Please see Security Advisories for the week ending May 20, 2022
-Apple Releases Security Updates for Multiple Products
-Apache Releases Security Advisory for Tomcat
-Threat Actors Exploiting F5 BIG IP CVE-2022-1388
-CISA Releases Analysis of FY21 Risk and Vulnerability Assessments
_______________________________
Apple Releases Security Updates for Multiple Products
Situation
Apple has released security updates to address vulnerabilities found in macOS, iOS and iPadOS.
Problem
Several Apple products contain multiple vulnerabilities. With the most notable being CVE-2022-22675, which has been seen actively being exploited in the wild.
Implication
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need
The CISA encourages users and administrators to review the Apple security page and apply the necessary updates.
CISA Bulletin:
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/17/apple-releases-security-updates-multiple-products
Apple Security Page:
https://support.apple.com/en-us/HT201222
________________________________
Apache Releases Security Advisory for Tomcat
Situation
The Apache Software Foundation has released a security advisory for Tomcat.
Problem
Current versions of Tomcat contain a vulnerability.
Affected Versions:
– Apache Tomcat 9.0.0.M1 to 9.0.20
– Apache Tomcat 8.5.0 to 8.5.75
Implication
An attacker could exploit this vulnerability to obtain sensitive information.
Need
CISA encourages users and administrators to review Apache’s security advisory and apply the necessary updates.
Users of the affected versions should apply one of the following mitigations:
– Upgrade to Apache Tomcat 9.0.21 or later
– Upgrade to Apache Tomcat 8.5.76 or later
Additional Resources:
Tomcat Security Advisory:
https://lists.apache.org/thread/qzkqh2819x6zsmj7vwdf14ng2fdgckw7
Link to CISA Announcement:
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/16/apache-releases-security-advisory-tomcat
________________________________
Threat Actors Exploiting F5 BIG IP CVE-2022-1388
Situation
CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released the joint Cybersecurity Advisory Threat Actors Exploiting F5 BIG-IP CVE-2022-1388
Problem
CISA has evidence of active exploitation of CVE-2022-1388, which affects F5 Networks BIG-IP devices.
Implication
The vulnerability allows an unauthenticated actor to gain control of affected systems via the management port or self-IP addresses.
Need
CISA encourages users and administrators to review the joint advisory for detection methods and mitigations, which include updating F5 BIG-IP software, or, if unable to immediately update, applying temporary workarounds.
Additional Resources:
Joint Cybersecurity Advisory:
http://www.cisa.gov/uscert/ncas/alerts/aa22-138a
CISA Bulletin:
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/18/threat-actors-exploiting-f5-big-ip-cve-2022-1388
________________________________
CISA Releases Analysis of FY21 Risk and Vulnerability Assessments
Situation
CISA has released an analysis and infographic detailing the findings from the 112 Risk and Vulnerability Assessments (RVAs) conducted across multiple sectors in Fiscal Year 2021 (FY21).
Problem
The analysis details a sample attack path comprising 11 successive tactics, or steps, a cyber threat actor could take to compromise an organization with weaknesses that are representative of those CISA observed in FY21 RVAs. The infographic highlights the three most successful techniques for each tactic that the RVAs documented. Both the analysis and the infographic map threat actor behavior to the MITRE ATT&CK® framework.
Implication
Threat actors already make use of these attack tactics and techniques to exploit vulnerable systems and networks.
Need
CISA encourages network defenders to review the analysis and infographic and apply the recommended mitigations to protect against the observed tactics and techniques.
Additional Resources:
Link to CISA Analysis:
https://www.cisa.gov/cyber-assessments
For information on CISA RVAs and additional services, Visit the CISA Cyber Resource Hub:
https://www.cisa.gov/cyber-resource-hub
________________________________