CyberScotland Bulletin

Technical Bulletin June 2024

Technical Bulletins

The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Microsoft Patch Tuesday

In this month’s Patch Tuesday, Microsoft has found 51 flaws overall with the distribution of:

  • 25 elevation of privilege vulnerabilities
  • 18 remote code execution vulnerabilities
  • 3 information disclosure vulnerabilities
  • 5 Denial of Service vulnerabilities

This release also fixed a publicly disclosed zero-day vulnerability that gave attackers the possibility to cause denial of service, it was called CVE-2023-50868. This vulnerability was in the DNSSEC where an attacker could use standard protocols to overload the CPU and cause a denial of service.

A couple more intriguing vulnerabilities were patched this release:

  • CVE-2024-30080: classed as a Critical vulnerability and was a Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
  • CVE-2024-30103: classed as Important and was a Microsoft Outlook Remote Code Execution Vulnerability

Hackers spread malware through Stack Overflow

Stack Overflow is a popular forum where developers and coders ask questions and get help with code and errors. Hackers have been found using this platform to promote malicious packages as solutions to users’ problems.

The malicious actors use a process called typo-squatting where they will try and use modified names of popular software to trick targets into downloading malware or malicious files.

The malicious code promoted by these hackers installs malware on a Windows machine through a python package called “pytoileur”. Once the package is imported and used in the developer’s code, it launches an executable that steals information from the targeted Windows device. The data stolen by the malware is mainly related to web browsing such as:

  • Cookies
  • Passwords
  • Search history
  • Credit card information
  • Other data from the web browser

It was also found that the malware would send documents containing certain phrases back to the hackers.

This type of attack reaffirms the need to verify any link or file that is downloaded from the web and to only download from a trusted source. While this attack uses a python library, it could take the form of a link or file sent on a different type of forum.

Google Chrome Zero Days

This month Google fixed the eighth zero-day vulnerability of this year in the Google Chrome browser that was being actively exploited. This vulnerability was CVE-2024-5274, which was a “type confusion” vulnerability that affected Chrome versions prior to version 125.0.6442.112.

A “type confusion” vulnerability happens when a program mistakenly interprets data as a different type than the one meant to be held. This can lead to crashes, data corruption or in this case arbitrary code execution. Attackers could execute arbitrary code inside a sandbox via a crafted HTML page.

To verify which version of Chrome your device is running go into the About section of the Settings menu.

Back to top of the page