Tecplix ThreatTrack Insights - May I

1. Critical Vulnerabilities in MIT krb5 lead to Remote Code Execution and Denial-of-Service.

Critical vulnerabilities have been identified in MIT krb5, a widely used Kerberos implementation. Exploitation of these vulnerabilities could allow attackers to remotely execute malicious code, crash critical services, or gain unauthorized access to sensitive information.

Key Takeaways:

• Multiple vulnerabilities affect MIT krb5 versions prior to 1.21.2.
• The most severe vulnerability (CVE-2022-42898) could lead to remote code execution on vulnerable systems.
• Attacker could exploit these vulnerabilities to potentially execute malicious code remotely or cause denial-of-service (DoS) conditions on vulnerable systems.

Impact:

Successful exploitation of these vulnerabilities could have significant consequences, including:

• Unauthorized access to user accounts and sensitive data.
• Disruption of critical network services.
• System instability and crashes.

Who is Affected:

Organizations using MIT krb5 versions prior to 1.21.2 are at risk. This includes systems relying on Kerberos for authentication, such as Active Directory or cloud services.

Recommendations:

All MIT krb5 users should update to the most recent version to address security vulnerabilities.

# emerge --sync

# emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.21.2"

2. Critical Vulnerabilities in Adobe Acrobat Reader DC Expose Users to Remote Code Execution and Information Disclosure

Critical vulnerabilities have been discovered in Adobe Acrobat Reader DC versions 0 through 23.008.20470, which could be exploited by remote attackers to execute malicious code and potentially steal sensitive information from targeted systems.

Key Takeaways:

• The flaw exists within the handling of AcroForms & Annotation objects.
• The lack of proper validation of user-supplied data results in a read past the end of an allocated buffer.
• Successful exploitation can lead to data breaches, ransomware attacks, and other malicious activities.
• User interaction is required, typically through opening a specially crafted PDF file.

Impact:

These vulnerabilities are classified as critical due to the potential for remote code execution and information disclosure. Successful exploitation can compromise the confidentiality, integrity, and availability of sensitive data and systems.

Who is Affected:

All users of Adobe Acrobat Reader DC versions 0 through 23.008.20470 are at risk. It is crucial to update to the latest version immediately to mitigate these vulnerabilities.

Recommendation:

• Update to Latest Version 24.002.20736 for Windows and macOS.
• Adobe has issued an update to correct this vulnerability:

https://helpx.adobe.com/security/products/acrobat/apsb24-07.html

3. DPDPA Compliance: Everything You Need to Know

The Digital Personal Data Protection Act (DPDPA) protects the data privacy rights of 1.4 billion people in India. DPDPA sets stringent standards, with penalties of up to ?250 crore for non-compliance.

The DPDPA, enacted in August 2023, represents India’s proactive response to the challenges posed by rapid digitization and expanding data flows. This comprehensive framework is anchored in principles of accountability, transparency, and fairness. It places responsibilities on entities referred to as Data Fiduciaries, which are organizations that handle personal data, while outlining the rights and responsibilities of Data Principals, the individuals to whom the data belongs.

Key Principles of DPDPA

• Applicability: The DPDPA applies to any organization processing the personal data of individuals in India, irrespective of their location.
• Data Protection Scope: Personal data, as defined by the DPDPA, encompasses any information identifying an individual, necessitating a uniform approach to safeguarding all forms of personal information.
• Lawful Grounds for Data Processing: Data processing must be based on explicit consent or other lawful grounds outlined in the DPDPA, ensuring individuals’ control over their personal information.
• Consent Requirements: Explicit, informed, and unambiguous consent is mandatory for data processing under the DPDPA, empowering individuals to exercise control over their personal information.
• Penalties for Violations: Breaches can result in penalties ranging from INR 10,000 to INR 250 crore, highlighting the importance of compliance.

The DPDP Act addresses critical challenges faced by companies in data protection, including mitigating data breaches, fostering consumer trust, ensuring legal compliance, facilitating international business operations, and gaining a competitive advantage. Click to read more...

4. Critical Zero-Day Vulnerability Exploited in Google Chrome for Desktop (Windows/Mac/Linux)

A critical zero-day vulnerability (CVE-2024-4671) is being actively exploited in Google Chrome for Desktop. Google has released security updates to address this high-severity issue.

Key Takeaways:

• A use-after-free flaw in Chrome's Visuals component allows attackers to potentially execute arbitrary code or crash the browser.
• This is the second actively exploited zero-day patched by Google in Chrome this year.
• Attackers can exploit this vulnerability by delivering a specially crafted HTML page.

Impact:

• Successful exploitation of this vulnerability could allow attackers to:
• Execute malicious code on a victim's computer.
• Crash the Chrome browser, potentially disrupting user activity.

Who is Affected?

• Users of Google Chrome for Desktop versions prior to 124.0.6367.201/.202 (Windows/Mac) and 124.0.6367.201 (Linux).
• Users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi (pending updates from respective vendors).

Recommendation:

Update Google Chrome to version 124.0.6367.201/.202.

https://chromereleases.googleblog.com/

5. Critical LiteSpeed Cache Flaw Leaves WordPress Sites Vulnerable

A critical vulnerability (CVE-2023-40000) in the LiteSpeed Cache plugin for WordPress allows attackers to create administrator accounts and seize control of websites.

Key Takeaways:

• Millions of WordPress sites using outdated versions (prior to 5.7.0.1) of LiteSpeed Cache are at risk.
• Hackers are actively exploiting this vulnerability to inject malicious code and create administrator accounts.
• Compromised sites face potential content manipulation, malware distribution, phishing attacks, and user data theft.

Impact:

This vulnerability poses a significant threat to website owners using the LiteSpeed Cache plugin. A successful attack can result in complete website takeover, leading to:

• Defaced or manipulated website content
• Distribution of malware to site visitors
• Phishing attacks targeting website users
• Theft of sensitive user data (e.g., login credentials, personal information)

Who is Affected?

WordPress website owners using LiteSpeed Cache version 5.7.0.1 or older are vulnerable.

Recommendation:

• WordPress site admins are recommended to update plugins to the latest version, remove or disable components that are not needed, and monitor for new admin accounts being created.
• A full site cleanup is mandatory in the event of a confirmed breach. The process requires deleting all rogue accounts, resetting passwords for all existing accounts, and restoring the database and site files from clean backups.

In Crisis?

If you suspect a compromise or face a critical security issue, connect with us to unlock rapid, expert protection. Your Security and Business Continuity is our top Priority!

Get in touch with our security team by filling out this form or call at +91 6366 600 700.