Weekly Threat Report - 1st May 2020
Google issues Chrome update to fix high-rated security vulnerabilities
In a notice published this week, Google announced that it’s issuing a new update to its Chrome browser. This update will include security fixes for two high-rated vulnerabilities. These vulnerabilities were discovered by Zhe Jin from Qihoo 360, a Chinese internet security company. The update comes after Google launched the latest version of the browser, Chrome 81, earlier this month. Without revealing full details, Google disclosed that the vulnerabilities are of the use-after-free variety. This is where memory can potentially be accessed after being freed to execute code. Potentially, this could be the remote code that gives hackers control over systems. There is no indication that these vulnerabilities have been successfully compromised and Google’s notice promises that the rollout of its security fixing update will happen “over the coming days/weeks”. To stay secure, we recommend always installing the latest updates to your apps and software. Advice can be found in our Install the latest software and app updates guidance.
Vulnerability affecting Sophos product discovered
Cyber security company Sophos have reported that its XG Firewall product has been subject to an SQL injection attack. Hackers took advantage of this previously unknown vulnerability to insert malicious code into a back-end database to gain unauthorised access. Details of the vulnerability were published by Sophos last week, and the company has released a hot fix for devices that have auto-update turned on. To fully remediate the issue, users that have received the hot fix are also advised to reset device administrator credentials and certificates. The NCSC issued a statement earlier this week and recommends affected users follow mitigation advice published by Sophos, ensure auto-update is turned on, and that they are using the most up-to-date version of the application. The NCSC also recommends that any certificate issued to the Firewall be revoked and reissued whilst an architectural review will ensure that management interfaces are not exposed directly to the internet. If remote access is required, this should be through a corporate remote access solution that supports multi-factor authentication.
Topics Cyber threat