Week of October 11th, 2024

Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.

Here are this week’s top takeaways:

Breaking News: Firefox Zero-Day Under Attack

Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has been actively exploited in the wild.

The vulnerability, tracked as CVE-2024-9680 (CVSS score: 9.8), has been described as a use-after-free bug in the Animation timeline component.

"An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines," Mozilla officials stated in a Wednesday advisory. "We have had reports of this vulnerability being exploited in the wild."

The issue has now been addressed in the following versions of the web browser:

• Firefox 131.0.2
• Firefox ESR 128.3.1, and
• Firefox ESR 115.16.1.

There are currently no details on how the vulnerability is being exploited in real-world attacks and the identity of the threat actors behind them. However, remote code execution vulnerabilities can be weaponized in several ways, either as part of a watering hole attack targeting specific websites or by leveraging drive-by download campaign.

New Gmail Security Alert Issued For Billions of Users

Sam Mitrovic, a Microsoft solutions consultant, has issued a warning this week after almost falling victim to what is described as a “super realistic AI scam call” capable of duping even the most experienced of users.

“I received a notification to approve a Gmail account recovery attempt,” he explained in a blog post warning other Gmail users of the threat in question. The need to confirm an account recovery, or a password reset, is a known phishing attack methodology intended to drive the user to a fake login portal where they need to enter their credentials to report the request as not initiated by them.

The so-called Google support person proceeded to "inform" Mitrovic that a threat actor had accessed his Gmail accoun, and had already downloaded account data. This rang alarm bells, as Mitrovic recalled both a recovery notification and missed call a week prior.

Googling the phone number he was being called from while speaking, Mitrovic discovered that it did direct to Google business pages. This alone is a clever tactic likely to fool plenty of unsuspecting users, as it wasn’t a Google support number but rather about getting calls from its Google Assistant tool.

With sophisticated phishing attacks like these on the rise, it's critical to remember the basics of anti-phishing:

• Before clicking on any links, take a moment to look carefully at the email. Does the email address, content, signature, etc. look legitimate?
• Enable multi-factor authentication whenever possible
• Use adaptive or risk-based authentication techniques for corporate email addresses
• Implement remote browser isolation techniques to prevent the execution of malicious codes, phishing pages, or any browser-based attacks.
• Enable "safe browsing" and "enhanced protection" in browsers so that the browser can repel malicious web pages.

Cyber Breach of the Indigenous Health Authority Exposes Personal Data

The First Nations Health Authority in British Columbia has confirmed that threat actors gained access to an array of personal information , including medical test results and insurance claims during a cybersecurity breach last May.

The health authority says it has recently concluded its investigation and "the impact of the cybersecurity incident is not the same for [those impacted.]" However, it says hackers gained access to information such as first and last names, home addresses, email addresses, personal health numbers, insurance claim details, and tuberculosis screening test results for certain people.

The health authority's statement continues to explain that it hired third-party cybersecurity experts to help with the investigation. The investigation found that people whose personal information may have been affected included any First Nations person with a Certificate of Indian Status card who lived or recently lived in?B.C. at the time of the breach.

The previously disclosed attack came amid a wave of cybersecurity incidents in?British Columbia that hit targets including the provincial government,?BC libraries, and the retailer London Drugs.

Recent Posts From Our Ethical Hackers

Every month, our ethical hackers work to provide free resources so that your team can continue improving your organization's security posture.

Here are just some of our recent posts:

• "2FA For Employees" by Denis Kucinic, VP of Operations at Packetlabs
• "Investing in EDR" by Ian Lin, Director of Research and Development at Packetalbs
• "CUPS 9.9 CVSS RCE" by Isaac Privett, Ethical Hacker at Packetlabs