Please see Security Advisories for the week ending October 29, 2021
- Google Releases Security Updates for Chrome
- GoCD Authentication Vulnerability
- 2021 CWE Most Important Hardware Weaknesses
- NSA-CISA Series on Securing 5G Cloud Infrastructures
- ISC Releases Security Advisory for BIND
- Cisco Releases Security Updates for Multiple Products
- Adobe Releases Security Updates for Multiple Products
- FBI Releases Indicators of Compromise Associated with Ranzy Locker Ransomware
- Apple Releases Security Updates for Multiple Products
- APT Group NOBELIUM Attacks Cloud Services and other Technologies
- Critical RCE Vulnerability in Discourse
- Malware Discovered in NPM Package ua-parser-js
________________________________
Google Releases Security Updates for Chrome
Situation
Google has released Chrome version 95.0.4638.69 for Windows, Mac, and Linux.
Problem
Vulnerabilities include Use after free in Sign-In, Use after free in Garbage Collection, Insufficient data validation in New Tab Page, Insufficient validation of untrusted input in Intents, Type Confusion in V8, Use after free in Web Transport, Inappropriate implementation in V8.
Implication
This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Some of these vulnerabilities have been detected in exploits in the wild.
Need
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/10/29/google-releases-security-updates-chrome
For a more technical overview:
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
________________________________
GoCD Authentication Vulnerability
Situation
GoCD has released a security update to address a critical authentication vulnerability in GoCD versions 20.6.0 through 21.2.0.
Problem
GoCD, written in Java, is a popular CI/CD solution with a large range of users from NGOs to Fortune 500 companies with billions of dollars in revenue. Naturally, this makes it a critical piece of infrastructure and an extremely attractive target for attackers.
Implication
A remote attacker could exploit this vulnerability to obtain sensitive information.
Need
CISA encourages users and administrators to update to GoCD 21.3.0 or apply the necessary workarounds.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/10/29/gocd-authentication-vulnerability
For a more technical overview:
https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover
________________________________
2021 CWE Most Important Hardware Weaknesses
Situation
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses List.
Problem
The vulnerabilities listed are multitudinous, please review the Hardware Weaknesses List for vulnerabilities relevant to one’s environment.
Implication
An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.
Need
CISA encourages users and administrators to review the Hardware Weaknesses List and evaluate recommended mitigations to determine those most suitable to adopt.
For a brief overview:
For a more technical overview:
https://cwe.mitre.org/scoring/lists/2021_CWE_MIHW.html
________________________________
NSA-CISA Series on Securing 5G Cloud Infrastructures
Situation
The National Security Agency (NSA) and CISA have published the first of a four-part series, Security Guidance for 5G Cloud Infrastructures.
Problem
The advancements of 5G will provide the connection for billions of devices and will pave the way for applications that will enable innovation, new markets, and economic growth around the world. However, these developments also introduce significant risks that threaten national security, economic security, and impact other national and global interests. Given these threats, 5G networks will be an attractive target for criminals and foreign adversaries to exploit for valuable information and intelligence.
Implication
Failure to review and consider the recommendations could leave one’s 5G infrastructure vulnerable to lateral movement.
Need
CISA encourages 5G providers, integrators, and network operators to review the guidance and consider the recommendations.
For a brief overview:
For a more technical overview:
________________________________
ISC Releases Security Advisory for BIND
Situation
The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain (BIND).
Problem
Exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.
Implication
A remote attacker could exploit this vulnerability to cause a denial-of-service condition.
Need
CISA encourages users and administrators to review the ISC advisory for CVE-2021-25219 and apply the necessary updates or workaround.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/10/28/isc-releases-security-advisory-bind
For a more technical overview:
https://kb.isc.org/v1/docs/cve-2021-25219
________________________________
Cisco Releases Security Updates for Multiple Products
Situation
Cisco has released security updates to address vulnerabilities in multiple Cisco products.
Problem
The vulnerabilities and products mentioned are multitudinous to mention here, but briefly the types of vulnerabilities include buffer overflow, remote code execution, authentication bypass, denial of service, privilege escalation, ICMP/UDP inspection, and command injection, memory leaks.
Implication
An attacker could exploit some of these vulnerabilities to take control of an affected systems and compromise the internal network depending on the affected devices and exploits.
Need
CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
For a brief overview:
For a more technical overview:
https://tools.cisco.com/security/center/publicationListing.x
________________________________
Adobe Releases Security Updates for Multiple Products
Situation
Adobe has released security updates for multiple products including After Effects, Bridge, Premiere Pro, Animate, Photoshop, and more.
Problem
Vulnerabilities found include access of memory after end of buffer, null pointer dereference, out of bounds read, and more.
Implication
An attacker who can exploit these to take over the affected system.
Need
Apply the latest updates for all Adobe products.
For more information: https://helpx.adobe.com/security.html
________________________________
FBI Releases Indicators of Compromise Associated with Ranzy Locker Ransomware
Situation
The FBI has released a Flash Report for IOCs associated with Ranzy Locker Ransomware. The ransomware has compromised more than 30 US businesses in July 2021 and is targeting construction, manufacturing, government, IT, and transportation sectors.
Problem
The threat actors are bruteforcing RDP credentials and leveraging Microsoft Exchange Server vulnerabilities to compromise victims. They may also set up new accounts on domain controllers, servers, and workstations.
Implication
An attacker who successfully infiltrates a network can encrypt all files.
Need
The FBI recommends:
- Regular, offline/air gapped backups
- Network segmentation
- Updating antivirus, latest patches, etc.
- Audit user accounts with admin privileges
- Disable unused RDP ports and monitor RDP logs
- Disable hyperlinks in received emails
- Use MFA on accounts
For more information and list of IOCs: https://www.ic3.gov/Media/News/2021/211026.pdf
________________________________
Apple Releases Security Updates for Multiple Products
Situation
Apple has released security updates to address vulnerabilities in multiple products including macOS, iOS, iPadOS, watchOS, and tvOS.
Problem
The vulnerabilities found include arbitrary code execution, privilege escalation, use after free, memory corruption, and more. One of these vulnerabilities (CVE-2021-30883) has been seen currently being exploited in the wild.
Implication
A remote attacker who is able to successfully exploit some of these vulnerabilities can allow them to take control of the affected device.
Need
Apple an CISA recommends users and administrators to update all their affected Apple products to the most recent version.
For a brief overview:
Apple security updates:
https://support.apple.com/en-us/HT201222
________________________________
APT Group NOBELIUM Attacks Cloud Services and other Technologies
Situation
Microsoft has released a security blog post regarding the nation-state threat group NOBELIUM attacks on cloud service providers, managed service providers, and other technologies.
Problem
Microsoft has observed NOBELIUM targeting privileged accounts of service providers to move laterally in cloud environments, leveraging the trusted relationships to gain access to downstream customers and enable further attacks or access targeted systems. NOBELIUM has been seen using a diverse toolkit that includes sophisticated malware, password sprays, supply chain attacks, token theft, API abuse, and spear phishing to compromise user accounts and leverage the access of those accounts.
Implication
NOBELIUM can use their diverse malicious toolkit to perform an advanced persistent attack on a given target.
Need
The CISA strongly urges users and administrators to review Microsoft’s NOBELIUM security blog post and apply the necessary mitigations. For additional information please visit the links below.
Brief overview:
Microsoft’s NOBELIUM blog post:
________________________________
Critical RCE Vulnerability in Discourse
Situation
Discourse has released a security advisory to address a critical RCE in Discourse version 2.7.8 and earlier.
Problem
A critical vulnerability has been found that allows an attacker to perform a RCE via a maliciously crafted request.
Implication
An attacker can take over the affected system.
Need
Apply the latest patches or apply the workarounds by blocking requests with a path starting /webhooks/aws.
For more info: https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq
________________________________
Malware Discovered in NPM Package ua-parser-js
Situation
Three versions of the NPM package ua-parser-js was found to contain malicious code in it. The three affected ua-parser-js versions are 0.7.29, 0.8.0, and 1.0.0.
Problem
These affected ua-parser-js versions contain malicious scripts that are able to download and execute malicious files.
Implication
Any device that has this package installed or running should be considered fully compromised.
Need
CISA urges users and administers using compromised ua-parser-js versions 0.7.29, 0.8.0, and 1.0.0 to update to the respective patched versions: 0.7.30, 0.8.1, 1.0.1. Additional information can be found in the links below.
CISA Advisory:
ua-parser-js Advisory: