Please see Security Advisories for the week ending February 18, 2021
CISA Insights Released on Foreign Influence Operations Targeting Critical Infrastructure
NSA Releases Best Practices for Selecting Cisco Password Types
Drupal Releases Security Updates
Cisco Has Released Security Updates for Their Email Security Appliance
Mozilla Releases Security Update for Thunderbird
Russian State-Sponsored Actors Target Cleared Defense Contractor Networks
VMware Releases Security Updates for Multiple Products
Google Releases Security Updates for Chrome
CISA Adds 9 Known Exploited Vulnerabilities to its Catalog
Apple Releases Security Updates for Multiple Products
_______________________________
CISA Insights Released on Foreign Influence Operations Targeting Critical Infrastructure
Situation
CISA has released a CISA Insight paper on preparing for and mitigating foreign influence operations targeting critical infrastructure, which provides proactive steps organizations can take to assess and mitigate risks from information manipulation.
Problem
This CISA Insights paper is to inform critical infrastructure owners and operators of the risks of influence operations using social media and online platforms. Malicious actors may use tactics such as misinformation, disinformation, and malinformation to shape public opinion, undermine trust, and amplify division. Which can impact critical functions and services across multiple sectors. Attackers may also use hacking and other malicious cyber activities as part of their influence operations.
Implication
Malicious actors that successfully perform a information manipulation campaign can cause impacts to critical infrastructures, services and public perception.
Need
The CISA encourages leaders at all organizations to review the CISA Insights paper and follow the guidance to assess risk and increase resilience from information manipulation attacks.
CISA Insights Paper:
________________________________
NSA Releases Best Practices for Selecting Cisco Password Types
Situation
The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet with guidance on securing Cisco network infrastructure devices and credentials.
Problem
The CSI reviews Cisco’s password type options, the difficulty to crack each password type, and its vulnerability severity and provides recommendations for use. They recommend that Type 8 passwords be enabled and used for all Cisco devices running software developed after 2013. Devices running software from before 2013 should be immediately updated.
Implication
Credentials within Cisco configuration files could be at risk of compromise if strong password types are not used, allowing an attacker to gain access to that system.
Need
The CISA encourages administrators to review NSA’s Cisco Password Types: Best Practices information sheet for recommendations on securing sensitive credentials.
NSA Cisco Password Types Press Release:
Cisco Password Types Best Practices:
________________________________
Drupal Releases Security Updates
Situation
Drupal has released security updates to address two vulnerabilities (CVE-2022-25270 and CVE-2022-25271) found in Drupal 7, 9.2, and 9.3.
Problem
The first (CVE-2022-25270) of the two vulnerabilities that have been patched by Drupal is a improper input validation found in certain contributed or custom modules’ forms. This could allow an attacker to inject disallowed values or overwrite data. The second (CVE-2022-25271) vulnerability is an information disclosure vulnerability found in the Quick Edit module. Where Quick Edit module does not properly check entity access in some circumstances allowing users with the “access in-place editing” permission when viewing some content.
Implication
An attacker that is able to successfully exploit one of these vulnerabilities to take control of an affected system.
Need
The CISA encourages users and administrators to review the two Drupal security advisories apply the necessary updates.
Drupal SA-CORE-2022-003:
https://www.drupal.org/sa-core-2022-003
Drupal SA-CORE-2022-004:
https://www.drupal.org/sa-core-2022-004
________________________________
Cisco Has Released Security Updates for Their Email Security Appliance
Situation
Cisco has released security updates to address a vulnerability found in Cisco’s Email Security Appliance.
Problem
This vulnerability (CVE-2022-20653) is in the DNS-based Authentication of Named Entities (DANE) email verification component and is caused by insufficient error handling in DNS name resolution. The vulnerability can allow a remote attacker to perform a denial of service on the affected system.
Implication
If a remote attacker is able to successfully exploit this vulnerability it can allow them to perform a denial of service on the affected system.
Need
The CISA encourages users and administrators to review Cisco’s security advisory and apply the necessary updates or workarounds.
For a brief overview:
Cisco Security Advisory:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU
________________________________
Mozilla Releases Security Update for Thunderbird
Situation
Mozilla has released security updates for Thunderbird 91.6.1 releases.
Problem
Mozilla has released fixes that addressed vulnerabilities such as Privilege escalation to system via maintenance service and other vulnerability’s
Implication
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review the Mozilla security advisory for Thunderbird 91.6.1 and make the necessary update.
For a brief overview:
For a more technical overview:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/
________________________________
Russian State-Sponsored Actors Target Cleared Defense Contractor Networks
Situation
CISA, FBI, and the NSA have released a joint security advisory on Russian activity targeting US cleared defense contractors.
Problem
State sponsored Russian activity is targeting sectors that include:
- Command, control, communications, and combat systems
- Intelligence, surveillance, reconnaissance, and targeting
- Weapons and missile development
- Vehicle and aircraft design
- Software development, data analytics, computers, and logistics
Implication
Techniques used include brute force, spearphishing, exploiting common vulnerabilities, and more.
Need
It is recommended to check for unusual activity and perform the proper mitigation techniques.
For a brief overview:
https://www.cisa.gov/uscert/ncas/alerts/aa22-047a
________________________________
VMware Releases Security Updates for Multiple Products
Situation
VMware has released security updates to address vulnerabilities in multiple products including ESXi, Workstation Pro, Fusion Pro, Cloud Foundation, and NSX Data Center for vSphere.
Problem
Vulnerabilities found include use after free, double-fetch, unauthorized access, denial of service, and more.
Implication
Attackers can exploit these to take over an affected system,
Need
Apply the necessary patches for the above products.
For more detailed information:
VSMA-2022-0004 https://www.vmware.com/security/advisories/VMSA-2022-0004.html
VSMA-2022-0005 https://www.vmware.com/security/advisories/VMSA-2022-0005.html
________________________________
Google Releases Security Updates for Chrome
Situation
Google has released Chrome versions 98.0.4758.102 for Windows, Mac and Linux.
Implication
These versions address vulnerabilities that an attacker could exploit to take control of an affected system.
Need
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.
For a brief overview:
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/15/google-releases-security-updates-chrome
For a more technical overview:
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
________________________________
CISA Adds 9 Known Exploited Vulnerabilities to its Catalog
Situation
The Cybersecurity and Infrastructure Security Agency (CISA) has added 9 vulnerabilities to its known exploited vulnerabilities catalog, based on evidence of threat actors actively exploiting these vulnerabilities. This type of vulnerability is frequently used as a attack vector for malicious cyber actors of all types and pose significant risk if left unpatched.
Problem
The vulnerabilities that were added to this report are:
- Adobe Commerce and Magento Open Source Improper Input validations
- Google Chrome Use-after-free
- Internet explorer type confusion
- VBscript engine out of bounds write
- WinRAR Absolute Path Traversal
- Adobe Flash Player use-after-free
- PHP Unit Command injection
- MS Word Memory Corruption
- MS Graphics component memory Corruption vulnerabilities.
Implication
Failure to implement timely remediation of these cataloged vulnerabilities could leave an organizations exposed to potential cyberattacks.
Need
The CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice.
For a brief overview:
CISA Vulnerabilities Catalog:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
________________________________
Apple Releases Security Updates for Multiple Products
Situation
Apple has released security updates to address vulnerabilities in multiple products.
Implication
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.
Below are links to each product update page, respectively:
For a brief overview: