Please see Security Advisories for the week ending July 23, 2021
- Cisco Releases Security Updates in Intersight Virtual Appliance
- Google Releases Security Updates for Chrome
- Malware Targeting Pulse Secure Devices
- Live Phishing Attack Uses New Infection Technique to Deliver Malware
- Oracle Releases July 2021 Critical Patch Update
- Joint CISA-FBI Cybersecurity - Advisory Historical Cyber-Intrusion Campaigns Targeting ICS
- 2021 CWE Top 25 Most Dangerous Software Weaknesses
- Drupal Releases Security Updates
- Adobe Releases Security Updates for Multiple Products
_______________________________
Cisco Releases Security Updates in Intersight Virtual Appliance
Situation
Cisco has released security updates to address multiple vulnerabilities in Intersight Virtual Appliance.
Problem
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. This vulnerability could be exploited by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.
Implication
An attacker could exploit these vulnerabilities to take control of an affected system
Need
CISA encourages users and administrators to review Cisco Advisory cisco-sa-ucsi2-iptaclbp-L8Dzs8m8 and apply the necessary updates.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/07/22/cisco-releases-security-updates
For a more technical overview:
&
https://tools.cisco.com/security/center/publicationListing.x
________________________________
Google Releases Security Updates for Chrome
Situation
Google has discovered and patched several vulnerabilities for its Chrome web browser software.
Problem
Google has identified several security vulnerabilities for its Chrome web browser software that an attacker can exploit to take control of affected systems.
Implication
Failure to patch systems could result in loss of control of affected systems. Possible compromise of system and network integrity.
Need
Google has released Chrome version 92.0.4515.107 for: Windows, Mac and Linux. Please upgrade to latest version to ensure that you are protected.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/google-releases-security-updates-chrome
For a more technical overview:
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
________________________________
Malware Targeting Pulse Secure Devices
Situation
CISA has analyzed 13 malware samples that target Pulse Secure devices.
Problem
Threat actors have been found to target vulnerabilities in Pulse Secure devices to place webshells. Vulnerabilities include use after free, injections, buffer overflows, and more. Once the attacker targets a vulnerability, they are able to setup a webshell for persistence.
Implication
The webshells allow the attacker to bypass authentication, multi-factor authentication, log passwords, and patch the webshells to maintain persistence.
Need
If you are using and Pulse Secure devices, make sure to update to the latest version and run the Pulse Secure Connect Integrity Tool to check for IOCs.
For more information: https://us-cert.cisa.gov/ncas/alerts/aa21-110a
________________________________
Apple Releases Security Updates
Situation
Apple has released security updates for MacOS Big Sur 11.5, Catalina, Mojave, and iPadOS 14.7.
Problem
A large amount of vulnerabilities have been found and patched including injections, arbitrary code execution, privilege escalation, and more.
Implication
Attackers can exploit these vulnerabilities to take over the device.
Need
Update the above Apple products to the latest version.
For more details:
MacOS Big Sur: https://support.apple.com/en-us/HT212602
Catalina: https://support.apple.com/en-us/HT212600
Mojave: https://support.apple.com/en-us/HT212603
iPadOS: https://support.apple.com/en-us/HT212601
________________________________
Live Phishing Attack Uses New Infection Technique to Deliver Malware
Situation
McAfee warns that current phishing campaigns deliver malware using Word documents that do not contain malicious code.
Problem
When a user opens the documents and enables content, the document will download an Excel file that constructs malicious macros to bypass security. The excel file will download the Zloader payload and is executed via rundll32[dot]exe.
Implication
If a user opens a phishing document and clicks on enable macros, the machine will be compromised.
Need
Macros are disable by default but users should be trained to never enable macros unless it comes from a trusted source.
________________________________
Oracle Releases July 2021 Critical Patch Update
Situation
Oracle has released a Critical Patch that addresses 327 vulnerabilities across multiple Oracle products. Products include MySQL, Oracle Java, VirtualBox, Peoplesoft Enterprise, and much more.
Problem
A large amount of vulnerabilities found in Oracle products are being patched. Most of the vulnerabilities are network based, meaning attackers can exploit remotely. There are also a lot of vulnerabilities with low attack complexity and high impact.
Implication
Remote attackers can exploit the vulnerabilities to take control of the affected system.
Need
If you are running any Oracle products, be sure to check and apply the latest security updates.
For a full list of CVEs and the affected products, please see: https://www.oracle.com/security-alerts/cpujul2021.html
________________________________
Joint CISA-FBI Cybersecurity - Advisory Historical Cyber-Intrusion Campaigns Targeting ICS
Situation
The CISA and the FBI have released a joint cybersecurity advisory as well as updates to five alerts and advisories to raise awareness of the risks and to improve the cyber protection of critical infrastructure.
Problem
The joint security advisory address the growing trend of cybersecurity threats posed to industrial control systems (ICS) that control and operate critical infrastructure. The alerts and advisories given contain information on historical cyber intrusion campaigns that have targeted ICSs. With the five updated alerts and advisories being:
- Advisory: AA21-201A: Gas Pipeline Intrusion Campaign, 2011-2013
- Report: JSAR-12-241-01B: Shamoon/DistTrack Malware (Update B)
- Advisory: ICSA-14-178-01: ICS Focused Malware – Havex
- Alert: ICS-ALERT-14-281-01E: Ongoing Sophisticated Malware Campaign Compromising ICS (Update E)
- Alert: IR-ALERT-H-16-056-01: Cyber-Attack Against Ukrainian Critical Infrastructure
- Technical Alert: TA17-163A: CrashOverride Malware
Need
CISA urges critical infrastructure owners and operators to review the publications listed above. As these contain threat actor tactics, techniques, and procedures (TTPs); as well as indicators of compromise and forensic analysis that critical infrastructure owners and operators can use to reduce their organizations’ exposure.
The Joint CISA and FBI cybersecurity advisory can be found in the link below.
Joint CISA-FBI Cybersecurity Advisory
________________________________
2021 CWE Top 25 Most Dangerous Software Weaknesses
Situation
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list.
Problem
The 2021 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses (CWE Top 25) is a demonstrative list of the most common and impactful issues experienced over the previous two calendar years. These weaknesses are dangerous because they are often easy to find, exploit, and can allow adversaries to completely take over a system, steal data, or prevent an application from working. The CWE Top 25 is a valuable community resource that can help developers, testers, and users — as well as project managers, security researchers, and educators — provide insight into the most severe and current security weaknesses.
Implication
An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.
Need
CISA encourages users and administrators to review the Top 25 list and evaluate recommended mitigations to determine those most suitable to adopt.
For a brief overview:
For a more technical overview:
https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html
________________________________
Drupal Releases Security Updates
Situation
Drupal has released security updates to address a critical third party library vulnerability that could affect Drupal 7, 8.9, 9.1, and 9.2.
Problem
The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. The vulnerability is mitigated by the fact that Drupal core's use of the Archive_Tar library is not vulnerable, as it does not permit symlinks. Exploitation may be possible if contrib or custom code uses the library to extract tar archives (for example .tar, .tar.gz, .bz2, or .tlz) which come from a potentially untrusted source.
Implication
An attacker could exploit this vulnerability to take control of an affected system.
Need
CISA encourages users and administrators to review the Drupal security advisory and apply the necessary updates.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/07/22/drupal-releases-security-updates
For a more technical overview:
https://www.drupal.org/sa-core-2021-004
________________________________
Adobe Releases Security Updates for Multiple Products
Situation
Adobe has released security updates to address vulnerabilities in multiple Adobe products.
Problem
The products being updated, and their respective vulnerabilities include: Adobe Photoshop with buffer overflow and input validation vulnerabilities (CWE-121 & CWE-20), Adobe Auditionwith an out-of-bounds read vulnerability (CWE-125), Character Animator with out-of-bounds read and end-of-buffer vulnerabilities (CWE-125 & CWE-788), Prelude with end-of-buffer and input validation vulnerabilities (CWE-20 & CWE-788), Adobe Premiere Pro with a end-of-buffer vulnerability (CWE-788), Adobe After Effects with out-of-bounds read, end-of-buffer, out-of-bounds write, and input validation vulnerabilities (CWE-125, CWE-788, CWE-787, CWE-20), and Adobe Media Encoder with out-of-bounds read, input validation, and end-of-buffer vulnerabilities (CWE-125, CWE-20, CWE-788).
Implication
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
For a brief overview:
For a more technical overview: