusion Center (SOC evolved). Blackswan Cybersecurity strives to democratize enterprise-level security services, offering the same level of skills, capabilities, and protection against data breaches for organizations of all sizes.

 

About CyberRisk Alliance

CyberRisk Alliance (CRA) is a business intelligence company serving the high growth, rapidly evolving cybersecurity community with a diversified portfolio of services that inform, educate, build community, and inspire an efficient marketplace. Our trusted information leverages a unique network of journalists, analysts and influencers, policymakers, and practitioners. CRA’s brands include SC Media, Security Weekly, ChannelE2E, MSSP Alert, InfoSec World, Identiverse, Cybersecurity Collaboration Forum, its research unit CRA Business Intelligence, the peer-to-peer CISO membership network, Cybersecurity Collaborative, the Official Cyber Security Summit, TECHEXPO Top Secret, and now LaunchTech Communications. Click here to learn more.

2023 CUNA Technology Council Conference

2023 CUNA Technology Council Conference

by | Sep 25, 2023 | News

The Credit Union National Association (CUNA)  Technology Conference features expert-led sessions that dive into relevant and trending topics organized by CU peers, such as data security, fraud prevention, and creating a consistent member experience strategy across branches.

This must-attend event for operations and technology professionals in the credit union industry will be held Oct. 4-7 in Denver.

REGISTER NOW:
https://shorturl.at/coyCZ

October 4-7, 2023
Gaylord Rockies Resort & Convention Center
6700 North Gaylord Rockies Blvd.
Aurora, CO 80019

2024 Homeland Threat Assessment

2024 Homeland Threat Assessment

by | Sep 15, 2023 | News

DHS Continues to See High Risk of Foreign and Domestic Terrorism in 2024 Homeland Threat Assessment

Annual Threat Assessment to Replace Regular NTAS Bulletins and Provide the Public and our Partners with More Comprehensive Analysis of Most Pressing Threats and Challenges

DOWNLOAD REPORT

WASHINGTON – Today, the Department of Homeland Security (DHS) released the 2024 Homeland Threat Assessment (HTA), which continues to identify a high risk of foreign and domestic terrorism in 2024. The HTA provides the public and the Department’s partners with a detailed report on the most pressing threats to the United States as part of the Biden Administration’s continuing effort to assist them in preparing for, preventing, and responding to the diverse and dynamic threat environment.

Going forward, the annual HTA will serve as the primary mechanism for sharing the terrorism threat level, which has previously been done through the National Terrorism Advisory System (NTAS). The issuance of NTAS advisories will be reserved for situations where DHS needs to alert the public about a specific or imminent terrorist threat or about a change in the terrorism threat level. This shift will provide the public and DHS partners both in-depth annual reports and urgent updates, as needed.

“Sharing information with the public on the threats we face is a vital part of protecting our homeland from today’s evolving security challenges,” said Secretary of Homeland Security Alejandro N. Mayorkas. “The annual Homeland Threat Assessment is a publicly available resource on the most pressing challenges facing the nation. By sharing our analysis of the threat landscape, we will enable our partners across state, local, tribal, and territorial government, along with the private and non-profit sectors, to make better-informed decisions that account for these security challenges.”

Assessments from the 2024 HTA:

  1. Foreign and Domestic Terrorism: The Department expects the threat of violence from individuals radicalized in the United States to remain high, but largely unchanged, mainly seen through lone offenders or small group attacks that occur with little warning. While sustained counterterrorism pressure has significantly degraded the ability of foreign terrorist organizations to target U.S. interests, foreign terrorist groups like al-Qa’ida and ISIS are seeking to rebuild overseas, and they maintain worldwide networks of supporters that could seek to target the homeland.
  2. Border and Immigration Security: The complex border and immigration security challenges we have faced over the last year are likely to continue. In addition to the immigration challenges, the trend of an increased supply of fentanyl and variations in its production during the last year that have increased the lethality of these drugs is expected to continue.
  3. Foreign Misinformation: The spread of mis-, dis-, and malinformation aimed at undermining trust in government institutions, social cohesion, and democratic processes will remain a likely strategy for adverse nation-states. Foreign actors leverage cyber and Artificial Intelligence (AI) tools to bolster their malign influence campaigns by improving the translation quality of their content.
  4. Economic Security: We expect adverse nation states to continue using predatory economic practices, espionage, and cyber-attacks to try harm the U.S. economy, gain advantage for foreign companies, and steal U.S. intellectual property and trade secrets.

Examples of DHS Efforts to Combat Threats Identified in the 2024 HTA:

  1. United States Secret Service’s National Threat Assessment Center (NTAC) provided over 280 trainings and briefings to over 28,000 participants in the past year, the most in the NTAC’s history, including to state and local law enforcement, government officials, educators, mental health professionals, faith-based leaders, and workplace security managers across the country.
  2. In 2022, DHS’s Nonprofit Security Grant Program (NSGP) awarded over $250 million in funding to support target hardening and other physical security enhancements to non-profit organizations at high risk of terrorist attack.
  3. DHS provides funding for state, local, tribal, and territorial governments, nonprofits, and institutions of higher education with funds to establish or enhance capabilities to prevent targeted violence and terrorism through its Targeted Violence and Terrorism Prevention (TVTP) Grant Program. On September 6, 2023, DHS awarded $20 million in funding to 34 organizations working to develop and strengthen their community’s capability to combat targeted violence and terrorism. 
  4. In addition to biometric and biographic screening and vetting of every individual encountered, CBP has expanded information sharing agreements with international partners to enhance their ability to prevent, detect, and investigate trafficking and other crimes. CBP’s National Targeting Center continuously works to detect individuals and travelers that threaten our country’s security, while also building a network of partner nations committed to fighting global threats.
  5. DHS launched the Prevention Resource Finder (PRF) website in March 2023 in collaboration with more than a dozen federal partners. The PRF is a comprehensive web repository of federal resources available to help communities understand, mitigate, and protect themselves from targeted violence and terrorism.
  6. The DHS Center for Faith-Based and Neighborhood Partnerships engages a coalition of faith-based and community organizations, as well as members of the Faith-Based Security Advisory Council (FBSAC), which DHS reconstituted in July 2022, to help build the capacity of faith-based and community organizations seeking to protect their places of worship and community spaces.
  7. I&A’s National Threat Evaluation and Reporting Program continues to provide tools and resources for federal, state, local, tribal, and territorial partners on preventing terrorism and targeted violence, including online suspicious activity reporting training.
  8. DHS’s Transportation Security Administration (TSA) Intermodal Security Training and Exercise Program (I-STEP) and Exercise Information System (EXIS®) work with government and private sector partners – including owners and operators of critical transportation infrastructure – to enhance security and reduce risks posed by acts of terrorism.
  9. Among many investments and initiatives to counter fentanyl and transnational criminal organizations, the Department’s recent Operations Blue Lotus and Four Horsemen stopped nearly 10,000 pounds of fentanyl in just two months. CBP’s Operation Artemis is building on that effort by leveraging intelligence and investigative information derived from Operation Blue Lotus to target the fentanyl supply chain. Concurrently, USBP’s Operation Rolling Wave is significantly increasing inbound inspections at Southwest border checkpoints and HSI is running Blue Lotus 2.0, to continue significantly increasing resources to Ports of Entry, while increasing coordination of operations to target the fentanyl supply chain.
  10. DHS’s Cybersecurity and Infrastructure Security Agency (CISA) works with government and private sector partners – including owners and operators of critical infrastructure and public gathering places – to prepare for and respond to cyberattacks, as well as enhance security and mitigate risks posed by acts of terrorism and targeted violence by providing resources addressing Active Shooters, School Safety, Bombing Prevention, and Soft Targets-Crowded Places.
  11. DHS’s Center for Prevention Programs and Partnerships (CP3) educates and trains stakeholders on how to identify indicators of radicalization to violence, where to seek help, and the resources that are available to prevent targeted violence and terrorism.
  12. In 2021, 2022, and 2023 DHS designated domestic violent extremism as a “National Priority Area” within its Homeland Security Grant Program (HSGP), enabling our partners to access critical funds that help prevent, prepare for, protect against, mitigate, respond to, and recover from related threats.
  13. SchoolSafety.gov consolidates school safety-related resources from across the government. Through this website, the K-12 academic community can also connect with school safety officials and develop school safety plans.

The public should report any suspicious activity or threats of violence to local law enforcement, FBI Field Offices, or a local Fusion Center.

Blackswan CEO & UTSA Professor Mike Saylor to Speak at GSX 2023

Blackswan CEO & UTSA Professor Mike Saylor to Speak at GSX 2023

by | Aug 5, 2023 | News

Blackswan Cybersecurity CEO and UTSA Professor Mike Saylor to speak at the Annual ASIS GSX 2023 conference (11-13 September 2023 | Kay Bailey Hutchison Convention Center, Dallas, TX)

Visit the teams at Blackswan Cybersecurity and Clarion Security — booth #2346 in the Cybersecurity Pavilion.

Staying ahead in security is crucial, and attending the annual Global Security Exchange (GSX) ensures you remain at the forefront. This event brings together the global security industry in September, providing valuable insights, connections, and readiness for what lies ahead.

At GSX, you can access CPE-eligible education on pressing issues that will impact the profession beyond 2023. Strengthen your professional networks and develop strategies to stay resilient against evolving cyber and physical threats. Explore a wide array of new products, technologies, and services in our extensive exhibit hall to enhance your capabilities.

GSX is proudly organized by ASIS International, the world’s largest membership organization for security management professionals. Your participation directly supports scholarships for security professionals and the administration of essential industry certifications, standards, and guidelines.

By joining security leaders and practitioners from diverse industries, you’ll acquire the knowledge and skills to anticipate security’s evolving challenges and navigate risks with confidence. Embrace this opportunity to eliminate emerging threats and remain change-ready in the dynamic field of security. Learn more about GSX and seize the chance to equip yourself with the tools to thrive in an ever-changing security landscape.

REGISTER NOW

GSX 2023