SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Breach Prevention
#
Creative Technologies
#
Cybersecurity
Vulnerabilities in Microsoft, Adobe, Fortinet and Samsung
Fri, 14th Apr 2023
FYI, this story is more than a year old
Author image
By Shannon Williams, Journalist
Follow us

Intelligence company Recorded Future has released its March 2023 vulnerabilities summary, which identifies five newly disclosed vulnerabilities with high risk scores, four of which are zero-day vulnerabilities affecting Microsoft, Adobe, Fortinet and Samsung.

Four of the five vulnerabilities identified had risk scores of 99 in the Recorded Future Intelligence Cloud, meaning they had a score of very critical.

"With the fast growing number of cyber threats putting Australian organisations at risk, it is becoming harder for security teams to keep on top of which vulnerabilities are carrying the highest risks," says Nikolas Kalogirou, Country Manager, ANZ for Recorded Future.

"By compiling these monthly lists of the top cyber vulnerabilities circulating around the world, we hope to help organisations and empower technology and business leaders in Australia to be more resilient in the face of an ever complex and crowded cyber threat landscape."

In March, four companies that include thousands of customers in Australia have shown serious vulnerabilities: Microsoft, Adobe, Fortinet and Samsung. It is important Australian organisations, especially the ones operating across multiple geographic regions, have a close look at these, and if they are impacted put mitigation measures in place.

Note that while the mentioned vulnerabilities were discovered in March 2023, there were further developments to vulnerabilities originally tracked and exploited in the past few months, including from Apple and Android.

Microsoft

Microsoft vulnerabilities were once again the most prominent, accounting for two of the very critical vulnerabilities.

Microsoft released a standalone advisory on March 14, 2023, addressing CVE-2023-23397, a critical vulnerability in Microsoft Outlook that allows an adversary to authenticate as a user to another service using an NTLM relay attack.

Microsoft was made aware of the vulnerability following findings from the Computer Emergency Response Team of Ukraine (CERT-UA) and indicated that it had seen limited, targeted attacks linked to Russian-based threat actors.

Microsoft also released a script to audit Exchange servers for mail items that might be targets of exploitation.

On March 14, 2023, Google's Threat Analysis Group (TAG) discovered that undisclosed financially motivated threat actors exploited a zero-day Microsoft SmartScreen bypass security vulnerability to deploy the Magniber ransomware. The vulnerability, tracked as CVE-2023-24880, allows an adversary to deliver a malicious Microsoft Software Installer (MSI) file with a specially crafted Authenticode signature that evades Mark of the Web (MOTW) defenses without triggering security warnings.

Google's TAG identified over 100,000 downloads of the malicious MSI files containing the Magniber ransomware since January 2023. Most users who downloaded the MSI files are from Europe, far from Magniber's usual targets, such as South Korea and Taiwan.

Fortinet

Attacks by an advanced actor and highly targeted against government organisations, and some unnamed malware from China identified

On March 7, 2023, Fortinet security researchers released security patches to address a zero-day path traversal vulnerability tracked as CVE-2022-41328. The flaw affects FortiOS and, if exploited, allows a malicious actor to read and write arbitrary files via crafted command-line interface (CLI) commands.

The vulnerability affects FortiOS versions 6.4.0 through 6.4.11, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3, and 6.0 and 6.2.

According to Fortinet, the attacks were conducted by an advanced actor, and were highly targeted against the networks of government organisations.

In addition to exploitation activity, Fortinet identified the presence of unnamed malware (later identified as VIRTUALPITA, CASTLETAP, VIRTUALPIE, and REPTILE) on the affected devices. On FortiGate devices, activities performed by the malware included exfiltration of data, modification of files, execution of commands via remote shell, and communication with a command-and-control (C2) server. On FortiManager devices, the malware also executed shell commands, exfiltrated files, redirected malicious traffic, modified files, listened to open ports, and disabled firmware on startup.

A China-nexus threat group is the likely suspect behind a cyber espionage campaign that exploited CVE-2022-41328

Adobe

CVE-2023-26360 is an improper access control vulnerability affecting Adobes ColdFusion versions before 2021 Update 6 and 2018 Update 16.

Threat actors could exploit the vulnerability to execute arbitrary code that takes over the affected device.

Samsung

The remaining vulnerability listed for this month is CVE-2023-24033, a vulnerability that affects several Samsung Exynos Modem baseband chipsets. A denial of service can result from the format types not being checked specifically by the Session Description Protocol (SDP)
 

Related stories
Customers vs banks - Where should the buck stop in preventing finance scams?
Waave launches biometrically secured Waave Wallet in Australia
Legit Security announces strategic partnership with GuidePoint Security
'Junk gun' ransomware: New low-cost cyber threat targets SMBs
Healthcare sector's cybersecurity confidence misplaced, warns Kroll report
Top stories
New ITW Global Leaders Forum code targets international voice fraud
Gen AI optimism high in ANZ but cybersecurity concerns loom
NetApp 2024 report uncovers 'disrupt or die' era powered by AI
Ransomware activity spikes 20%, hospitals now in crosshairs
Mandiant unveils latest M-Trends 2024 cybersecurity report