Please see Security Advisories for the week ending November 26, 2021
- VMware Releases Security Updates for vCenter and Cloud Formation
- ISA Releases Capacity Enhancement Guides to Enhance Mobile Device Cybersecurity for Consumers and Organizations
- APT Exploitation of ManageEngine ADSelfService Plus Vulnerability
VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation.
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.
A remote attacker can exploit this vulnerability to obtain access to sensitive information.
CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0027 and apply the necessary updates.
For a brief overview:
For a more technical overview:
CISA has released a guide on improving mobile security.
Mobile security is often overlooked, and threat actors can target mobile devices to extract information.
Attacks may target mobile devices.
- Update platform. Enable automatic operating system updates to enhance privacy/security and fix flaws.
- Update apps. Enable automatic app updates to ensure you are using the most current security technologies.
- Enable device authentication. Set strong login passwords/PINs and use biometric authentication.
- Enable two-factor authentication. Enable two-factor authentication for apps or websites that support it.Use curated app stores. Disable third-party app stores, which can be vectors for the spread of malware.
- Delete unneeded apps. Periodically review and delete apps that are unused or no longer needed.
- Minimize PII in all apps. Limit personally identifiable information (PII) stored in apps.
- Grant least-privilege access to all apps. Set the privileges on your installed apps to minimize access to PII.
- Review location settings. Only allow an app to access your location when the app is in use.
- Disable unneeded network radios (BT, NFC, Wi-Fi, GPS). Every connection is a potential point of attack.
- Avoid public Wi-Fi. Cybercriminals can use public Wi-Fi networks, which are often unsecured, for attacks.
- Install security software. Security software (e.g., mobile threat defense) protects against malware.
- Use only trusted chargers and cables. A malicious charger or PC can load malware onto smartphones that may circumvent protections and take control of them. A phone infected with malware can also pose a threat to external systems such as personal computers.
- Enable lost device function. Configure settings to automatically wipe the device’s data after a certain number of incorrect login attempts (e.g., 10), and enable the option to remotely wipe the device.
- BEWARE OF PHISHING ATTEMPTS
Please review the below links for more information:
The FBI, CISA, and Coast Guard Cyber Command (CGCYBER) have updated the advisory published on September 16, 2021, which details active active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus.
Threat actors are using a suite of tools in this campaign:
- Dropper: a dropper trojan that drops Godzilla webshell on a system
- Godzilla: a Chinese language web shell
- NGLite: a backdoor trojan written in Go
- KdcSponge: a tool that targets undocumented APIs in Microsoft’s implementation of Kerberos for credential exfiltration
Attackers can exploit these vulnerabilities to take over the affected system.