This vulnerability allows remote attackers to bypass authentication on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerability.

Read More

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

What is Windows OLE?

What is Windows OLE?
OLE (Object Linking and Embedding) is a feature in Microsoft Windows that enables software to work together and share data. The feature, for example, allows a table created using Microsoft Excel either be embedded or linked to Microsoft PowerPoint.

What is the Attack?

CVE-2023-29325 is a remote code execution vulnerability in Microsoft Outlook and is stemmed from a buffer error when loading OleCache object. Successful exploitation could result in remote code execution under the context of the vulnerable application. CVE-2023-29325 has a CVSS base score of 8.1 and is rated critical by Microsoft.

Why is this Significant?

This is significant because, while exploitation of CVE-2023-29325 has not been reported or observed – the vulnerability has been publicly disclosed and Proof-of-Concept (PoC) code is available. The Microsoft advisory states that exploitation is more likely. As such, the patch should be applied as soon as possible.

What is the Vendor Solution?

Microsoft released a fix as part of regular Microsoft Patch Tuesday on May 9th, 2023.

What FortiGuard Coverage is Available?

FortiGuard Labs has the following IPS signature in place that will prevent exploitation of CVE-2023-29325:
MS.Outlook.OleCache.CVE-2023-29325.Remote.Code.Execution

Is Mitigation Available?

The Microsoft advisory provides mitigation methods. Please refer to the Appendix for a link to “Windows OLE Remote Code Execution Vulnerability (CVE-2023-29325)”.

Read More

FortiGuard Labs is aware of a report that a new ransomware “Black Suit” targeting both Windows and Linux platforms was discovered in the wild. Some reports suggest similarities with the infamous active Royal ransomware. Black Suit ransomware encrypts files on affected machines and adds a “.BlackSuit” file extension to the encrypted files. It also operates its own leak site on TOR designed to post information stolen from victims.Why is this Significant?This is significant because “Black Suit” is a new ransomware that targets both Windows and Linux platforms. The threat actor operates a data leak site on TOR, which typically means that the ransomware targets enterprises.What is “Black Suit” ransomware?”Black Suit” is a new ransomware that is used to target Windows and Linux platforms. Information on the infection vector used by the Black Suite ransomware threat actor is not currently available. However, it is not likely to differ significantly from other ransomware groups. The ransomware encrypts files on compromised machines and adds a “.BlackSuit” file extension to affected files. It then leaves a ransom note labeled “README.BlackSuit.txt” and requests victims to contact the attacker on TOR for ransom negotiation. At the time of this writing, the leak site does not list any victims.What is the Status of Protection?FortiGuard Labs has the following AV signatures for the known samples of BlackSuit ransomware:Linux/Filecoder_Royal_AGen.A!trW32/PossibleThreat

Read More

Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

Read More