Critical Security Update: June 18, 2024 (Windows 10 Errors, Financial-Services-Targeting Attacks, VMware, Google Chrome)
Critical Security Update
Windows 10 Errors, Financial-Services-Targeting Attacks, VMware, Google Chrome
Risk 1: Low
Issue: Windows 10 is currently causing a small error for many applications prompting for an application to “Open With” when clicking on applications. This is sporadic and not frequent.
Resolution: This is a known bug and, to Microsoft’s claim, not malicious. They are working on a fix so no action need completed until an update is available.
Risk 2: High
Issue: ONNX is a new phishing-attack service that is targeting Microsoft 365 e-mail accounts within financial service firms. The attack is currently triggered using a QR code within a PDF attachment.
Resolution: A reminder to scan all incoming e-mails and be extremely cautious on using QR Codes or attachments. It is our recommendation to require the use of a secure file transfer system instead of e-mail.
Risk 3: Medium
Issue: A new vulnerability has been realized within the VMware environment allowing both remote code execution and local privileges. This is a dangerous combination as it provides the ability to run a program but also provides the access to cause harm.
Resolution: A fix has been deployed. Any VMware user should update their system to the latest version. Versions older than 7 are typically out of general support at this point.
Risk 4: High
Issue: A new malware push infecting Google Chrome is causing errors to display in an attempt to trick the user into installing larger spyware applications. The errors being displayed prompt the user to perform an “Upgrade” to correct.
Resolution: Users should be extra cautious on responding to messages in Chrome, but more so, users should be sure to regularly update their Chrome browser to ensure the latest security is available.
Announced Data Breaches
AMD
Medibank
Panera Bread
