In this week's Security Advisory:
- Beware of Shopping Related Scams This Holiday Season
- Critical Vulnerability (CVE-2023-36553) in FortiSIEM
- Multiple Vulnerabilities in Mozilla Products
Beware of Shopping Related Scams This Holiday Season
Black Friday and Cyber Monday are prime times for threat actors to make a big push in their campaigns. Attackers will be more aggressive with phishing schemes and online shopping scams. Attackers will attempt to lure a victim with incentives, gift cards, or discounts on popular items when their real intentions are to obtain credentials, credit card information, steal money, or potentially infect a victim's host with malware. Threat actors can distribute malware through advertisements, e-mail communications, or QR codes, which would redirect the user to malicious sites.
Cybersafe recommends taking an extra moment and using discretion before acting when receiving any form of communication during the holiday season relating to offers, discount links, or problems with purchases that you never made. This awareness should be shared with all members of the organization including friends and family.
More Reading/Information:
- https://www.techradar.com/pro/security/its-black-friday-for-hackers-too-so-watch-out-for-these-scams
- https://www.techtarget.com/searchsecurity/feature/Quishing-on-the-rise-How-to-prevent-QR-code-phishing
Critical Vulnerability (CVE-2023-36553) in FortiSIEM
Fortinet announced a critical vulnerability in its FortiSIEM report server. The vulnerability, CVE-2023-36553, is an OS command injection flaw that could allow an unauthorized attacker to execute remote code by sending specially crafted packets to an affected system. CVE-2023-36553 received a CVSS score of 9.3 out of a possible 10.
The following versions are affected:
- FortiSIEM 5.4 all versions
- FortiSIEM 5.3 all versions
- FortiSIEM 5.2 all versions
- FortiSIEM 5.1 all versions
- FortiSIEM 5.0 all versions
- FortiSIEM 4.10 all versions
- FortiSIEM 4.9 all versions
- FortiSIEM 4.7 all versions
More Reading/Information:
- https://www.fortiguard.com/psirt/FG-IR-23-135
- https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-command-injection-bug-in-fortisiem/
- https://nvd.nist.gov/vuln/detail/CVE-2023-36553
Multiple Vulnerabilities in Mozilla Products
Mozilla released security updates to address vulnerabilities in several of its products that could lead to arbitrary code execution. There was a total of twenty-six (26) vulnerabilities affecting Firefox, Firefox ESR, Thunderbird, and Firefox for iOS, with seventeen (17) receiving a severity rating of "High."
The following versions are affected:
- Firefox prior to 120
- Firefox ESR prior to 115.5
- Thunderbird prior to 115.5.0
- Firefox for iOS prior to 120
More Reading/Information
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.