Please see Security Advisories for the week ending August 14, 2020
- Adobe Releases Security Updates
- Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails
- Google Chrome releases security update for version 84.0.4147.125
- SAP releases August 2020 security updates for multiple products
- Increase of Zoom based phishing attacks over Spring and Summer 2020
- Microsoft Releases August 2020 Security Updates
- Apple Releases Security Updates for iCloud for Windows Versions 7.20 and 11.3
- Phishing Emails Currently Being Used to Deploy KONNI Malware
________________________________
Adobe Releases Security Updates
Situation
Adobe has found and patched security vulnerabilities in its Acrobat Reader and Lightroom products. The vulnerabilities, if exploited, potentially give an attacker control of an affected system.
Problem
Vulnerabilities found in Adobe’s Acrobat Reader and Lightroom products could allow an attacker to exploit them and take control of an affected system. The Versions affected by the Vulnerability are listed in Adobes security bulletin below.
Implication
Unpatched versions of Adobe’s Acrobat Reader and Lightroom applications could be exploited and allow an attacker to take control of an affected system.
Need
Adobe recommends installing the latest product updates to patch these vulnerabilities.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2020/08/11/adobe-releases-security-updates
For a more detailed overview:
https://helpx.adobe.com/security/products/acrobat/apsb20-48.html
For a more detailed overview:
https://helpx.adobe.com/security/products/lightroom/apsb20-51.html
________________________________
Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails
Situation
Malicious actor spoofing Covid-19 loan relief webpage via phishing email link.
Problem
A malicious cyber actor has begun a convincing phishing email campaign that is spoofing the U.S Small Business Administration’s webpage in an attempt to harvest user credentials. The attack so far has been sending emails to federal, civilian, executive branch, state, local, tribal, and territorial governments.
Implication
Opening the link in the phishing email will result in malicious re-directs and credential stealing. Which can lead to a compromise of system and network integrity.
Need
Ensure that systems have the latest security updates. Train Employees to not follow any links sent from unfamiliar email addresses. Monitor users' web browsing habits and restrict access to sites with unfavorable content.
For a brief overview:
https://us-cert.cisa.gov/ncas/alerts/aa20-225a
________________________________
Google Chrome releases security update for version 84.0.4147.125
Situation
Chrome has released security updates for Chrome for Windows, Mac, and Linux.
Problem
This update addresses 15 vulnerabilities, ranging from medium to high. Vulnerabilities include use after free, inappropriate implementation, and out of bounds reads.
Implication
Details on the CVEs are not currently released. However, given the nature of the vulnerabilities, an attacker will be able to execute arbitrary code and/or perform remote code execution.
Need
Please update Chrome to the latest version.
For a more detailed overview:
https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.html
________________________________
SAP releases August 2020 security updates for multiple products
Situation
SAP has released their monthly security updates for their products SAP NetWeaver, SAP Business Objects, SAP Adaptive Server Enterprise, SAP Data Intelligence, SAP Commerce, SAP ERP, and SAP S/4 HANA.
Problem
These security updates address multiple vulnerabilities in their products such as XSS.
Implication
These updates address vulnerabilities that range from medium to critical in CVSS. Vulnerability categories include code injection, XSS, information disclosure, missing authentication check, missing authorization check, and more.
Need
If you use any SAP products, make sure to update to the latest version to fix these vulnerabilities.
For a more detailed overview:
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
________________________________
Increase of Zoom based phishing attacks over Spring and Summer 2020
Situation
INKY has observed a large increase of Zoom based phishing attacks over Spring and Summer 2020. These phishing attempts use login pages and Zoom meetings links to trick users into inputting credentials.
Problem
The Zoom phishing emails attempt to trick users with spoofed login pages and domains such as zoomcommuncations[.]com and zoomvideoconfrence[.]com. They are also using attachments that when clicked, use a locally stored login page to bypass security measures.
Implication
Attackers are attempting to harvest credentials and use them to further increase their phishing capabilities. In addition, stolen credentials can be used to launch more malicious and severe attacks.
Need
Always check the sender of the email and make sure the URLs are legitimate. Always be wary of attachments, especially Microsoft office attachments. Make sure to enable MFA, as this adds an additional layer of security.
________________________________
Microsoft Releases August 2020 Security Updates
Situation
Microsoft has released August 2020 security updates for various Microsoft software such as:
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge (Chromium-based)
- Microsoft ChakraCore
- Internet Explorer
- Microsoft Scripting Engine
- SQL Server
- Microsoft JET Database Engine
- .NET Framework
- ASP.NET Core
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Windows Codecs Library
- Microsoft Dynamics
Problem
Microsoft has patched multiple vulnerabilities that go up to level critical found in various Microsoft products. Two of these vulnerabilities CVE-2020-1464 a Windows spoofing vulnerability and CVE-2020-1380 a scripting engine memory corruption vulnerability are currently being exploited.
Implication
If an attacker is able to successfully exploit some of these vulnerabilities. Such as ones that allow for remote code execution, privilege escalation, and memory corruption it could allow the attacker to take control of the affected system.
Need
Microsoft recommends updating all affected Microsoft products that are in use. Additional information along with Microsoft's security advisory can be found in the links below.
For a brief overview:
For a more detailed overview:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Aug
________________________________
Apple Releases Security Updates for iCloud for Windows Versions 7.20 and 11.3
Situation
Apple has released security updates to address vulnerabilities in iCloud for Windows 7.20 (for Windows 7 and later) and 11.3 (for Windows 10 and later).
Problem
Apple has patched multiple vulnerabilities in their iCloud for Windows product, that if exploited could allow an attacker to compromise the devices if left unpatched.
Implication
If an attacker is able to successfully exploit some of these vulnerabilities, it could allow them to perform an arbitrary code execution taking control of the affected system.
Need
Apple recommends installing the latest updates for iCloud on the Windows operating system to protect against these vulnerabilities. Patch notes and additional information can be found in the links below.
For a brief overview:
For a more detailed overview:
https://support.apple.com/en-us/HT211295
For a more detailed overview:
https://support.apple.com/en-us/HT211294
________________________________
Phishing Emails Currently Being Used to Deploy KONNI Malware
Situation
The Cybersecurity and Infrastructure Security Agency (CISA) has observed malicious actors using phishing emails containing a Microsoft Word document with malicious Visual Basic Application (VBA) code to deploy the KONNI malware.
Problem
Once the Microsoft Word document has been opened the VBA code is ran and the KONNI malware is installed. KONNI malware is a remote administration trojan (RAT) which is used by malicious actors to exfiltrate files, capture keystrokes, take screenshots, download and execute other files.
Implication
If a malicious actor is able to trick a user into opening the tainted Word document it can allow them to take control of the affected system, steal sensitive data, and install additional malware.
Need
Users and administrators should exercise caution when opening email attachments, even if the attachment appears to be from a known sender. Additional information regarding the KONNI malware as well as ways to mitigate these types of attacks can be found in the link below.
For a brief overview: