Please see Security Advisories for the week ending January 21, 2022
- Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
- Cisco Releases Security Updates for Multiple Products
- F5 Releases January 2022 Quarterly Security Notification
- Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP
- CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats
- Microsoft Warns of Destructive Malware Targeting Ukrainian Organizations
- Oracle Releases January 2022 Critical Patch Update
_______________________________
Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
Situation
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), the Computer Emergency Response Team New Zealand (CERT NZ), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) are releasing this joint Cybersecurity Advisory (CSA) to provide mitigation guidance on addressing vulnerabilities in Apache’s Log4j software library: CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105.
Problem
Sophisticated cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems.
Implication
Failure to heed the guidelines in the advisory could leave one vulnerable to these exploits.
Need
CISA, in collaboration with industry members of CISA’s Joint Cyber Defense Collaborative (JCDC), previously published guidance on Log4Shell for vendors and affected organizations in which CISA recommended that affected organizations immediately apply appropriate patches (or apply workarounds if unable to upgrade), conduct a security review, and report compromises to CISA or the FBI.
For a brief overview:
https://www.cisa.gov/uscert/ncas/alerts/aa21-356a
________________________________
Cisco Releases Security Updates for Multiple Products
Situation
Cisco has released security updates to address vulnerabilities in multiple Cisco products.
Problem
The advisory contains multiple updates for multiple products, please view the advisory page below for updates relevant to products used in your environment.
Implication
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates.
For a brief overview:
For a more technical overview:
https://tools.cisco.com/security/center/publicationListing.x
________________________________
F5 Releases January 2022 Quarterly Security Notification
Situation
F5 has released its January 2022 Quarterly Security Notification addressing vulnerabilities affecting multiple versions of BIG-IP, BIG-IQ, and NGINX Controller API Management.
Problem
On January 19, 2022, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated security advisory.
· Low CVEs
Implication
A remote attacker could exploit these vulnerabilities to either deny service to, or take control of, an affected system.
Need
CISA encourages users and administrators to review the F5 security advisory and install updated software or apply the necessary mitigations as soon as possible.
For a brief overview:
For a more technical overview:
https://support.f5.com/csp/article/K40084114
________________________________
Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP
Situation
Zoho has released a security advisory to address an authentication bypass vulnerability (CVE-2021-44757) in ManageEngine Desktop Central and Desktop Central MSP.
Problem
An authentication bypass vulnerability that can allow a remote user to perform unauthorized actions in the server.
Implication
An attacker could exploit this vulnerability to take control of an affected system.
Need
CISA encourages users and administrators to review the Zoho Vulnerability Notification and the Zoho ManageEngine Desktop Central and ManageEngine Desktop Central MSP security advisories and apply the recommended mitigations immediately.
For a brief overview:
For a more technical overview:
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
________________________________
CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats
Situation
CISA has released a checklist for organizations to go through to protect themselves from malicious cyber activity.
Problem
CISA has released steps on how to reduce likelihood of damaging cyber intrusion, detect potential intrusion, ensure organization is prepared to respond if intrusion occurs, and maximize organization’s resilience to destructive cyber incident.
Implication
Malicious cyber activity is on the rise and organizations should take preventative measures.
Need
Review CISA’s guidelines and checklist.
For a more technical overview:
________________________________
Microsoft Warns of Destructive Malware Targeting Ukrainian Organizations
Situation
Microsoft has released a blog post detailing how Ukrainian organizations are being targeted by Master Boot Record Wiper activity.
Problem
Powering down the victim device will activate the malware which overwrite the MBR, destroying it and the target files.
Implication
A remote attacker could use this malware to destroy the MBR, rendering the device inoperable.
Need
Microsoft recommends checking for the IOCs in your environment, review remote access infrastructure, and enable MFA.
For a more detailed overview:
________________________________
Oracle Releases January 2022 Critical Patch Update
Situation
Oracle has released 497 security patches for Oracle products. These updates address critical vulnerabilities found in multiple Oracle products.
Problem
Oracle has patched a large number of critical vulnerabilities in their major products including Oracle Financial, Oracle Communications, Oracle Database Server, Oracle Java SE, Fusion Middleware, Oracle Secure Backup, and much more.
Implication
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Need
Oracle strongly recommends patching these critical vulnerabilities as soon as possible.
For additional information and a list of vulnerabilities and the products affected please visit the link below.
Oracle Patch Update: