News for October 7, 2022


CISA Released 20 Most Exploited Vulnerabilities by Foreign Attackers
by Artie Kaye

The information relates to vulnerabilities that CISA, NSA, and the FBI have tracked being targeted by Chinese attackers since 2020.  All of the flaws have been addressed by their respective companies.  The list of the threats is below.  Please follow up with the CISA link for more detailed information.

VendorCVEVulnerability Type
Apache Log4jCVE-2021-44228Remote Code Execution
Pulse Connect SecureCVE-2019-11510Arbitrary File Read
GitLab CE/EECVE-2021-22205Remote Code Execution
AtlassianCVE-2022-26134Remote Code Execution
Microsoft ExchangeCVE-2021-26855Remote Code Execution
F5 Big-IPCVE-2020-5902Remote Code Execution
VMware vCenter ServerCVE-2021-22005Arbitrary File Upload
Citrix ADCCVE-2019-19781Path Traversal
Cisco HyperflexCVE-2021-1497Command Line Execution
Buffalo WSRCVE-2021-20090Relative Path Traversal
Atlassian Confluence Server and Data CenterCVE-2021-26084Remote Code Execution
Hikvision WebserverCVE-2021-36260Command Injection
Sitecore XPCVE-2021-42237Remote Code Execution
F5 Big-IPCVE-2022-1388Remote Code Execution
ApacheCVE-2022-24112Authentication Bypass by Spoofing
ZOHOCVE-2021-40539Remote Code Execution
MicrosoftCVE-2021-26857Remote Code Execution
MicrosoftCVE-2021-26858Remote Code Execution
MicrosoftCVE-2021-27065Remote Code Execution
Apache HTTP ServerCVE-2021-41773Path Traversal
Data from cisa.gov

https://www.cisa.gov/uscert/ncas/alerts/aa22-279a

https://www.securityweek.com/organizations-urged-patch-vulnerabilities-commonly-targeted-chinese-cyberspies

https://www.bleepingcomputer.com/news/security/us-govt-shares-top-flaws-exploited-by-chinese-hackers-since-2020/

Meta Discovered Password Stealing Phone Apps
by Artie Kaye

Apps were found on both iOS and Google Play stores that would harvest data entered into the device.  They ranged from photo apps to utilities to games and VPN’s.  Meta has reached out to Google and Apple regarding the malware on their stores.  The apps would request the user to log into their Facebook accounts, which would then be stolen.  Malicious application developers like to mimic popular apps.  Pay attention to what you install, and if any program is asking for you to login through their interface to an email or social media account, double check the validity of the program.

https://about.fb.com/news/2022/10/protecting-people-from-malicious-account-compromise-apps/

https://www.securityweek.com/meta-warns-password-stealing-phone-apps

https://www.darkreading.com/remote-workforce/meta-flags-malicious-android-ios-apps-affecting-1m-facebook-users

https://thehackernews.com/2022/10/facebook-detects-400-android-and-ios.html

New Microsoft SQL Backdoor Dubbed ‘Maggie’
by Artie Kaye

Structured Query Language, or SQL, is a language useful for handling structured data in a relational database.  Maggie is a form of malware that allows an attacker to use SQL commands on the system it has infected.  This includes accessing or changing files on a system, executing programs, or adding hardcoded accounts to the server.  It also has the capability to redirect TCP requests to specific ports and turn on network functionality that was previously disabled.  One of the ways it is propagated is through brute force attacks.  While it currently has a large infection rate in South East Asia, it has been found in systems across the US and Europe as well.  Having a multi factor authentication can help stymie the brute force attempts.  For greater details on the functionality, please follow the Medium link below.

https://medium.com/@DCSO_CyTec/mssql-meet-maggie-898773df3b01

https://www.computing.co.uk/news/4057661/maggie-malware-hits-microsoft-sql-servers

https://www.securityweek.com/new-maggie-backdoor-targeting-microsoft-sql-servers

Cisco Patches
by Artie Kaye

Cisco has released patches for their Expressway Series and TelePresence VCS products.  The flaws could allow unauthorized remote access or carry out a cross-site request forgery attack.  Please update these products at your soonest convenience.

The flaws are listed as CVE-2022-20814 and CVE-2022-20853.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6

https://www.securityweek.com/cisco-patches-high-severity-vulnerabilities-communications-networking-products

Fortinet Patches
by Artie Kaye

A patch for a vulnerability found in FortiOS and FortiProxy has been released.  The vulnerability could allow an attacker to perform functions as an administrator on the devices.  This is a high severity flaw and it is recommended to update as soon as you are able.

The flaw is listed as CVE-2022-40684.

https://thehackernews.com/2022/10/fortinet-warns-of-new-auth-bypass-flaw.html

https://www.bleepingcomputer.com/news/security/fortinet-warns-admins-to-patch-critical-auth-bypass-bug-immediately/

https://www.darkreading.com/vulnerabilities-threats/patch-now-fortinet-fortigate-and-fortiproxy-contain-critical-vuln