CISA Released 20 Most Exploited Vulnerabilities by Foreign Attackers
by Artie Kaye
The information relates to vulnerabilities that CISA, NSA, and the FBI have tracked being targeted by Chinese attackers since 2020. All of the flaws have been addressed by their respective companies. The list of the threats is below. Please follow up with the CISA link for more detailed information.
Vendor | CVE | Vulnerability Type |
---|---|---|
Apache Log4j | CVE-2021-44228 | Remote Code Execution |
Pulse Connect Secure | CVE-2019-11510 | Arbitrary File Read |
GitLab CE/EE | CVE-2021-22205 | Remote Code Execution |
Atlassian | CVE-2022-26134 | Remote Code Execution |
Microsoft Exchange | CVE-2021-26855 | Remote Code Execution |
F5 Big-IP | CVE-2020-5902 | Remote Code Execution |
VMware vCenter Server | CVE-2021-22005 | Arbitrary File Upload |
Citrix ADC | CVE-2019-19781 | Path Traversal |
Cisco Hyperflex | CVE-2021-1497 | Command Line Execution |
Buffalo WSR | CVE-2021-20090 | Relative Path Traversal |
Atlassian Confluence Server and Data Center | CVE-2021-26084 | Remote Code Execution |
Hikvision Webserver | CVE-2021-36260 | Command Injection |
Sitecore XP | CVE-2021-42237 | Remote Code Execution |
F5 Big-IP | CVE-2022-1388 | Remote Code Execution |
Apache | CVE-2022-24112 | Authentication Bypass by Spoofing |
ZOHO | CVE-2021-40539 | Remote Code Execution |
Microsoft | CVE-2021-26857 | Remote Code Execution |
Microsoft | CVE-2021-26858 | Remote Code Execution |
Microsoft | CVE-2021-27065 | Remote Code Execution |
Apache HTTP Server | CVE-2021-41773 | Path Traversal |
https://www.cisa.gov/uscert/ncas/alerts/aa22-279a
Meta Discovered Password Stealing Phone Apps
by Artie Kaye
Apps were found on both iOS and Google Play stores that would harvest data entered into the device. They ranged from photo apps to utilities to games and VPN’s. Meta has reached out to Google and Apple regarding the malware on their stores. The apps would request the user to log into their Facebook accounts, which would then be stolen. Malicious application developers like to mimic popular apps. Pay attention to what you install, and if any program is asking for you to login through their interface to an email or social media account, double check the validity of the program.
https://about.fb.com/news/2022/10/protecting-people-from-malicious-account-compromise-apps/
https://www.securityweek.com/meta-warns-password-stealing-phone-apps
https://thehackernews.com/2022/10/facebook-detects-400-android-and-ios.html
New Microsoft SQL Backdoor Dubbed ‘Maggie’
by Artie Kaye
Structured Query Language, or SQL, is a language useful for handling structured data in a relational database. Maggie is a form of malware that allows an attacker to use SQL commands on the system it has infected. This includes accessing or changing files on a system, executing programs, or adding hardcoded accounts to the server. It also has the capability to redirect TCP requests to specific ports and turn on network functionality that was previously disabled. One of the ways it is propagated is through brute force attacks. While it currently has a large infection rate in South East Asia, it has been found in systems across the US and Europe as well. Having a multi factor authentication can help stymie the brute force attempts. For greater details on the functionality, please follow the Medium link below.
https://medium.com/@DCSO_CyTec/mssql-meet-maggie-898773df3b01
https://www.computing.co.uk/news/4057661/maggie-malware-hits-microsoft-sql-servers
https://www.securityweek.com/new-maggie-backdoor-targeting-microsoft-sql-servers
Cisco Patches
by Artie Kaye
Cisco has released patches for their Expressway Series and TelePresence VCS products. The flaws could allow unauthorized remote access or carry out a cross-site request forgery attack. Please update these products at your soonest convenience.
The flaws are listed as CVE-2022-20814 and CVE-2022-20853.
Fortinet Patches
by Artie Kaye
A patch for a vulnerability found in FortiOS and FortiProxy has been released. The vulnerability could allow an attacker to perform functions as an administrator on the devices. This is a high severity flaw and it is recommended to update as soon as you are able.
The flaw is listed as CVE-2022-40684.
https://thehackernews.com/2022/10/fortinet-warns-of-new-auth-bypass-flaw.html