- CRITICAL: APT28 Exploits Known Vulnerability To Carry Out Reconnaissance and Deploy Malware on Cisco Routers
- Cisco Releases Security Advisories for Multiple Products
- Oracle Releases Security Updates
- VMware Releases Security Update for Aria Operations for Logs
- Drupal Releases Security Advisory to Address Vulnerability in Drupal Core
|
|
CRITICAL: APT28 Exploits Known Vulnerability To Carry Out Reconnaissance and Deploy Malware on Cisco Routers
Situation: NCSC, NSA, CISA, and FBI have released a joint advisory to provide details of tactics, techniques, and procedures (TTPs) associated with APT28’s exploitation of Cisco routers in 2021. Problem: By exploiting the vulnerability CVE-2017-6742, APT28 used infrastructure to masquerade Simple Network Management protocol (SNMP) access into Cisco routers worldwide, including routers in Europe, U.S. government institutions, and approximately 250 Ukrainian victims. These vulnerabilities affect Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software. These vulnerabilities affect all versions of SNMP, versions 1, 2c, and 3. Devices configured with any of the following MIBs are vulnerable: ADSL-LINE-MIB ALPS-MIB CISCO-ADSL-DMT-LINE-MIB CISCO-BSTUN-MIB CISCO-MAC-AUTH-BYPASS-MIB CISCO-SLB-EXT-MIB CISCO-VOICE-DNIS-MIB CISCO-VOICE-NUMBER-EXPANSION-MIB TN3270E-RT-MIB Implication: If disregarded, the attacker can send crafted SNMP packets and deteriorate the companies’ systems. As a result, business operations can suffer immensely. Need: We encourage personnel to review NCSC’s Jaguar Tooth malware analysis report for detailed TTPs and indicators of compromise which may help detect APT28 activity. Additional Resources:
|
|
|
|
Cisco Releases Security Advisories for Multiple Products
Situation: Cisco has released security updates for vulnerabilities affecting multiple products. Problem: The vulnerabilities are affecting Industrial Network Director (IND), Modeling Labs, StarOS Software, and BroadbandWorks Network Server. Implication: A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Need: We encourage users and administrators to review the following advisories and apply the necessary updates to these following products: Industrial Network Director Modeling Labs IOS and IOS XE StarOS BroadWorks Network Server Additional Resources:
|
|
|
|
Oracle Releases Security Updates
Situation: Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for April 2023 to address vulnerabilities affecting multiple products. There are a total of 433 updates across the Oracle product suite. Problem: A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Some of their affected products and versions include:
Implication: If this issue isn’t addressed, the attacker can gain remote access of a companies’ system and wreak havoc on their technical infrastructure. Need: We encourage users and administrators to review Oracle’s Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin and apply the necessary updates. Additional Resources: |
|
|
|
VMware Releases Security Update for Aria Operations for Logs
Situation: VMware has released a security update to address multiple vulnerabilities in Aria Operations for Logs (formerly vRealize Log Insight). Problem: An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. Also, A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. Implication: If disregarded, A malicious actor can get a hold of the “Root” user and take control of a companies’ network. Need: We encourage users and administrators to review VMware Security Advisory VMSA-2023-0007 and apply the necessary updates. To remediate CVE-2023-20864 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below. (RE: VMSA-2023-0007) To remediate CVE-2023-20865 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below. (RE: VMSA-2023-0007) Additional Resources: |
|
|
|
Drupal Releases Security Advisory to Address Vulnerability in Drupal Core
Situation: Drupal has released a security advisory to address an access bypass vulnerability affecting multiple Drupal versions. Problem: The file download facility doesn’t sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. All Drupal 7 sites on Windows web servers are vulnerable. Drupal 7 sites on Linux web servers are vulnerable with certain file directory structures, or if a vulnerable contributed or custom file access module is installed. Drupal 9 and 10 sites are only vulnerable if certain contributed or custom file access modules are installed.
Implication: If disregarded, the attacker can upload and access files which can affect the business network.
Need: We encourage users and administrators to review Drupal security advisory SA-CORE-2023-005 for more information and apply the necessary updates.
Install the latest version: If you are using Drupal 10.0, update to Drupal 10.0.8. If you are using Drupal 9.5, update to Drupal 9.5.8. If you are using Drupal 9.4, update to Drupal 9.4.14. If you are using Drupal 7, update to Drupal 7.96.
Additional Resources: |