Please see Security Advisories for the week ending August 21, 2020
- Security Advisories Released for BIND
- Cisco Releases Security Updates for Multiple Products
- Security Update for Chrome
- North Korean Malicious Cyber Activity
- Actifio Connector Vulnerability
________________________________
Security Advisories Released for BIND
Situation
The Internet Systems Consortium (ISC) has discovered and patched vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND).
Problem
The ISC has identified and patched vulnerabilities affecting multiple versions of BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.
Implication
Failure to patch could result in loss of control of affected systems. Possible compromise of system and network integrity.
Need
The ISC recommends upgrading to the patched release most closely related to your current version of BIND.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2020/08/21/isc-releases-security-advisories-bind
________________________________
Cisco Releases Security Updates for Multiple Products
Situation
Cisco has identified and patched vulnerabilities in multiple products. Some of the vulnerabilities could allow a remote attacker to exploit the vulnerability and take control of the remote system, allowing them to leak sensitive data, deny access, or possibly pivot into the network.
Problem
Cisco has identified vulnerabilities in some of its products that could allow remote attacker to take control of the devices or network. The affected devices are Cisco vWAAS for ENCS 5400-W series and CSP 5000-W, Cisco Smart software manager, and Cisco Video Surveillance 8000 series IP cameras.
Implication
Unpatched systems would leave an exploitable vulnerability that could allow remote attackers to compromise the device or network.
Need
Cisco recommends installing all appropriate updates to patch any known vulnerabilities.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2020/08/20/cisco-releases-security-updates
________________________________
Situation
Chrome has released security updates (84.0.4147.135) for Chrome for Windows, Mac, and Linux.
Problem
This update addresses 1 vulnerability (CVE-2020-6556), which is a heap buffer overflow.
Implication
An attacker that exploits this vulnerability can take control of the affected system.
Need
Please update Chrome to the latest version as soon as possible.
For a brief overview:
https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_18.html
________________________________
North Korean Malicious Cyber Activity
Situation
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified a malware variant known as BLINDINGCAN that is actively being used by North Korean actors.
Problem
CISA and FBI identified a Remote Access Trojan (RAT) malware variant known as BLINDINGCAN. It is being used by the North Korean government. The FBI has high confidence that North Korean actors are using this malware variant in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation. BLINDINGCAN is delivered by malicious Word or PDF documents, primarily targeting US and foreign companies active in the military defense and the aerospace sectors. This campaign utilized compromised infrastructure from multiple countries to host its command and control (C2) infrastructure and distribute implants to a victim's system.
Implication
If a malicious actor is able to trick a user into opening the tainted Word or PDF document it may install the BLINDINGCAN malware. This can allow the attacker to take control of the affected system, steal sensitive data, and install additional malware.
Need
Users and administrators should make sure that their systems and software are up to date, disable macros in all document files, as well as exercising caution when opening email attachments. Users and administrators should also flag activity associated with the malware and report the activity to CISA or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation. Additional information, indicators of compromise, and ways to mitigate these attacks can be found in the links below.
For a brief overview:
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a
For a more detailed overview:
https://www.clearskysec.com/wp-content/uploads/2020/08/Dream-Job-Campaign.pdf
________________________________
Actifio Connector Vulnerability
Situation
Actifio has found a critical software vulnerability within some Connector platforms that could lead to unauthenticated attackers taking control of the affected system. This vulnerability has been assigned a CVSS score of 9.8.
The vulnerable Connectors versions are:
- Linux Connectors - 8.x and older, 9.0.0 - 9.0.4, and 10.0.0
- Solaris Connectors - 8.x and older, 9.0.0 - 9.0.4, and 10.0.0
- HPUX Connectors - 8.x and older, 9.0.0 - 9.0.4, and 10.0.0
Problem
If a Connector has not been configured to lock down connections to trusted Appliances by certificate and/or local firewall rules, a remote attacker could send a specially crafted XML payload and cause the Connector to execute arbitrary privileged commands on the affected system. Additionally, a local user can bypass the certificate checking, even if properly enabled, and potentially use the same XML payload to elevate their privileges. The Windows and AIX versions of the Connector are not vulnerable to this attack. For an attacker to exploit this vulnerability they require either local access to a vulnerable host or network access to port 5106/tcp or 56789/tcp on a host where neither protective firewall rules or certificate validation have been enabled.
Implication
If an attacker is able to successfully exploit this vulnerability it could allow for unauthenticated privileged remote execution of arbitrary commands or local privilege escalation in certain configurations, which could lead to the attacker taking control of the affected system.
Need
Actifio recommends that all customers update to fixed releases as soon as possible. Updating SKY/CDS/CDX appliances and Connectors to version 10.0.1 or CDS and SKY customers may also choose to upgrade to 9.0.6 if 10.0.1 is not desired.
Note that CDS/CDX/SKY appliances must run at the same version as the Connector on the hosts, or higher.
