In this week's Security Advisory:
- Zero-Day (CVE-2023-41179) in Trend Micro Apex One and Worry-Free Business Security Products
- Info-Stealer Malware 'MetaStealer' Targeting macOS Business Users
- Microsoft Azure Data Leak Exposes Dangers of Shared Access Signature (SAS) Tokens
Zero-Day (CVE 2023-41179) in Trend Micro Apex One and Worry-Free Business Security Products
Trend Micro disclosed a zero-day in their Apex One (on-premise and SaaS) and Worry-Free Business Security products. The zero-day, CVE-2023-41179, is due to a vulnerability in the 3rd party AV uninstaller module and could allow an attacker to execute arbitrary code on the affected device. To exploit this vulnerability, an attacker must first obtain access to the administrative console on the affected system. There are reports of this vulnerability being actively exploited in the wild. CVE-2023-41179 has not received a CVSS score.
The following versions are affected:
- Apex One 2019
- Apex One as a Service 2019
- Worry-Free Business Security Services 6.7
- Worry-Free Business Security Advanced 10.0
More Reading/Information
- https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US
- https://www.securityweek.com/trend-micro-patches-exploited-zero-day-vulnerability-in-endpoint-security-products/
- https://nvd.nist.gov/vuln/detail/CVE-2023-41179
Info-Stealer Malware 'MetaStealer' Targeting macOS Business Users
A new information stealing malware dubbed 'MetaStealer' is targeting macOS business users. The threat actors are posing as fake clients and tricking users into downloading a malicious disk image (.dmg) file containing the MetaStealer malware. Once downloaded, MetaStealer can evade Apple security mechanisms and proceed to exfiltrate the keychain, harvest passwords and steal files. Threat actors are always going to evolve and find new techniques to deliver malware which is why it is always important to use caution when clicking on any attachments, even if it is coming from a trusted source.
More Reading/Information
- https://www.sentinelone.com/blog/macos-metastealer-new-family-of-obfuscated-go-infostealers-spread-in-targeted-attacks/
- https://www.securityweek.com/macos-info-stealer-malware-metastealer-targeting-businesses/
Microsoft Azure Data Leak Exposes Dangers of Shared Access Signature (SAS) Tokens
Microsoft AI research division accidentally leaked 38T of private data via a misconfigured Shared Access Signature (SAS) token, a URL that provides a secure way to delegate access to data within a storage account. The Microsoft AI research division published this misconfigured SAS token in a public GitHub repository, ultimately giving users full read/write permissions to an internal storage account. While Microsoft states that there was no exposure to consumer data, it highlights the importance of securing access to storage accounts. If your organization must share data from a private cloud storage account, it is best practice to create a separate storage account that is used only for public sharing. Microsoft also recommends following best practices when working with SAS tokens such as applying the principle of least privilege, using short-lived SAS tokens, and having a revocation plan.
More Reading/Information
- https://msrc.microsoft.com/blog/2023/09/microsoft-mitigated-exposure-of-internal-information-in-a-storage-account-due-to-overly-permissive-sas-token/
- https://www.darkreading.com/cloud/microsoft-azure-data-leak-exposes-dangers-of-file-sharing-links
- https://www.bleepingcomputer.com/news/microsoft/microsoft-leaks-38tb-of-private-data-via-unsecured-azure-storage/
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe Solutions strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.
