The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.
Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.
Microsoft Patch Tuesday
Microsoft has released its June 2023 Patch Tuesday security update, addressing a total of 78 flaws, 38 of which pertain to remote code execution vulnerabilities. Despite the high number of vulnerabilities, only six are classified as ‘Critical,’ dealing with issues including denial of service, remote code execution, and privilege elevation.
Notably, this update does not include any patches for zero-day or actively exploited bugs, providing some relief for Windows administrators who are often under pressure to rapidly apply these updates.
Two significant flaws addressed in this update are CVE-2023-29357 and CVE-2023-32031. The former is a privilege elevation vulnerability in Microsoft SharePoint Server, while the latter is a remote code execution vulnerability in Microsoft Exchange Server, where the attacker would typically need to be authenticated. Both patches are designed to enhance defences against potential cyber threats.
Google Chrome Zero Days
In a recent development, Google deployed a set of security upgrades to rectify a high-severity defect in its widely used Chrome web browser. The tech giant disclosed that this flaw has been under active exploitation, stressing the urgency of these updates.
To safeguard against this vulnerability, users are strongly advised to update their browsers to version 114.0.5735.110 on Windows and 114.0.5735.106 on macOS and Linux. The recommendations extend beyond Google Chrome, as other browsers built on the Chromium platform, including Microsoft Edge, Brave, Opera, and Vivaldi, are similarly affected. Users of these browsers are urged to implement the available patches promptly as they are released. This will ensure optimal browser security and mitigate potential cyber threats that could arise from this vulnerability.
Chat GPT AI Package Hallucination
A new cyber-attack technique known as “AI package hallucination” has emerged, taking advantage of the OpenAI language model ChatGPT to propagate malicious packages within developers’ environments. This technique exploits the ability of ChatGPT and similar generative AI platforms to generate fabricated content, including URLs, references, blogs, and statistics.
Researchers have found that ChatGPT sometimes responds to user queries with hallucinated sources, links, and even entire code libraries and functions that do not exist. This includes proposing dubious fixes for common vulnerabilities and providing links to non-existent coding libraries. Consequently, attackers can utilize these fake code libraries, created by ChatGPT, to distribute malicious packages without relying on traditional techniques like typosquatting or masquerading.
This attack technique highlights how threat actors can easily leverage ChatGPT as a tool for executing their malicious activities. To mitigate the risks associated with AI package hallucination, developers need to be diligent in vetting libraries and packages. Key factors to consider during the vetting process include creation date, download count, comments, and attached notes. Remaining cautious and sceptical of suspicious packages is paramount in maintaining the security of software systems.