F5 Releases Security Updates

Original release date: August 04, 2022

F5 has released security updates to address vulnerabilities in multiple products. A privileged attacker could exploit some of these vulnerabilities to take control of an affected system.

https://www.cisa.gov/uscert/ncas/current-activity/2022/08/04/f5-releases-security-updates

Large-Scale Phishing Attacks Targeting Microsoft Enterprise Email Services.

Security researchers from ThreatLabz have uncovered a new strain of a large-scale phishing campaign using adversary-in-the-middle (AiTM) techniques along with several evasion tactics.

According to an advisory published by the company on Tuesday, similar AiTM phishing techniques were used in a separate phishing campaign described by Microsoft last month.

Now, ThreatLabz revealed that using intelligence gathered from the Zscaler cloud, it observed an increase in the use of advanced phishing kits in a large-scale campaign in June.

https://www.infosecurity-magazine.com/news/phishing-attacks-microsoft/

https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/

Vulnerability Spotlight: Vulnerabilities in Alyac antivirus program could stop virus scanning, cause code execution.

Update (Aug. 3, 2022): Talos disclosed two new vulnerabilities in the Alyac antivirus software and added their details to this post.

Cisco Talos recently discovered out-of-bounds read and buffer overflow vulnerabilities in ESTsecurity Corp.’s Alyac antivirus software that could cause a denial-of-service condition or arbitrary code execution. Alyac is an antivirus software developed for Microsoft Windows machines.

TALOS-2022-1452 (CVE-2022-21147) is a vulnerability that exists in a specific Alyac module that, eventually, leads to a crash of Alyac’s scanning process, which effectively neutralizes the antivirus scan.

https://blog.talosintelligence.com/2022/05/vuln-spotlight-alyac-est.html

Jenkins security: Unpatched XSS, CSRF bugs included in latest plugin advisory.

https://portswigger.net/daily-swig/jenkins-security-unpatched-xss-csrf-bugs-included-in-latest-plugin-advisory

August 5, 2022

An incident impacting some accounts and private information on Twitter

https://privacy.twitter.com/en/blog/2022/an-issue-affecting-some-anonymous-accounts

RHBA-2022:5874 - Bug Fix Advisory

Issued:2022-08-09

OpenShift Container Platform 4.10.26 packages update

Affected Products
Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
Red Hat OpenShift Container Platform 4.10 for RHEL 7 x86_64
Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64

https://access.redhat.com/errata/RHBA-2022:5874

VMSA-2022-0021.1

CVSSv3 Range: 4.7-9.8
Issue Date: 2022-08-02
Updated On: 2022-08-09

Impacted Products
VMware Workspace ONE Access (Access)
VMware Workspace ONE Access Connector (Access Connector)
VMware Identity Manager (vIDM)
VMware Identity Manager Connector (vIDM Connector)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager

https://www.vmware.com/security/advisories/VMSA-2022-0021.html

VMSA-2022-0022

CVSSv3 Range: 5.6-7.2
Issue Date: 2022-08-09
Updated On: 2022-08-09 (Initial Advisory)
CVE(s): CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, CVE-2022-31675

Synopsis:
VMware vRealize Operations contains multiple vulnerabilities

https://www.vmware.com/security/advisories/VMSA-2022-0022.html

VMSA-2022-0023

CVSSv3 Range: 5.7
Issue Date: 2022-08-09
Updated On: 2022-08-09 (Initial Advisory)
CVE(s): CVE-2022-22983

Synopsis:
VMware Workstation update addresses an unprotected storage of credentials vulnerability (CVE-2022-22983)

Known Attack Vectors

A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.

https://www.vmware.com/security/advisories/VMSA-2022-0023.html

Adobe Releases Security Updates for Multiple Products

https://www.cisa.gov/uscert/ncas/current-activity/2022/08/09/adobe-releases-security-updates-multiple-products

Microsoft Releases August 2022 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug

Palo Alto Networks Releases Security Update for PAN-OS

https://www.cisa.gov/uscert/ncas/current-activity/2022/08/05/palo-alto-networks-releases-security-update-pan-os

Cisco Talos shares insights related to recent cyber attack on Cisco

[...]
During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
[...]

https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html

Hotfix XS71ECU2077 - For XenServer 7.1 Cumulative Update 2

https://support.citrix.com/article/CTX462418/hotfix-xs71ecu2077-for-xenserver-71-cumulative-update-2

Citrix Hypervisor Security Bulletin for CVE-2022-33745
Security

https://support.citrix.com/article/CTX463455/citrix-hypervisor-security-bulletin-for-cve202233745

Open AMT Cloud Toolkit Advisory

Advisory Category: Software
Impact of vulnerability: Escalation of Privilege
Severity rating: CRITICAL

Affected Products:
Open AMT Cloud Toolkit software maintained by Intel® before versions 2.0.2 and 2.2.2.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00694.html

Intel® Data Center Manager Advisory

Intel ID: INTEL-SA-00662
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege, Denial of Service
Severity rating: CRITICAL

Affected Products:
Intel® Data Center Manager software before version 4.1.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00662.html

SAP Security Patch Day –August2022

https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability

Advisory ID: cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
First Published: 2022 August 10 16:00 GMT
CVSS Score: Base 7.4

A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz

Múltiples vulnerabilidades en Zimbra Collaboration Suite (ZCS)

Fecha de publicación: 17/08/2022
Identificador: INCIBE-2022-888
Importancia: 5 - Crítica

Recursos afectados:
Zimbra Collaboration Suite (ZCS).

Descripción:
CISA y MS-ISAC advierten de la explotación activa de múltiples vulnerabilidades en Zimbra Collaboration Suite (ZCS).

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-zimbra-collaboration-suite-zcs

Omisión de autenticación en productos ManageEngine

Fecha de publicación: 19/08/2022
Identificador: INCIBE-2022-0889
Importancia: 5 - Crítica

Descripción:
Se ha identificado una vulnerabilidad crítica en varios productos de ManageEngine que podría permitir a un atacante omitir el proceso de autenticación y acceder a API externas.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-productos-manageengine