- Orca Security Publishes Details for Critical Azure Synapse Vulnerability
- Cisco Releases Security Updates for Multiple Products
- OpenSSL Releases Security Update
- Google Releases Security Update for Chrome
- #StopRansomware: MedusaLocker
- Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
- CISA Releases Guidance on Switching to Modern Auth in Exchange Online before October 1
_______________________________
Orca Security Publishes Details for Critical Azure Synapse Vulnerability
Situation:
Orca Security describes the technical details of SynLapse, a critical Synapse Analytics vulnerability in Azure that allowed attackers to bypass tenant separation.
Problem:
Allowed an attacker to perform remote command execution across Azure Data Factory Integration Runtime infrastructure.
Implication:
Attackers are able to exploit this Synapse Analytics vulnerability credentials to obtain other Synapse accounts, allowing attackers to control organizations’ workspaces, execute code on targeted customer machines and leak credentials to data sources external to Azure.
Need:
Orca Security is issuing this security advisory for CVE-2022-29972 to address hazards in the use of the Microsoft Azure Synapse service.
Additional Resources:
SynLapse:
https://www.infoq.com/news/2022/06/synlapse-security-azure/
Azure Synapse Analytics:
https://azure.microsoft.com/en-us/services/synapse-analytics/
________________________________
Cisco Releases Security Updates for Multiple Products
Situation:
Cisco has released security updates to address vulnerabilities in multiple Cisco products
Problem:
An attacker could exploit some of these vulnerabilities.
Implication:
Exploiting these vulnerabilities could give the attacker control over the affected systems.
Need:
CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:
- Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
- Cisco Smart Software Manager On-Prem Denial of Service Vulnerability
Additional Resources:
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH
Cisco Smart Software Manager On-Prem Denial of Service Vulnerability:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-privesc-tP6uNZOS
Cisco Security Advisories page:
https://tools.cisco.com/security/center/publicationListing.x
For a brief overview:
https://www.cisa.gov/uscert/ncas/current-activity/2022/07/07/cisco-releases-security-updates-multiple-products
________________________________
OpenSSL Releases Security Update
Situation:
OpenSSL has released a security update to address a vulnerability.
Problem:
The vulnerability affects OpenSSL 3.0.4, which introduced a serious bug in the RSA implementation.
Implication:
An attacker could exploit this vulnerability to take control of an affected system.
Need:
We encourage organizations to review the OpenSSL advisory and upgrade to the appropriate version.
Additional Resources:
CISA Bulletin: OpenSSL Releases Security Update:
https://www.cisa.gov/uscert/ncas/current-activity/2022/07/06/openssl-releases-security-update
OpenSSL advisory :
https://www.openssl.org/news/secadv/20220705.txt
________________________________
Google Releases Security Update for Chrome
Situation:
Google has released Chrome Version 102.0.5060.114 for Windows.
Problem:
There are vulnerabilities from the last Chrome Version that include buffer overflow in WebRTC, Type Confusion in V8, and use after free in Chrome OS Shell
Implication:
This version addresses the vulnerabilities from above that an attacker could exploit to take control of an affected system.
Need:
This will apply security fixes and bugs associated with the vulnerabilities presented in the last Chrome release for Windows.
Additional Resources:
Google Releases Security Update for Chrome:
https://www.cisa.gov/uscert/ncas/current-activity/2022/07/05/google-releases-security-update-chrome
Stable Channel Update for Desktop:
https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html
________________________________
Situation:
CISA, the Federal Bureau of Investigation (FBI), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA), to provide information on MedusaLocker ransomware.
Problem:
MedusaLocker actors target vulnerabilities in Remote Desktop Protocol (RDP).
Implication:
An attacker could exploit these vulnerabilities in Remote Desktop Protocol (RDP) to take control of an affected system.
Need:
We encourage organizations to examine their current cybersecurity posture and apply the recommended mitigations in this joint Cybersecurity Advisory (CSA), which include:
- Prioritize remediating known exploited vulnerabilities.
- Train users to recognize and report phishing attempts.
- Enable and enforce multifactor authentication.
Additional Resources:
CISA Bulletin: #StopRansomware: MedusaLocker:
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/30/stopransomware-medusalocker
#StopRansomware: MedusaLocker:
https://www.cisa.gov/uscert/ncas/alerts/aa22-181a
KNOWN EXPLOITED VULNERABILITIES CATALOG:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
________________________________
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Situation:
Mozilla has released security updates to address vulnerabilities.
Problem:
Vulnerabilities have been found in Mozilla Firefox, Firefox ESR, and Thunderbird.
Implication:
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need:
We encourage users and administrators to review the Mozilla security advisories for Firefox 102, Firefox ESR 91.11, and Thunderbird 91.11 and 102 and apply the necessary updates.
Additional Resources:
CISA Bulletin: Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/29/mozilla-releases-security-updates-firefox-firefox-esr-and
Mozilla Foundation Security Advisory 2022-24 (Firefox):
https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/
Mozilla Foundation Security Advisory 2022-25 (Firefox ESR):
https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/
Mozilla Foundation Security Advisory 2022-26 (Thunderbird):
https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/
________________________________
CISA Releases Guidance on Switching to Modern Auth in Exchange Online before October 1
Situation:
CISA has released guidance on switching from Basic Authentication (“Basic Auth”) in Microsoft Exchange Online to Modern Authentication (“Modern Auth”) before Microsoft begins permanently disabling Basic Authentication (“Basic Auth”) on October 1, 2022.
Problem:
Basic Authentication (“Basic Auth”) is a legacy authentication method that does not support multifactor authentication (MFA).
Implication:
An attacker could exploit this vulnerability to take control of an affected system.
Need:
We recommend all organizations review “Switch to Modern Authentication in Exchange Online Before Basic Authentication Deprecation” and prioritize moving to Modern Authentication (“Modern Auth”) before the deadline on October 1, 2022.
Additional Resources:
CISA Bulletin:
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/28/cisa-releases-guidance-switching-modern-auth-exchange-online
Switch to Modern Authentication in Exchange Online Before Basic Authentication Deprecation:
https://cisa.gov/sites/default/files/publications/switch-to-modern-authentication-in-exchange-online-062822-508.pdf