Monthly Advisory • 10 MIN READ
February Threat Advisory Top 5
by Eleanor Barlow • Feb 2023
SecurityHQ’s Monthly Threat Report, Drawn from Recent Advisories of February 2023.
Threat Actors Observed Deploying Malware Via OneNote Documents
Threat Reference: Global
Risks: Malware
Advisory Type: Threats
Priority: Standard
Security researchers have observed threat actors using OneNote files to deliver malware via email. Over the last 2 months researchers observed over 6 campaigns using OneNote attachments to deliver different malware payloads including AsyncRAT, Redline, AgentTesla and Doubleback. These malicious files can compromise the victim’s device and steal sensitive information.
Attack scenario is as follows:
- Victim received phishing email containing malicious OneNote file attachment.
- Once the attachment is downloaded attacker can execute command and control using the infected device as a launchpad to gain access to the victim’s network and steal sensitive data.
Recommendations:
- SecurityHQ recommends blocking unknown file extensions on Email Gateway.
- Deploy Endpoint Detection & Response (EDR) tools to detect latest malwares and suspicious activities on endpoints.
- Monitor your IT infrastructure 24×7 for cybersecurity attacks and suspicious activities.
Having conducted incident response investigations across a wide range of industries, SecurityHQ are best placed to work with businesses large and small, and across numerous technical environments to reduce the impact of a cyber security incident. For more information on these threats, speak to an expert here.
Apple Released Patches for Two Vulnerabilities Impacting Multiple Apple Products
Threat Reference: Global
Risks: Risks: Arbitrary Code Execution, Sensitive Information Leakage
Advisory Type: Updates/Patches
Priority: Standard
Apple has released patches to fix multiple vulnerabilities. Successful exploitation of these vulnerabilities could lead to arbitrary code execution, and sensitive information leakage. The patches fixed vulnerabilities that allowed arbitrary code with kernel privileges within apps, by which an app may be able to observe unprotected user data.
Products impacted include iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, and macOS Ventura.
Recommendation: It is recommended to update all the affected products to the latest available patch version.
China Based Threat Actor DEV-0147 Targets Asia, Europe, and South America
Threat Reference: Global
Risks: Malware
Advisory Type: Threats
Priority: Standard
Security Researchers observed China based threat actor group known as DEV-0147 targeting government agencies and organizations in Asia, Europe and South America.
DEV-0147 uses tools to gain a foothold on targeted systems, to maintain control over the compromised environment. The tools primarily used are ShadowPad, to maintain persistent access to compromised systems. ShadowPad is a remote access trojan associated with China-based actors.
They have also been seen to use QuasarLoader, to deploy additional malware for execution. QuasarLoader is a webpack loader commonly used to distribute and execute malware.
Recommendations
- It is recommended to Implement and Enforce Multifactor Authentication.
- Keep Anti-malware solutions at endpoint and network level always updated.
- Deploy Endpoint Detection & Response (EDR) tools to detect latest malwares and suspicious activities on endpoints.
- It is recommended to Patch and Update Systems regularly.
Google Fixed Multiple Vulnerabilities in Chrome
Threat Reference: Global
Risks: Arbitrary Code Execution, Heap Buffer Overflow
Advisory Type: Updates & Patches
Priority: Standard
Google has released Chrome version 110.0.5481.77 for Linux and Mac and 110.0.5481.77/.78 for Windows operating system to fix multiple high, medium, and low severity vulnerabilities.
Recommendation: It is recommended to update Google Chrome to the latest fixed version.
OpenSSL Fixes Multiple Vulnerabilities, Including High-Severity Vulnerability
Threat Reference: Global
Risks: Information Disclosure, Denial of Service
Advisory Type: Updates & Patches
Priority: Standard
OpenSSL patched multiple vulnerabilities including a high severity vulnerability. Successful exploitation of this vulnerability will result in read memory contents or denial of service.
Recommendation: It is recommended to update vulnerable affected version to OpenSSL version 3.0.8