Google issues emergency Chrome update to Patch actively exploited Zero-Day vulnerability

Google has released an emergency Chrome security update to address a zero-day vulnerability, CVE-2024-7971, currently being exploited in the wild. This high-severity flaw, caused by a type confusion issue in Chrome's V8 JavaScript engine, was reported by Microsoft’s Threat Intelligence Centre and Security Response Centre. Attackers can exploit this vulnerability to execute arbitrary code on unpatched devices, potentially leading to severe security breaches.

The update, now available as version 128.0.6613.84/.85 for Windows and macOS, and 128.0.6613.84 for Linux, is rolling out to all users in the Stable Desktop channel. Although Chrome typically updates automatically, users are advised to manually check for updates to ensure their browsers are protected.

This marks the ninth actively exploited Chrome zero-day vulnerability patched by Google in 2024. While details on the exploitation remain limited, Google has restricted access to further information until the majority of users have applied the fix.

Major oilfield firm Halliburton hit by cyber attack, disrupting operations and global networks

Halliburton, a leading US oilfield services firm, has reportedly been hit by a cyber attack, according to a source familiar with the situation. The attack is said to have disrupted business operations at the company’s north Houston campus and affected global connectivity networks. The source, who spoke on the condition of anonymity, revealed that Halliburton has instructed some employees to avoid connecting to internal networks.

Company representatives have yet to comment on the incident.

The energy sector has faced significant cyber threats in recent years, with the 2021 Colonial Pipeline ransomware attack being one of the most notable. That breach, attributed to the DarkSide group, led to fuel shortages and rising prices, creating a political challenge for the US Government.

Critical vulnerability in LiteSpeed cache plugin puts millions of WordPress sites at risk

A critical vulnerability in the LiteSpeed Cache plugin has been uncovered, potentially putting millions of WordPress sites at risk. Discovered by John Blackbourn through the Patchstack zero-day bug bounty program, this flaw enables unauthorised users to gain administrator-level access, potentially leading to the installation of malicious plugins and the compromise of affected websites.

The vulnerability stems from the plugin’s insecure security hash, generated by a weak random number generator and stored without adequate safeguards. With only one million possible values, the hash can be guessed through brute force attacks, allowing attackers to simulate an administrator user.

Patchstack explained that even at a low rate of three requests per second, the correct hash can be discovered within hours to a week. The flaw is exploitable even if the plugin’s crawler feature is disabled, as attackers can trigger the generation of the weak hash through an unprotected Ajax handler.

Users are urged to update to LiteSpeed Cache version 6.4 immediately to mitigate this risk.

Microchip Technology hit by Cyberattack, disrupting manufacturing operations

US-based semiconductor supplier Microchip Technology (NASDAQ: MCHP) has disclosed a cyberattack that has disrupted operations at several of its manufacturing facilities. The company detected suspicious activity on its IT systems on August 17 and confirmed on August 19 that some servers and business operations had been compromised.

In response, Microchip isolated affected systems, shutting down some to contain the intrusion. External cybersecurity experts have been brought in to assist with the investigation. The cyberattack has caused certain manufacturing facilities to operate below normal levels, impacting the company's ability to fulfill orders.

Microchip is working to restore its IT systems and mitigate the incident's impact but has not yet determined whether the breach will have a material effect on its business. The company’s disclosure is in line with SEC requirements for reporting material cyber incidents. While no ransomware group has claimed responsibility, the nature of the attack suggests it may be ransomware-related.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.