- Fortinet Releases Security Updates for FortiOS and FortiProxy
- Mozilla Releases Security Updates for Multiple Products
- CISA Adds One Known Exploited Vulnerability to Catalog
- CISA and FBI Release #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability
- CISA and Partners Release Joint Guide to Securing Remote Access Software
Fortinet Releases Security Updates for FortiOS and FortiProxy
Situation:
Fortinet has released security updates to address a heap-based buffer overflow vulnerability CVE-2023-27997 in FortiOS and FortiProxy.
Problem:
A remote attacker will be able to execute arbitrary code or commands via specifically crafted requests in FortiOS and FortiProxy SSL-VPN.
Implication:
Attackers will be able to execute code and do malicious things over devices and networks if the heap-based buffer overflow vulnerability is not addressed.
Need:
We encourage users and administrators to review the Fortinet security advisory FG-IR-23-097 and apply the necessary updates. If you are unable to do this right away, disable the SSL-VPN as a workaround.
Additional Resources:
Fortinet Security Advisory: (Link)
CISA Fortinet Advisory: (Link )
Mozilla Releases Security Updates for Multiple Products
Situation:
Mozilla has released security updates to address vulnerabilities for Firefox 114 and Firefox ESR 102.12
Problem:
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays.
Implication:
An attacker could exploit these vulnerabilities to take control of an affected system.
Need:
We encourage users and administrators to review Mozilla’s security advisories for Firefox 114 and Firefox ESR 102.12 for more information and apply the necessary updates.
Additional Resources:
Security Vulnerabilities fixed in Firefox 114: (Link)
Security Vulnerabilities fixed in Firefox ESR 102.12: (Link)
CISA Adds One Known Exploited Vulnerability to Catalog
Situation:
CISA has added one new vulnerability(CVE-2023-3079 ) to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
Problem:
Type confusion in V8 in Google Chrome(CVE-2023-3079 ) prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Implication:
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Need:
We strongly urge all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice.
Additional Resources:
Binding Operational Directive 22-01: (Link)
CVE-2023-3079 Detail: (Link)
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities: (Link)
CISA and FBI Release #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability
Situation:
CISA and FBI released a joint Cybersecurity Advisory (CSA) CL0P Ransomware Gang Exploits MOVEit Vulnerability in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang.
Problem:
The CL0P Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection vulnerability in Progress Software’s managed file transfer (MFT) solution known as MOVEit Transfer.
Implication:
Company data can be be stolen and encrypted.
Need:
We encourage information technology (IT) network defenders to review the MOVEit Transfer Advisory and implement the recommended mitigations to reduce the risk of compromise.
Additional Resources:
CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability: (Link)
Stop Ransomware: (Link)
CISA and Partners Release Joint Guide to Securing Remote Access Software
Situation:
Today, CISA, Federal Bureau of Investigation (FBI), the National Security Agency (NSA), Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Israel National Cyber Directorate (INCD) released the Guide to Securing Remote Access Software. This new joint guide is the result of a collaborative effort to provide an overview of legitimate uses of remote access software, as well as common exploitations and associated tactics, techniques, and procedures (TTPs), and how to detect and defend against malicious actors abusing this software.
Problem:
This document, the Guide to Securing Remote Access Software, provides organizations with a remote access software overview, including the malicious use of remote access software, detection methods, and recommendations for all organizations.
Implication:
Remote access software provides a proactive and flexible approach for organizations to internally oversee networks, computers, and other devices; however, cyber threat actors increasingly co-opt these tools for access to victim systems.
Need:
We encourage organizations to review this joint guide for recommendations and best practices to implement in alignment with their specific cybersecurity requirements to better detect and defend against exploitation. Additionally, please refer to the additional information below on guidance for MSPs and small- and mid-sized businesses and on malicious use of remote monitoring and management software in using remote software and implementing mitigations.
Additional Resources:
GUIDE TO SECURING REMOTE ACCESS SOFTWARE (Link)
Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses (Link)
Protecting Against Malicious Use of Remote Monitoring and Management Software (Link)