Please see Security Advisories for the week ending April 15, 2022
- North Korean State-Sponsored APT Targets Blockchain Companies
- VMware Releases Security Updates for Cloud Director
- Google Releases Security Updates for Chrome Browser
- APT Actors Target ICS/SCADA Devices
- Cisco Releases Security Updates for Multiple Products
- Juniper Networks Releases Security Updates for Multiple Products
- Apache Releases Security Advisory for Struts 2
- Citrix Releases Security Updates for SD-WAN Products
- Microsoft Releases April 2022 Security Updates
_______________________________
North Korean State-Sponsored APT Targets Blockchain Companies
Situation
CISA, the Federal Bureau of Investigation (FBI), and the U.S. Treasury Department have released a joint Cybersecurity Advisory (CSA) that details cyber threats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) actor known as the Lazarus Group.
Problem
The Lazarus Group has been seen targeting a variety of organizations in the blockchain and crypto industry.
Implication
The initial attack vector is spearphishing to employees of cryptocurrency companies.
Need
Be wary of any scams and phishing related to cryptocurrency and apply security best practices.
For more information:
https://www.cisa.gov/uscert/ncas/alerts/aa22-108a
________________________________
VMware Releases Security Updates for Cloud Director
Situation
VMware has released security updates to address vulnerabilities in VMware “Cloud Director” software.
Problem
VMware “Cloud Director” contains remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1.
Implication
A remote attacker could exploit these vulnerabilities to take control of an affected system.
Need
Review the “VMware Security Advisory” and apply the necessary updates.
VMware Security Advisory:
https://www.vmware.com/security/advisories/VMSA-2022-0013.html
CISA Advisory:
https://www.cisa.gov/uscert/ncas/current-activity/2022/04/15/vmware-releases-security-updates-cloud-director
________________________________
Google Releases Security Updates for Chrome Browser
Situation
Google has released a new Chrome browser version 100.0.4896.127 for Windows, Mac, and Linux operating systems.
Problem
Google has patched two security vulnerabilities in their Chrome browser. The most severe being a type confusion vulnerability (CVE-2022-1364) found in V8 JavaScript engine, which has been seen currently being exploited in the wild.
Implication
This version addresses a vulnerability that an attacker could exploit to take control of an affected system.
Need
Google recommends users update their Chrome browser to version 100.0.4896.127 or newer.
Additional information can be found in the link below.
Google Release Notes:
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html
________________________________
APT Actors Target ICS/SCADA Devices
Situation
CISA, the Department of Energy, the National Security Agency, and the Federal Bureau of Investigation have issued a joint cybersecurity advisory warning that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices using custom-made tools.
Problem
The APT actors creating the custom made tools for targeting ICS/SCADA devices enables malicious actors to scan compromise and control devices after the first time they are identified and accessed this attack and vulnerability which may be present in windows engineering workstations using ASRock Motherboard driver with known vulnerability’s potentially allowing complete control and elevation or privileges and cause denial of service attacks or pivot further into the environment.
Implication
Failing to take the relevant measures to harden oneself against current tactics may leave one vulnerable to compromise from These Custom made made tools could be used to attack Schnieder Electric programmable logic controllers OMRON sysmac NEX PLC’s and Open Platform Communications Unified Architecture Servers and workstations using the vulnerable ASRock drivers.
Need
“DOE, CISA, NSA, and the FBI recommend all organizations with ICS/SCADA devices implement the following proactive mitigations” Listed on the link to CISA.gove article below.
CISA Advisory:
https://www.cisa.gov/uscert/ncas/current-activity/2022/04/13/apt-actors-target-icsscada-devices
Joint Cybersecurity Advisory:
https://www.cisa.gov/uscert/ncas/alerts/aa22-103a
________________________________
Cisco Releases Security Updates for Multiple Products
Situation
Cisco has released security updates to address vulnerabilities in multiple Cisco products.
Problem
Within the last several days multiple vulnerabilities have been found and considered “Critical” and “High” in the scope of impact.
Implication
An attacker could exploit some of these vulnerabilities to take control or damage an affected system.
Need
CISA encourages users and administrators to review the Cisco Security Advisories page.
For further information on the Cisco vulnerabilities please follow the links below:
https://www.cisa.gov/uscert/ncas/current-activity/2022/04/14/cisco-releases-security-updates-multiple-products
https://tools.cisco.com/security/center/publicationListing.x
________________________________
Juniper Networks Releases Security Updates for Multiple Products
Situation
Juniper Networks has released security updates to address vulnerabilities affecting multiple products.
Problem
Multiple vulnerabilities have been found in several Juniper Networks products ranging from Junos OS, Contrail Networking and more.
Implication
An attacker could exploit some of these vulnerabilities to take control or damage an affected system.
Need
CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.
For further information regarding the new known vulnerabilities please follow the links below: https://supportportal.juniper.net/s/global-search/%40uri?language=en_US – sort=date%20descending&numberOfResults=25&f:ctype=[Security%20Advisories]
________________________________
Apache Releases Security Advisory for Struts 2
Situation
The Apache Software Foundation has released a security advisory to address a vulnerability in Struts in the version range 2.0.0 to 2.5.29
Problem
Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
Implication
An attacker could exploit one of these vulnerabilities to take control of an affected device.
Need
Apply the latest update to Struts 2.
For more information:
https://cwiki.apache.org/confluence/display/WW/S2-062
________________________________
Citrix Releases Security Updates for SD-WAN Products
Situation
Citrix has released security updates to address vulnerabilities in multiple products.
Problem
Vulnerabilities have been discovered in multiple Citrix SD-WAN products, Citrix Endpoint Management (XenMobile Server) and in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows).
A reflected cross-site scripting (XSS) issue has been discovered in Citrix StoreFront when it is configured to use SAML authentication.
Implication
An attacker could exploit some of these vulnerabilities to take control of an affected device/system.
Need
Review the listed CVEs and apply the appropriate recommendations:
CVE-2022-27505 – Citrix SD-WAN products
CVE-2022-27506 – Citrix SD-WAN products
CVE-2022-27503 – Citrix StoreFront
CVE-2021-44519 – Citrix Endpoint Management (XenMobile Server)
CVE-2021-44520 – Citrix Endpoint Management (XenMobile Server)
CVE-2022-26151 – Citrix Endpoint Management (XenMobile Server)
CVE-2022-21827 – in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows)
Links:
https://www.cisa.gov/uscert/ncas/current-activity/2022/04/12/citrix-releases-security-updates-multiple-products
https://support.citrix.com/article/CTX370550
https://support.citrix.com/article/CTX377814
https://support.citrix.com/article/CTX370551
https://support.citrix.com/article/CTX341455
________________________________
Microsoft Releases April 2022 Security Updates
Situation
Microsoft has released updates to address multiple vulnerabilities in Microsoft software.
Problem
The vulnerabilities found include RCE, privilege escalation, information disclosure, server spoofing, and more.
Implication
An attacker could exploit one of these vulnerabilities to take control of an affected device.
Need
Review the affected Microsoft products and apply the appropriate update.
For more information:
https://msrc.microsoft.com/update-guide/releaseNote/2022-Apr
__________________________