Please see Security Advisories for the week ending September 3, 2021
- US government warns organizations to immediately patch massively exploited Confluence bug
- Cisco Releases Security Updates for Cisco Enterprise NFVIS
- Google Releases Security Updates for Chrome
- FBI-CISA Advisory on Ransomware Awareness for Holidays and Weekends
- Microsoft warns Azure customers of vulnerability dating back to 2019
_______________________________
US government warns organizations to immediately patch massively exploited Confluence bug
Situation
A recently patched, critical remote code execution (RCE) vulnerability (CVE-2021-26084) found in the Atlassian Confluence server platform and has been seen actively being exploited in the wild.
Problem
Mass scanning and exploit activity have been seen targeting Atlassian Confluence servers vulnerable to CVE-2021-26084 remote code execution. With most of the attackers using the exploit to install the open-source, cross-platform XMRig Monero cryptocurrency miner, though they could also leverage the vulnerability for more damaging attacks.
Implication
If a remote attacker successfully exploits this vulnerability it could to take control of an affected system and install additional malware.
Need
CISA urges all users and administrators today to immediately apply the necessary updates recently issued by Atlassian. Additional information can be found in the links below.
Brief Overview:
Atlassian Security Advisory:
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
Mass Scan Information:
https://twitter.com/bad_packets/status/1433157632370511873?s=20
Threatpost Article:
https://threatpost.com/jenkins-atlassian-confluence-cyberattacks/169249/
________________________________
Cisco Releases Security Updates for Cisco Enterprise NFVIS
Situation
Cisco has released security updates to address a critical vulnerability affecting Cisco Enterprise Network Function Virtualization Infrastructure Software (NFVIS) Release 4.5.1.
Problem
A vulnerability in the TACACS+ authentication, authorization, and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator.
Implication
A remote attacker could exploit this vulnerability to take control of an affected system.
Need
CISA encourages users and administrators to review Cisco advisory cisco-sa-nfvis-g2DMVVh and apply the necessary update.
For a brief overview:
For a more technical overview:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh
________________________________
Google Releases Security Updates for Chrome
Situation
Chrome has a new update that addresses multiple vulnerabilities.
Problem
Vulnerabilities found include use after free, policy bypass, inappropriate implementation, and more.
Implication
Attackers can abuse these vulnerabilities to take over the affected system.
Need
Please update to the latest Chrome version.
For a more technical overview:
https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html
________________________________
FBI-CISA Advisory on Ransomware Awareness for Holidays and Weekends
Situation
FBI and CSI have released an advisory for ransomware awareness for holidays and weekends. The advisory goes over best practices to avoid ransomware and what threat actors’ trends.
Problem
Ransomware is on the rise; from January to July 31, 2021, there was a 62% increase in reporting and 20% increase in loses compared to the same time frame in 2020. Variants seen recently include
- Conti
- PYSA
- LockBit
- RansomEXX/Defray777
- Zeppelin
- Crysis/Dharma/Phobos
Implication
Threat actors are on the rise and have been more successful than before in infecting machines with ransomware.
Need
The FBI and CISA recommends:
- Making backups
- Avoid clicking on suspicious links
- Securing RDP endpoints
- Update OS and software
- Use Strong passwords
- Enable MFA
In addition, they also recommend threat hunting and making an incident response plan.
For a brief overview:
https://us-cert.cisa.gov/ncas/alerts/aa21-243a
________________________________
Microsoft warns Azure customers of vulnerability dating back to 2019
Situation
Microsoft has warned thousands of its Azure cloud computing customers, including many Fortune 500 companies, about a vulnerability that left their data completely exposed for the last two years.
Problem
A flaw in Microsoft’s Azure Cosmos DB database product left more than 3,300 Azure customers open to complete unrestricted access by attackers. The vulnerability was introduced in 2019 when Microsoft added a data visualization feature called Jupyter Notebook to Cosmos DB. The feature was turned on by default for all Cosmos DBs in February 2021.
Implication
This vulnerability could give attackers full read / write / delete access to the data of several thousand Microsoft Azure customers.
Need
This issue was discovered two weeks ago, and Microsoft disabled the vulnerability within 48 hours of Wiz reporting it. However, Microsoft can’t change its customers’ primary access keys, which is why the company emailed Cosmos DB customers to manually change their keys to mitigate exposure.
To view the original overview:
https://www.theverge.com/2021/8/27/22644161/microsoft-azure-database-vulnerabilty-chaosdb