- VMware Releases Security Updates for Multiple products
- Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths
- Samba Releases Security Updates
- Apple Releases Security Updates for Multiple Products
- Citrix Releases Security Updates for Citrix ADC, Citrix Gateway
- CISA Updates Advisory on #StopRansomware: Cuba Ransomware
- Mozilla Releases Security Updates for Thunderbird and Firefox
- Fortinet Releases Security Updates for FortiOS
- Aikido Wiper Vulnerability
- Microsoft Releases December 2022 Security Updates
_______________________________
VMware Releases Security Updates for Multiple products
Situation:
VVMware has released security updates to address multiple vulnerabilities in multiple products.
Problem:
the VMware security team has discovered two new vulnerabilities affecting its products:
1. vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.8.
2. VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.
Implication:
A remote attacker could exploit these vulnerabilities to take control of an affected system.
Need:
We encourage users and administrators to review VMware Security Advisories VMSA-2022-0031, VMSA-2022-0033, and apply the necessary updates.
Additional Resources:
VMSA-2022-0031:
www.vmware.com/security/advisories/VMSA-2022-0031.html
VMSA-2022-0033
www.vmware.com/security/advisories/VMSA-2022-0033.html
CISA advisory:
________________________________
Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths
Situation:
Drupal has released security updates to address vulnerabilities affecting H5P and the File (Field) Paths modules for Drupal 7.x.
Problem:
Drupal has discovered two vulnerabilities in two of its modules:
- H5P – Create and Share Rich Content and Applications
- The File (Field) Paths module
Implication:
An attacker could exploit these vulnerabilities to access sensitive information and remotely execute code
Need:
We encourage users and administrators to review Drupal’s security advisories SA-CONTRIB-2022-064 and SA-CONTRIB-2022-065 and apply the necessary update.
Additional Resources:
SA-CONTRIB-2022-064:
https://www.drupal.org/sa-contrib-2022-064
SA-CONTRIB-2022-065:
https://www.drupal.org/sa-contrib-2022-065
Link to CISA advisory:
________________________________
Samba Releases Security Updates
Situation:
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba.
Problem:
The samba team has discovered multiple new vulnerabilities affecting multiple versions of their software.
Implication:
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need:
We encourage users and administrators to review the following Samba security announcements and apply the necessary updates.
Additional Resources:
Link to CISA advisory:
https://www.cisa.gov/uscert/ncas/current-activity/2022/12/16/samba-releases-security-updates
________________________________
Apple Releases Security Updates for Multiple Products
Situation:
Apple has released security updates to address vulnerabilities in multiple products.
Problem:
New Vulnerabilities have been discovered in multiple apple products.
Implication:
An attacker could exploit some of these vulnerabilities to take control of an affected device.
Need:
CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:
- iCloud for Windows 14.1
- Safari 16.2
- macOS Monterey 12.6.2
- macOS Big Sur 11.7.2
- tvOS 16.2
- watchOS 9.2
- iOS 15.7.2 and iPadOS 15.7.2
- iOS 16.2 and iPadOS 16.2
- macOS Ventura 13.1
Additional Resources:
Apple Security Updates:
https://support.apple.com/en-us/HT201222
CISA Advisory:
https://www.cisa.gov/uscert/ncas/current-activity/2022/12/13/apple-releases-security-updates-multiple-products
________________________________
Citrix Releases Security Updates for Citrix ADC, Citrix Gateway
Situation:
Citrix has released security updates to address a critical vulnerability (CVE-2022-27518) in Citrix ADC and Citrix Gateway.
Problem:
A vulnerability has been discovered in Citrix Gateway and Citrix ADC, that, if exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance.
Implication:
The attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild.
Need:
We encourage users and administrators to review Citrix security bulletin CTX457836 and Citrix’s blog post for more information and to apply the necessary updates. Additionally, CISA urges organizations to review NSA’s advisory APT5: Citrix ADC Threat Hunting Guidance for detection and mitigation guidance against tools employed by a malicious actor targeting vulnerable Citrix ADC systems.
Additional Resources:
CTX457836:
Citrix’s blog post:
https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/amp/
APT5: Citrix ADC Threat Hunting Guidance:
https://media.defense.gov/2022/Dec/13/2003131586/-1/-1/0/CSA-APT5-CITRIXADC-V1.PDF
________________________________
CISA Updates Advisory on #StopRansomware: Cuba Ransomware
Situation:
The Federal Bureau of Investigation (FBI) and CISA have updated joint Cybersecurity Advisory AA22-335A: #StopRansomware: Cuba Ransomware. The advisory has been updated to include additional indicators of compromise (IOCs).
Problem:
Since the release of the December 2021 FBI Flash, the number of U.S. entities compromised by Cuba ransomware has doubled, with ransoms demanded and paid on the increase.
This year, Cuba ransomware actors have added to their TTPs, and third-party and open-source reports have identified a possible link between Cuba ransomware actors, RomCom Remote Access Trojan (RAT) actors, and Industrial Spy ransomware actors.
Implication:
Cuba ransomware actors have exploited known vulnerabilities and weaknesses and have used tools to elevate privileges on compromised systems.
Need:
We encourage organizations to review the latest update to AA22-335A and apply the recommended mitigations.
Note:
While this ransomware is known by industry as “Cuba ransomware,” there is no indication Cuba ransomware actors have any connection or affiliation with the Republic of Cuba.
Additional Resources:
AA22-335A: #StopRansomware: Cuba Ransomware:
https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
CISA Advisory:
https://www.cisa.gov/uscert/ncas/current-activity/2022/12/13/cisa-updates-advisory-stopransomware-cuba-ransomware
________________________________
Mozilla Releases Security Updates for Thunderbird and Firefox
Situation:
Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox.
Problem:
There exists multiple exploitable vulnerabilities in earlier versions of Thunderbird and FireFox ESR.
Implication:
An attacker could exploit these vulnerabilities to take control of an affected system.
Need:
We encourage users and administrators to review Mozilla’s security advisories for Thunderbird 102.6, Firefox ESR 102.6, and Firefox 108 for more information and apply the necessary updates.
Additional Resources:
Thunderbird 102.6 Advisory:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/
FireFox ESR 102.6 Advisory:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/
CISA Advisory:
________________________________
Fortinet Releases Security Updates for FortiOS
Situation:
Fortinet has released security updates to address a heap-based buffer overflow vulnerability (CVE-2022-42475) in FortiOS.
Problem:
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Implication:
An attacker could exploit this vulnerability to take control of an affected system.
Need:
We encourage users and administrators to:
- Review Fortinet security advisory FG-IR-22-368.
- Apply the necessary updates.
- Validate systems against the IOCs listed in the advisory.
Additional Resources:
CISA advisory:
FortiGuard Labs PSIRT Advisory FG-IR-22-368:
https://www.fortiguard.com/psirt/FG-IR-22-398
More information on the zero day CVE-2022-42475:
https://sensorstechforum.com/cve-2022-42475-zero-day-fortios-ssl-vpn/
________________________________
Situation:
“Aikido” is a recently published proof-of-concept (POC) showing how anti-malware solutions could be tricked into wiping or permanently deleting harmless files on your PC.
Problem:
Aikido wiper is based on what is called the time-of-check to time-of-use (TOCTOU) vulnerability.
Implication:
Aikido uses TOCTOU to insert an alternate path after the detection of the malware to then lead to the deletion of a legitimate file instead of that malicious one.
Need:
Microsoft has assigned the vulnerability ID “CVE-2022-37971” and has patched the issue in the latest Microsoft Malware Protection Engine version 1.1.19700.2
Additional Resources:
Microsoft Update Guide Link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37971
NIST Link:
https://nvd.nist.gov/vuln/detail/CVE-2022-37971
Neowin Article Link:
________________________________
Microsoft Releases December 2022 Security Updates
Situation:
Microsoft has released December 2022 Security Updates.
Problem:
This update will address multiple vulnerabilities in Microsoft software.
Implication:
An attacker can exploit some of these vulnerabilities to take control of an affected system.
Need:
We encourage users and administrators to review Microsoft’s December 2022 Security Update Guide and Deployment Information and apply the necessary updates.
Additional Resources:
CISA Link:
Microsoft Security Update Guide Link:
https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec
Deployment Information: