overview
Google has recently released patches for a critical vulnerability in Chrome browser. Tracked as CVE-2024-7965, it is a vulnerability in the V8 JavaScript engine, and impacts all versions of Chrome older than 128.0.66.13.84. Please see the Chrome Releases for further information.
Exploiting this vulnerability does require end-user interaction, such as visiting a compromised website, or opening a malicious file attachment in an email. An organization’s best defense against attacks built around this vulnerability remains trained users who can quickly identify phishing attempts and use safe browsing habits.
The vulnerability was discovered by an independent threat researcher, and reported to Google on July 30, 2024. Google has since acknowledged that this vulnerability has been actively exploited and urges users to update as soon as possible.
how avertium is protecting our customers
IOCs ADDED TO OUR THREAT FEEDS
At this time, there are no known IoCs associated with successful exploit of CVE-2024-7965. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
TTPs TO MONITOR
- Initial Access (T1078): The attacker may gain access to the target system by delivering maliciously crafted HTML content via a web browser, which may trigger the heap corruption.
- Execution (T1059): Once the attacker exploits the vulnerability, they may be able to execute arbitrary code because of the heap corruption, which is a common goal of memory corruption exploits.
- Privilege Escalation (T1068): After successfully executing code, the attacker may attempt to escalate privileges if the code execution allows for administrative or higher-level access.
- Impact (T1499): Depending on the attacker's goal, they may use the exploitation of heap corruption to cause a denial of service (DoS) or further degrade the system's integrity.
ADDITIONAL SERVICE OFFERINGS
- Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.
- Security Information and Event Management (SIEM) - Minimizing the impact of a successful ransomware or malware attack requires detecting it as early in the attack as possible. A Security Information and Event Management (SIEM) system can help an organization to accomplish this. Avertium offers a comprehensive SIEM-based approach that increases the potential for detecting a ransomware infection before it deploys. SIEM provides a holistic overview of a company’s IT environment from a single point of view in terms of its specific security events, empowering teams to detect and analyze unusual behavior.
- Avertium aligns your Cybersecurity Strategy with your business strategy, ensuring that your investment in security is also an investment in your business. Our Cybersecurity Strategy service includes:
- Strategic Security Assessments - Strengthening your security posture begins with knowing where your current program stands (NIST CSF, Security Architecture, Business Impact Analysis, Sensitive Data Inventory, Network Virtualization and Cloud Assessment).
- Threat Mapping – Leverage Avertium’s Cyber Threat Intelligence, getting a more informed view of your most likely attack scenarios (Threat Assessment and MITRE ATT&CK).
- Cyber Maturity Roadmap - Embrace a comprehensive, quantifiable, and well-organized approach to establishing and continuously enhancing your cybersecurity resilience (Policy + Procedure Development, Virtual CISO (VCISO), Training + Enablement, Tabletop Exercises, and Business Continuity + Disaster Recovery Plan).
SUPPORTING DOCUMENTATION