Please see Security Advisories for the week ending February 25, 2021
• CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine
• CISA Releases Joint Cybersecurity Advisory on The MuddyWater APT Conducting Malicious Cyber Operations
• Mozilla Releases Security Update for Mozilla VPN
• Cisco Releases Security Updates for Multiple Products
• CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine
Situation
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine
Problem
Threat actors are sing malware WhisperGate and HermeticWiper against organizations in the Ukraine. This malware is meant to completely cripple and destroy systems.
Implication
The initial spread of these malware uses worms sent through email and IM, websites, and files downloaded via p2p. The malware will seek existing vulnerabilities.
Need
Review the advisory for known IOCs and mitigation best practices.
For more information: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
________________________________
CISA Releases Joint Cybersecurity Advisory on The MuddyWater APT Conducting Malicious Cyber Operations
Situation
The CISA, the Federal Bureau of Investigation (FBI), U.S. Cyber Command Cyber National Mission Force (CNMF), the United Kingdom’s National Cyber Security Centre (NCSC-UK), and the National Security Agency (NSA) have issued a joint cybersecurity advisory detailing malicious cyber operations by the Iranian government-sponsored APT actors known as MuddyWater.
Problem
MuddyWater generally targets a range of government and private-sector organizations across sectors including telecommunications, defense, local government, and oil and natural gas. And are known to exploit publicly reported vulnerabilities and use open-source tools and strategies to gain access to sensitive data on victims’ systems and deploy ransomware.
Implication
Failing to take the relevant measures to harden oneself against current tactics may leave one vulnerable to compromise from MuddyWater.
Need
The CISA encourages users and administrators to review the joint cybersecurity advisory. For additional information and a more technical details please visit the link below.
Joint Cybersecurity Advisory:
https://www.cisa.gov/uscert/ncas/alerts/aa22-055a
________________________________
Mozilla Releases Security Update for Mozilla VPN
Situation
Mozilla has released a security update to address a vulnerability in Mozilla VPN
Problem
Mozilla VPN users running without the latest patch (Mozilla VPN 2.7.1) are vulnerable to CVE-2022-0517.
The Mozilla VPN can load an OpenSSL configuration file from unsecured directories. A user or attacker with limited privileges could leverage this to launch arbitrary code with elevated privileges.
Implication
An attacker could exploit this vulnerability to take control of an affected system.
Need
CISA encourages users and administrators to review Mozilla Foundation Security Advisory 2022-08 and make the necessary update.
For a brief overview:
Mozilla Foundation Security Advisory 2022-08
https://www.mozilla.org/en-US/security/advisories/mfsa2022-08/
________________________________
Cisco Releases Security Updates for Multiple Products
Situation
Cisco has released security updates to address vulnerabilities in multiple Cisco products.
Problem
The most severe of these vulnerabilities that have been patched are a vulnerability found in NX-API in the NX-OS software that could allow an authenticated, remote attacker to execute arbitrary commands with root level privileges. A Cisco Nexus 9000 Series Switch vulnerability that could allow an unauthenticated, remote attacker to cause Bidirectional Forwarding Detection (BFD) traffic to be dropped on the affected switch. And lastly a vulnerability found in Cisco Fabric Services over IP (CFSoIP) on Cisco NX-OS that could allow an unauthenticated, remote attacker to cause a denial-of-service attack on the device.
Implication
An attacker who is able to successfully exploit some of these vulnerabilities could take control of the affected system.
Need
The CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates.
For a brief overview:
Cisco NX-OS NX-API Advisory:
Cisco Nexus 9000 Series Switches Advisory:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn
Cisco NX-OS Cisco Fabric Services Over IP Advisory:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr
________________________________
CISA Adds Four Known Exploited Vulnerabilities to Catalog
Situation
The Cybersecurity and Infrastructure Security Agency (CISA) has added four vulnerabilities to its known exploited vulnerabilities catalog, based on evidence of threat actors actively exploiting these vulnerabilities. These types of vulnerabilities is frequently used as a attack vector for malicious cyber actors of all types and pose significant risk if left unpatched.
Problem
The vulnerabilities that were added to this report are:
- Zimbra Webmail Cross-Site Scripting Vulnerability (CVE-2022-24682)
- Microsoft Office Remote Code Execution (CVE-2017-8570)
- Microsoft Internet Explorer Remote Code Execution (CVE-2017-0222)
- Microsoft Windows Code Injection Vulnerability (CVE-2014-6352)
Implication
Failure to implement timely remediation of these vulnerabilities could leave an organizations exposed to potential cyberattacks.
Need
The CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice.
Brief overview:
CISA Vulnerabilities Catalog:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog