Cobalt Strike, a Defender’s Guide

Part I: https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide
Part II: https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2

FBI Releases Indicators of Compromise Associated with LockBit 2.0 Ransomware


https://www.cisa.gov/uscert/ncas/current-activity/2022/02/07/fbi-releases-indicators-compromise-associated-lockbit-20

VMSA-2021-0028.11

CVSSv3 Range: 9.0-10.0
Issue Date: 2021-12-10
Updated On: 2022-02-08

CVE(s): CVE-2021-44228, CVE-2021-45046

Synopsis:
VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

https://www.vmware.com/security/advisories/VMSA-2021-0028.html

Critical Vulnerabilities Affecting SAP Applications Employing Internet Communication Manager (ICM)

https://www.cisa.gov/uscert/ncas/current-activity/2022/02/08/critical-vulnerabilities-affecting-sap-applications-employing

February 2022 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/2022-Feb

Citrix Releases Security Updates for Hypervisor

https://www.cisa.gov/uscert/ncas/current-activity/2022/02/08/citrix-releases-security-updates-hypervisor

Vodafone Portugal hit by a massive cyberattack

Portugal causing severe outages in the country of its communication and television services.

https://securityaffairs.co/wordpress/127799/cyber-crime/vodafone-portugal-massive-cyberattack.html

Vulnerabilidad de ejecución remota de código en Tapo C200 de TP-LINK

Fecha de publicación: 11/02/2022
Importancia: 5 - Crítica

Recursos afectados:
Tapo C200 versión 1.15 y anteriores.

Descripción:
INCIBE ha coordinado la publicación de una vulnerabilidad en TP-Link Tapo C200, con el código interno INCIBE-2021-0601, que ha sido descubierta por Víctor Fresco Perales.

A esta vulnerabilidad se le ha asignado el código CVE-2021-4045. Se ha calculado una puntuación base CVSS v3.1 de 9,8, siendo el cálculo del CVSS el siguiente: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-ejecucion-remota-codigo-tapo-c200-tp-link

VMSA-2021-0028.12

CVSSv3 Range:9.0-10.0
Issue Date:2021-12-10
Updated On:2022-02-10

2021/12/10: Exploitation attempts in the wild of CVE-2021-44228 have been confirmed by VMware.

https://www.vmware.com/security/advisories/VMSA-2021-0028.html

Apple Releases Security Updates for Multiple Products

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Some of these vulnerabilities have been detected in exploits in the wild.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.

Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8)
macOS Monterey 12.2.1
iOS 15.3.1 and iPadOS 15.3.1

https://www.cisa.gov/uscert/ncas/current-activity/2022/02/11/apple-releases-security-updates-multiple-products

pfSense Plus version 22.01 and pfSense CE version 2.6.0 Software are Now Available

https://www.netgate.com/blog/pfsense-plus-software-version-22.01-and-ce-2.6.0-are-now-available

VMSA-2022-0001.2

CVSSv3 Range: 7.7
Issue Date: 2022-01-04
Updated On: 2022-02-14

CVE(s): CVE-2021-22045

Synopsis:
VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)

Impacted Products
VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion
VMware Cloud Foundation

https://www.vmware.com/security/advisories/VMSA-2022-0001.html

VMSA-2022-0004

CVSSv3 Range: 5.3-8.4
Issue Date: 2022-02-15

CVE(s):CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050

Synopsis:
VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050)

Impacted Products
VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Cloud Foundation (Cloud Foundation)

https://www.vmware.com/security/advisories/VMSA-2022-0004.html

VMSA-2022-0005
CVSSv3 Range: 8.8
Issue Date: 2022-02-15
CVE(s): CVE-2022-22945

Synopsis:
VMware NSX Data Center for vSphere update addresses CLI shell injection vulnerability (CVE-2022-22945)

Impacted Products
VMware NSX Data Center for vSphere (NSX-V)

https://www.vmware.com/security/advisories/VMSA-2022-0005.html

Múltiples vulnerabilidades en productos VMware

Fecha de publicación: 16/02/2022
Importancia: 5 - Crítica

Recursos afectados:
ESXi, versiones:
7.0 U3;
7.0 U2;
7.0 U1;
7.0;
6.7;
6.5.
Fusion, versiones 12.x.
Workstation, versiones 16.x.
Cloud Foundation (ESXi), versiones:
4.x;
3.x.
NSX Data Center para vSphere, todas las versiones.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-vmware-24

Múltiples vulnerabilidades en productos de TIBCO

Fecha de publicación: 16/02/2022
Importancia: 5 - Crítica

Recursos afectados:
TIBCO BusinessConnect Container Edition versión 1.1.0 y anteriores;
TIBCO AuditSafe versión 1.1.0 y anteriores.
Componentes Database, Auth Server y Web Server.

Descripción:
TIBCO ha reportado 3 vulnerabilidades: 2 de severidad crítica y 1 de severidad alta por las que un atacante no autenticado con acceso a la red podría ejecutar métodos de la API en el sistema afectado y obtener nombres y contraseñas de los usuarios.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-tibco-4

Drupal Releases Security Updates

Drupal has released security updates to address vulnerabilities affecting Drupal 7, 9.2, and 9.3. An attacker could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Drupal security advisories SA-CORE-2022-003 and SA-CORE-2022-004 and apply the necessary updates.

https://www.cisa.gov/uscert/ncas/current-activity/2022/02/17/drupal-releases-security-updates

Cisco Releases Security Updates for Email Security Appliance

https://www.cisa.gov/uscert/ncas/current-activity/2022/02/17/cisco-releases-security-updates-email-security-appliance

Unsafe client-side session storage leading to authentication bypass / instance takeover via Zabbix Frontend with configured SAML (CVE-2022-23131)

https://support.zabbix.com/plugins/servlet/mobile#issue/ZBX-20350

Wireshark 3.6.2 and 3.4.12 Released

https://www.wireshark.org/news/20220210.html

Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites

https://thehackernews.com/2022/02/critical-flaw-uncovered-in-wordpress.html