Contact

DataEndure | Managed Cybersecurity. It's about time.

Under Attack?
Home > Security Advisories > Security Advisory Roll Up: Week Ending November 25, 2022

Security Advisory Roll Up: Week Ending November 25, 2022

  • Mozilla Releases Security Updates for Multiple Products
  • CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
  • Palo Alto Networks Security Advisory – November 2022
  • Citrix Releases Security Updates for ADC and Gateway
  • VMware Releases Security Updates
  • Microsoft Releases November 2022 Security Updates
  • #StopRansomware: Hive

_______________________________

Mozilla Releases Security Updates for Multiple Products

Situation:
Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox.

Problem:
Multiple vulnerabilities have been found in Thunderbird, Firefox ESR, and Firefox.

Implication:
An attacker could exploit these vulnerabilities to cause user confusion or conduct spoofing attacks.

Need:
We encourage users and administrators to review Mozilla’s security advisories for Thunderbird 102.5Firefox ESR 102.5, and Firefox 107 for mitigations and updates.

Additional Resources:

Advisory link:
https://www.cisa.gov/uscert/ncas/current-activity/2022/11/16/mozilla-releases-security-updates-multiple-products

Thunderbird 102.5 advisory:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/

Firefox ESR 102.5 advisory:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/

Firefox 107 advisory:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/

________________________________

CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

Situation:
CISA and the MS-ISAC have published a joint Cybersecurity Advisory (CSA) regarding Zimbra Collaboration Suite (ZCS), an enterprise cloud-hosted collaboration software and email platform.

Problem:
There is evidence showing the active exploitation of multiple Common Vulnerabilities and Exposures (CVEs) against Zimbra Collaboration Suite (ZCS).

CVEs currently being exploited against ZCS include:

  • CVE-2022-24682
  • CVE-2022-27924
  • CVE-2022-27925 chained with CVE-2022-37042
  • CVE-2022-30333

Implication:
Cyber threat actors are already targeting unpatched ZCS instances in both government and private sector networks.

Need:
We encourage organizations who did not immediately update their ZCS instances.  We recommend applying the guidance in the Recommendations section of the CSA.

We encourage organizations who did not immediately update their ZCS instances upon patch release, or whose ZCS instances were exposed to the internet, to assume compromise and hunt for malicious activity using the third-party detection signatures in the Detection Methods section of the CSA.

Additional Resources:

CISA Bulletin:
Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite | CISA

________________________________

Palo Alto Networks Security Advisory – November 2022

Situation:
Palo Alto has released new security updates for multiple products.

Problem:
Current versions of Palo Alto Products contain vulnerabilities.

Implication:
An attacker could exploit one of these vulnerabilities to take control of an affected system.

Need:
We encourage users and administrators to review the Palo Alto Networks Security Advisories and apply the necessary updates.

Additional Resources:

Palo Alto Networks Security Advisories:
Palo Alto Networks Security Advisories

CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine:
CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine (paloaltonetworks.com)

PAN-SA-2022-0006 Impact of OpenSSL 3.0 Vulnerabilities CVE-2022-3786 and CVE-2022-3602:
PAN-SA-2022-0006 Impact of OpenSSL 3.0 Vulnerabilities CVE-2022-3786 and CVE-2022-3602 (paloaltonetworks.com)

CVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889:
CVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889 (paloaltonetworks.com)

________________________________

Citrix Releases Security Updates for ADC and Gateway

Situation:
Citrix has released security updates.

Problem:
Current Citrix versions contain vulnerabilities.

Implication:
A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

Need:
We encourage users and administrators to review Citrix Security Updates CTX463706 and apply the necessary updates

Additional Resources:

Citrix Releases Security Updates for ADC and Gateway:
Citrix Releases Security Updates for ADC and Gateway | CISA

Citrix Bulletin:
Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516

________________________________

VMware Releases Security Updates

Situation: 
VMware has released security updates to address multiple vulnerabilities in VMware Workspace ONE Assist.

Problem:
VMware Workspace ONE Assist contains an Authentication Bypass vulnerability.

Implication:
A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

Need:
We encourage users and administrators to review VMware Security Advisory VMSA-2022-0028 and apply the necessary updates.

Additional Resources:

CISA Link:
https://www.cisa.gov/uscert/ncas/current-activity/2022/11/09/vmware-releases-security-updates

VMware Link:
https://www.vmware.com/security/advisories/VMSA-2022-0028.html

________________________________

Microsoft Releases November 2022 Security Updates

Situation:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software.

Problem:
Current Microsoft products and software contain vulnerabilities that can be exploited.

Implication:
An attacker can exploit some of these vulnerabilities to take control of an affected system

Need:
DataEndure encourages users and administrators to review Microsoft’s November 2022 Security Update Guide and Deployment Information and apply the necessary updates
Additional Resources:

CISA Bulletin:
Microsoft Releases November 2022 Security Updates | CISA

November 2022 Microsoft Security Update Guide:
November 2022 Security Updates – Release Notes – Security Update Guide – Microsoft

November 2022 Microsoft Deployment Security Update Guide:
Deployments – Security Update Guide – Microsoft

________________________________

#StopRansomware: Hive

Situation:
CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released joint Cybersecurity Advisory (CSA) #StopRansomware: Hive Ransomware

Problem:
Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and—especially—Healthcare and Public Health (HPH).

Hive actors have also gained initial access to victim networks by distributing phishing emails with malicious attachments [T1566.001] and by exploiting the following vulnerabilities against Microsoft Exchange servers [T1190]:

  • CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability
  • CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-34523 – Microsoft Exchange Server Privilege Escalation Vulnerability

Implication:
As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, receiving approximately US$100 million in ransom payments, according to FBI information. Hive ransomware follows the ransomware-as-a-service (RaaS) model in which developers create, maintain, and update the malware, and affiliates conduct the ransomware attacks. From June 2021 through at least November 2022, threat actors have used Hive ransomware to target a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).

Need:
We encourage you to review the CSA and to apply the included mitigations. See StopRansomware.gov for additional guidance on ransomware protection, detection, and response.

Additional Resources:

CISA Security Advisory:
https://www.cisa.gov/uscert/ncas/current-activity/2022/11/17/stopransomware-hive

Cybersecurity Alert:
https://www.cisa.gov/uscert/ncas/alerts/aa22-321a

CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2021-31207

CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2021-34473

CVE-2021-34523 – Microsoft Exchange Server Privilege Escalation Vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2021-34523

stopransomware.gov:
https://www.cisa.gov/stopransomware

NEW BLOG:Seeing the Bigger Picture: Achieving Digital Resilience
+ +