Please see Security Advisories for the week ending April 9, 2021
- Critical Zoom vulnerability triggers remote code execution without user input
- Cisco Releases Security Updates for Multiple Products
- Malicious Cyber Activity Targeting Critical SAP Applications
A zero-day vulnerability in Zoom was found during a Pwn2Own contest for white-hat professionals.
The researchers from Computest have found a three-bug attack chain that can cause an RCE on a target machine, without any form of user interaction. This attack works on both Windows and Mac. The attack must originate from an accepted external contact or be part of the target’s same organizational account.
Details are not yet disclosed on the vulnerability as Zoom has not yet patched it.
Currently there is no patch available, and Zoom Security is advising to only accept contact requests from trusted individuals.
Cisco has released updates to address security vulnerabilities in multiple Cisco products.
Cisco has discovered critical vulnerabilities in Cisco SD-WAN vManage, RV-series small business routers, Cisco Unified Communications, and Cisco Advanced Malware Protection.
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Cybersecurity and Infrastructure Security Agency recommends administrators and end users to review the advisory and install the necessary updates.
For a brief description:
On April 6, 2021, Onapsis and SAP found threat actor activity targeting outdated/misconfigured SAP systems. They have created a threat report which outlines threat actor methods, specific vulnerabilities, IOCs, and more.
Impacted organizations could experience threat of sensitive data, financial fraud, disruption of mission-critical business processes, ransomware, and half of all operations.
The threat report provided by Onapsis and SAP outline the tactics and vulnerabilities used by threat actors to target vulnerable SAP systems. Vulnerabilities seen being exploited include CVE-2020-6287, CVE-2020-6207, CVE-2018-2380, CVE-2016-9563, CVE-2016-3976, CWE-200, CVE-2010-5326, and CWE-307.
If you use SAP products, visit the link below to download the threat report and follow the recommendations.