- Cisco Releases Security Update for Multiple Products
- Zeppelin Ransomware on the Rise
- Adobe Releases Security Updates for Multiple Products
- Microsoft Releases August 2022 Security Updates
- Palo Alto Networks releases Security Advisories
- VMware Releases Security Updates
_______________________________
Cisco Releases Security Update for Multiple Products
Situation:
Cisco has released a security update to address a vulnerability in their products.
Problem:
A vulnerability affecting Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software.
Implication:
A remote attacker to obtain sensitive information.
Need:
We encourage organizations to review the following Cisco advisory and apply the necessary updates:
- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
Additional Resources:
CISA Bulletin: Cisco Releases Security Update for Multiple Products
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/11/cisco-releases-security-update-multiple-products
Cisco Security Advisories page:
https://tools.cisco.com/security/center/publicationListing.x
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
________________________________
Zeppelin Ransomware on the Rise
Situation:
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned US organizations today about attackers deploying the Zeppelin ransomware.
Problem:
If the Zeppelin ransomware gets deployed on a host it can encrypt that host’s files multiple times.
Implication:
The attackers deploying this ransomware are known for stealing data for double extortion and making ransom requests in Bitcoin, with the initial demands ranging from several thousand dollars to more than a million dollars.
Need:
The two federal agencies also shared tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help security professionals detect and block attacks using this ransomware strain. The FBI also asked [PDF] IT admins who detect Zeppelin ransomware activity within their enterprise networks to collect and share any related information with their local FBI field office.
CISA and the FBI also advised organizations to take measures to defend against Zeppelin ransomware attacks, such as:
- prioritizing patching vulnerabilities exploited in the wild,
- training their employees and users to recognize and report phishing attempts,
- enabling and enforcing multi-factor authentication.
Additional Resources:
Link to Article:
https://www.bleepingcomputer.com/news/security/fbi-zeppelin-ransomware-may-encrypt-devices-multiple-times-in-attacks/
________________________________
Adobe Releases Security Updates for Multiple Products
Situation:
Adobe has released security updates
Problem:
Vulnerabilities in multiple products.
Implication:
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need:
We encourage organizations to review the following Adobe Security Bulletins and apply the necessary updates.
- Adobe Commerce APSB22-38
- Acrobat and Reader APSB22-39
- Illustrator APSB22-41
- FrameMaker APSB22-42
- Premiere Elements APSB22-43
Additional Resources:
CISA Bulletin: Adobe Releases Security Updates for Multiple Products:
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/09/adobe-releases-security-updates-multiple-products
Adobe Commerce APSB22-38:
https://helpx.adobe.com/security/products/magento/apsb22-38.html
Acrobat and Reader APSB22-39:
https://helpx.adobe.com/security/products/acrobat/apsb22-39.html
Adobe Illustrator APSB22-41:
https://helpx.adobe.com/security/products/illustrator/apsb22-41.html
Adobe FrameMaker APSB22-42:
https://helpx.adobe.com/security/products/framemaker/apsb22-42.html
Adobe Premiere Elements APSB22-43:
https://helpx.adobe.com/security/products/premiere_elements/apsb22-43.html
________________________________
Microsoft Releases August 2022 Security Updates
Situation:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software.
Problem:
An attacker can exploit some of these vulnerabilities.
Implication:
Exploiting these vulnerabilities will give the attacker the ability to take control of the affected systems.
Need:
CISA encourages users and administrators to review Microsoft’s August 2022 Security Update Guide and Deployment Information and apply the necessary updates.
Additional Resources:
August 2022 Security Update Guide :
https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug
Deployment Information:
https://msrc.microsoft.com/update-guide/deployments
Link to the CISA Advisory:
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/09/microsoft-releases-august-2022-security-updates
________________________________
Palo Alto Networks releases Security Advisories
Situation:
Palo Alto Networks released two Security Advisory vulnerabilities.
Problem:
1. The Reflected Amplification Denial-of-Service (DoS) vulnerability in URL filtering.
2. Proof of Concept (PoC) that reduces the effectiveness of the Cortex XDR agent Anti-Ransomware.
Implication:
1. The resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack.
2. An attacker could exploit some of this vulnerability to take control of an affected system.
Need:
1. We strongly encourage organizations to apply the updates for Reflected Amplification Denial-of-Service (DoS) vulnerability during the week of August 15, 2022.
2. We strongly encourage organizations to update the Cortex XDR agents on Windows with the content update 610 or to later updated versions.
Additional Resources:
Palo Alto Networks Security Advisories:
https://security.paloaltonetworks.com/
CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering:
https://security.paloaltonetworks.com/CVE-2022-0028
PAN-SA-2022-0003 Informational: Cortex XDR Agent: Proof of Concept (PoC) Reduces Effectiveness of Anti-Ransomware Protection Module:
https://security.paloaltonetworks.com/PAN-SA-2022-0003
________________________________
VMware Releases Security Updates
Situation:
VMware has released security updates.
Problem:
Multiple vulnerabilities in vRealize Operations.
Implication:
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Need:
We strongly encourage organizations to review VMware Security Advisory VMSA-2022-0022 and apply the necessary updates for vRealize Operations.
Additional Resources:
CISA Bulletin: VMware Releases Security Updates:
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/09/vmware-releases-security-updates
VMSA-2022-0022:
https://www.vmware.com/security/advisories/VMSA-2022-0022.html