Please see Security Advisories for the week ending April 9, 2021
- Critical Zoom vulnerability triggers remote code execution without user input
- Cisco Releases Security Updates for Multiple Products
- Malicious Cyber Activity Targeting Critical SAP Applications
________________________________
Critical Zoom vulnerability triggers remote code execution without user input
Situation
A zero-day vulnerability in Zoom was found during a Pwn2Own contest for white-hat professionals.
Problem
The researchers from Computest have found a three-bug attack chain that can cause an RCE on a target machine, without any form of user interaction. This attack works on both Windows and Mac. The attack must originate from an accepted external contact or be part of the target’s same organizational account.
Implication
Details are not yet disclosed on the vulnerability as Zoom has not yet patched it.
Need
Currently there is no patch available, and Zoom Security is advising to only accept contact requests from trusted individuals.
________________________________
Cisco Releases Security Updates for Multiple Products
Situation:
Cisco has released updates to address security vulnerabilities in multiple Cisco products.
Problem:
Cisco has discovered critical vulnerabilities in Cisco SD-WAN vManage, RV-series small business routers, Cisco Unified Communications, and Cisco Advanced Malware Protection.
Implication:
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need:
Cybersecurity and Infrastructure Security Agency recommends administrators and end users to review the advisory and install the necessary updates.
For a brief description:
________________________________
Malicious Cyber Activity Targeting Critical SAP Applications
Situation
On April 6, 2021, Onapsis and SAP found threat actor activity targeting outdated/misconfigured SAP systems. They have created a threat report which outlines threat actor methods, specific vulnerabilities, IOCs, and more.
Problem
Impacted organizations could experience threat of sensitive data, financial fraud, disruption of mission-critical business processes, ransomware, and half of all operations.
Implication
The threat report provided by Onapsis and SAP outline the tactics and vulnerabilities used by threat actors to target vulnerable SAP systems. Vulnerabilities seen being exploited include CVE-2020-6287, CVE-2020-6207, CVE-2018-2380, CVE-2016-9563, CVE-2016-3976, CWE-200, CVE-2010-5326, and CWE-307.
Need
If you use SAP products, visit the link below to download the threat report and follow the recommendations.
https://onapsis.com/active-cyberattacks-mission-critical-sap-applications
