SideWinder APT Group aka Rattlesnake Targeting Pakistan – Active IOCs
August 6, 2024Multiple SAP Products Vulnerabilities
August 6, 2024SideWinder APT Group aka Rattlesnake Targeting Pakistan – Active IOCs
August 6, 2024Multiple SAP Products Vulnerabilities
August 6, 2024Severity
High
Analysis Summary
A high-severity vulnerability that was actively being exploited in the field and affected the Android kernel has been fixed by Google. The vulnerability, identified as CVE-2024-36971, has been characterized as a kernel-impacting instance of remote code execution.
There are hints that CVE-2024-36971 might be the subject of focused, restricted exploitation. As is customary, the tech giant withheld further information about the type of cyberattacks that took advantage of the vulnerability and did not link the activity to any specific threat actor or group. It's unclear at this time whether Pixel smartphones are affected by the bug as well.
Nevertheless, the vulnerability was reported by Google's Threat Analysis Group (TAG), indicating that commercial spyware providers are probably using it to penetrate Android devices in highly focused attacks. A total of 47 vulnerabilities were fixed in the August patch, including those found in parts connected to Qualcomm, MediaTek, Arm, and Imagination Technologies.
Twelve privilege escalation bugs, one information disclosure bug, and one denial-of-service (DoS) bug affecting the Android Framework have also been fixed by Google. In June 2024, the company disclosed that restricted and targeted attacks have leveraged an elevation of privilege vulnerability in Pixel Firmware (CVE-2024-32896). Later, Google stated that the problem affects not just Pixel devices but the entire Android ecosystem and that it is collaborating with OEM partners to implement the necessary changes.
Two vulnerabilities in the firmware and bootloader (CVE-2024-29745 and CVE-2024-29748) that were previously exploited by forensic firms to acquire private information were also patched by the manufacturer. The development coincides with the addition of CVE-2018-0824, a remote code execution vulnerability affecting Microsoft COM for Windows, to the list of known exploited vulnerabilities (KEV) by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). This means that federal agencies must implement patches by August 26, 2024.
The update comes after a report from researchers warning that a Chinese nation-state threat actor going by the moniker of APT41 used the vulnerability as a weapon in a cyberattack against an unidentified research facility connected to the Taiwanese government to accomplish local privilege escalation.
Impact
- Code Execution
- Unauthorized Access
Indicators of Compromise
CVE
- CVE-2024-36971
Affected Vendors
Remediation
- Upgrade to the latest version of Android, available from the Google Website.
- Organizations must test their assets for the vulnerability mentioned above and apply the available security patch or mitigation steps as soon as possible.
- Implement multi-factor authentication to add an extra layer of security to login processes.
- Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
- Organizations must stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
- Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
- Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
- Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
- Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
- Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
- Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.