Please see Security Advisories for the week ending November 19, 2021
- CISA Has Updated the Catalog of Known Exploited Vulnerabilities
- NCSC Releases 2021 Annual Review
- Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities
- VMware Releases Security Update for Tanzu Application Service for VMs
- Apple Releases Security Update for iCloud for Windows 13
- CISA Releases Advisory on Vulnerabilities in Multiple Data Distribution Service Implementations
- VMware Releases Security Advisory For vCenter’s IWA Privilege Escalation Vulnerability
- Palo Alto Networks Release Security Updates for PAN-OS 8.1
_______________________________
CISA Has Updated the Catalog of Known Exploited Vulnerabilities
Situation
CISA maintains a catalog of known exploited vulnerabilities in the cybersecurity wild. The vulnerabilities are multitudinous and cover the full range of software and hardware platforms, and exploitation methods.
Implication
Failing to stay on top of cybersecurity trends could leave one vulnerable to compromise.
Need
It’s strongly recommended that security professionals and personnel review the updated catalog.
To view the catalog:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
________________________________
NCSC Releases 2021 Annual Review
Situation
The United Kingdom (UK) National Cyber Security Centre (NCSC) has released its Annual Review 2021, which focuses on its response to evolving and challenging cyber threats. The publication contains highlights of NCSC’s collaboration with trusted cybersecurity partners, including CISA.
Implication
Failing to stay on top of cybersecurity trends could leave one vulnerable to compromise.
Need
CISA encourages users to review NCSC’s Annual Review 2021 and learn more about their key developments and highlights between September 1, 2020 and August 31, 2021.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/11/18/ncsc-releases-2021-annual-review
For a more technical overview:
https://www.ncsc.gov.uk/collection/ncsc-annual-review-2021
________________________________
Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities
Situation
CISA, the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) have released a joint Cybersecurity Advisory highlighting ongoing malicious cyber activity by an advanced persistent threat (APT) group that FBI, CISA, ACSC, and NCSC assess is associated with the government of Iran.
Problem
FBI and CISA have observed this Iranian government-sponsored APT exploit Fortinet and Microsoft Exchange ProxyShell vulnerabilities to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.
Implication
Joint Cybersecurity Advisory AA21-321A provides observed tactics and techniques, as well as indicators of compromise that FBI, CISA, ACSC, and NCSC assess are likely associated with this Iranian government-sponsored APT activity. FBI, CISA, ACSC, and NCSC urge critical infrastructure organizations to apply the recommendations listed in the advisory to mitigate risk of compromise from Iranian government-sponsored cyber actors.
Need
CISA also recommends reviewing its Iran Cyber Threat Overview and other Iran-related Advisories.
For a brief overview:
For a more technical overview:
________________________________
VMware Releases Security Update for Tanzu Application Service for VMs
Situation
VMware has released security updates for Tanzu Application Service for VMs.
Problem
A vulnerability in Tanzu Application Service allows for an unauthenticated attack.
Implication
Remote attackers can exploit these the vulnerability to perform a DOS attack.
Need
Apply the latest patch for VMware.
For a more technical overview:
https://www.vmware.com/security/advisories/VMSA-2021-0026.html
________________________________
Apple Releases Security Update for iCloud for Windows 13
Situation
Apple has released a security update for iCloud for Windows 13.
Problem
Vulnerabilities include type confusion, memory corruption, arbitrary code execution, and. HSTS bypass
Implication
Attackers can exploit these vulnerabilities to take over the affected system.
Need
Apply the latest patch that can be found in the Windows Store.
For a more technical overview: https://support.apple.com/en-us/HT212953
________________________________
CISA Releases Advisory on Vulnerabilities in Multiple Data Distribution Service Implementations
Situation
CISA has released a public report detailing vulnerabilities found in multiple open-source and proprietary Object Management Group (OMG) Service (DDS) implementations. Affected products include:
- Eclipse CycloneDDS: All versions prior to 0.8.0
- eProsima Fast DDS: All versions prior to 2.4.0 (#2269)
- GurumNetworks GurumDDS: All versions
- Object Computing, Inc. (OCI) OpenDDS: All versions prior to 3.18.1
- Real-Time Innovations (RTI) Connext DDS Professional and Connext DDS Secure: Versions 4.2x to 6.1.0
- RTI Connext DDS Micro: Versions 3.0.0 and later
- TwinOaks Computing CoreDX DDS: All versions prior to 5.9.1
Problem
Vulnerabilities include Write-what-where Condition, Improper Handling of Syntactically Invalid Structure, Network Amplification, Incorrect Calculation of Buffer Size, Heap-based Buffer Overflow, Improper Handling of Length Parameter Inconsistency, Amplification, Stack-based Buffer Overflow.
Implication
Attackers can exploit these vulnerabilities to take over the affected system.
Need
Apply the latest patches for affected products.
For a more technical overview: https://us-cert.cisa.gov/ics/advisories/icsa-21-315-02
________________________________
VMware Releases Security Advisory For vCenter’s IWA Privilege Escalation Vulnerability
Situation
VMware has released a security advisory to address a privilege escalation vulnerability found in vCenter Server and Cloud Foundation. Workarounds are available to remediate this vulnerability in affected VMware products.
Problem
vCenter Server contains a privilege escalation vulnerability (CVE-2021-22048) in the Integrated Windows Authentication (IWA) authentication mechanism. This vulnerability has a severity level of important.
Implication
If an attacker with non-administrative access is able to successfully exploit this vulnerability it could allow them to elevate their privileges to a higher privileged group
Need
A workaround for this vulnerability is to switch to AD over LDAPS authentication or switch to identity provider federation for AD FS (vSphere 7.0 only). Additional information can be found in VMware’s security advisory in the link below.
VMware’s Security Advisory:
https://www.vmware.com/security/advisories/VMSA-2021-0025.html
________________________________
Palo Alto Networks Release Security Updates for PAN-OS 8.1
Situation
Palo Alto Networks has released security updates to address a vulnerability affecting PAN-OS 8.1 firewall configurations with GlobalProtect portal and gateway interfaces.
Problem
Palo Alto Networks has patched a memory corruption vulnerability (CVE-2021-3064) found in Palo Alto Networks GlobalProtect portal and gateway interfaces. The vulnerability affects PAN-OS versions 8.1.16 and earlier. This vulnerability can allow a remote unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root level privileges. This issue is applicable only to PAN-OS firewall configurations with a GlobalProtect portal or gateway enabled.
Implication
If a remote unauthenticated attacker is able to successfully exploit this vulnerability it could allow them to take control of the affected system.
Need
Palo Alto Networks strongly encourages customers to upgrade impacted devices to PAN-OS version 8.1.17 or newer.
Palo Alto Networks Security Advisory: