Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Dropbox

Users are urged to install the Google Chrome Browser update to patch the Zero-Day flaw  

Software updates have been released by Google for Chrome browser users to address another Zero-Day flaw, CVE-2022-4135. The vulnerability is classed as high-severity and has been described as a heap buffer overflow in the GPU component.

Clement Licigne of Google’s Threat Analysis Group reported the flaw on the 22nd of November 2022 and has been credited for his finding. The flaw is dangerous with the possibility of threat actors exploiting the heap buffer overflow, “weaponising” it to execute arbitrary code, leading to unintentional behaviour or crashing a program.

The flaw could permit “a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page”, according to NIST. It is said that Google is aware that an exploit for CVE-2022-4135 exists in the wild.

Furthermore, technical specifics have been withheld until most of the users are updated with a fix. Eight Zero-Day vulnerabilities have been resolved since the start of the year.

CVE-2022-0609 – Use-after-free in Animation

CVE-2022-1096 – Type confusion in V8

CVE-2022-1364 – Type confusion in V8

CVE-2022-2294 – Heap buffer overflow in WebRTC

CVE-2022-2856 – Insufficient validation of untrusted input in Intents

CVE-2022-3075 – Insufficient data validation in Mojo

CVE-2022-3723 – Type confusion in V8

It is important to utilise the automatic update feature within your browsers or use patching solutions to ensure your software is always on the latest and securest versions. If this cannot be achieved through these methods, then it is important to manually update your software as regular as possible.

Chinese CCTV banned for UK “sensitive” government sites

Chinese CCTV cameras have no place in government facilities, the UK has decided, this decision has also been mirrored by the US. After a current and future risk assessment focused on the installation of visual surveillance systems within the government estate was carried out, a decision was made based on the increased capability and connectivity and threat to the UK that additional controls are required.

Therefore, departments have cut off the equipment access to sensitive sites and from the core network, with the discussion of removing and replacing the Chinese CCTV altogether. Departments are considering extending the policy to sites outside the sensitive bracket, with politicians campaigning to ban cameras from partly Chinese state-owned CCTV manufacturers Hikivison and Dahua.

China denies abusing human rights in Xinjiang, and Chinese tech giants have stated multiple times. However, they are required to carry out any actions Beijing asks of them, they are only focused on providing their customers with excellent services. Despite this, worries continue to rise over the presence of Chinese products worldwide, creating the chance of map networks being beneficial intelligence. There is also a risk of the Chinese equipment being crippled by software updates or being bricked at Beijing’s command.

The announcement did not disclose where the funding would come from to replace the Chinese cameras or when the disconnection or replacement would take place, however it is clear that the use of chinese manufctured CCTV will reduce. Does this mean you should replace your CCTV systems? This depends on your current setup and needs. If you would like to discuss this further please feel free to get in touch.

The RansomExx ransomware operators have developed a new variant

The new variant has been fully rewritten in Rust programming language; the latest version is called RansomExx2, dubbed by a threat actor known as Hive0091, and is designed to run on Linux operating system, however, a Windows version can be expected too.

This ransomware family has been active since 2018 and is linked to several attacks on government agencies, manufacturers and other high-profile entities. The main reason the operators may have chosen to write the ransomware in Rust is that it is less detectable than in other languages. RansomExx2 takes a list of target directories to encrypt as line inputs, which then goes through each of the directories enumerating and encrypting the files. Then a note with the demand is dropped in each of the directories.

This new development is an example of the new trend where malware and ransomware operators are using other languages like Rust and Go, which are harder to detect.

Acer released firmware update for flaw that could let attackers disable secure boot protection

A high-security vulnerability tracked as CVE-2022-4020, affects five models of Acer laptops including, Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. ESET researcher Martin Smolár has been credited with discovering the flaw and has previously found similar flaws in Lenovo computers.

Secure Boot is an integrity mechanism that ensures only trusted software is loaded during system setup, disabling this could mean malicious actors can tamper with boot loaders, which could lead to the attacker being able to boot malicious code. This could include the attacker having control over the operating system loading system, along with disabling and bypassing protections to deploy their payloads.

The flaw resides in a DXE driver called HQSwSmiDxe, the BIOS update is expected to be released as part of a critical Windows update, or users can download the fixes from Acers Support portal. This BIOS update will fix the ability to modify secure boot state.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.