Vulnerability Spotlight: Vulnerabilities in Alyac antivirus program could stop virus scanning, cause code execution.
Update (Aug. 3, 2022): Talos disclosed two new vulnerabilities in the Alyac antivirus software and added their details to this post.
Cisco Talos recently discovered out-of-bounds read and buffer overflow vulnerabilities in ESTsecurity Corp.’s Alyac antivirus software that could cause a denial-of-service condition or arbitrary code execution. Alyac is an antivirus software developed for Microsoft Windows machines.
TALOS-2022-1452 (CVE-2022-21147) is a vulnerability that exists in a specific Alyac module that, eventually, leads to a crash of Alyac’s scanning process, which effectively neutralizes the antivirus scan.
https://blog.talosintelligence.com/2022/05/vuln-spotlight-alyac-est.html
Update (Aug. 3, 2022): Talos disclosed two new vulnerabilities in the Alyac antivirus software and added their details to this post.
Cisco Talos recently discovered out-of-bounds read and buffer overflow vulnerabilities in ESTsecurity Corp.’s Alyac antivirus software that could cause a denial-of-service condition or arbitrary code execution. Alyac is an antivirus software developed for Microsoft Windows machines.
TALOS-2022-1452 (CVE-2022-21147) is a vulnerability that exists in a specific Alyac module that, eventually, leads to a crash of Alyac’s scanning process, which effectively neutralizes the antivirus scan.
https://blog.talosintelligence.com/2022/05/vuln-spotlight-alyac-est.html
Cisco Talos Blog
Vulnerability Spotlight: Vulnerability in Alyac antivirus program could stop virus scanning, cause denial of service
Jaewon Min of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered an out-of-bounds read vulnerability in the ESTsecurity Corp.’s Alyac antivirus software that could cause a denial-of-service condition.
If successful, an attacker…
Cisco Talos recently discovered an out-of-bounds read vulnerability in the ESTsecurity Corp.’s Alyac antivirus software that could cause a denial-of-service condition.
If successful, an attacker…
Jenkins security: Unpatched XSS, CSRF bugs included in latest plugin advisory.
https://portswigger.net/daily-swig/jenkins-security-unpatched-xss-csrf-bugs-included-in-latest-plugin-advisory
https://portswigger.net/daily-swig/jenkins-security-unpatched-xss-csrf-bugs-included-in-latest-plugin-advisory
The Daily Swig | Cybersecurity news and views
Jenkins security: Unpatched XSS, CSRF bugs included in latest plugin advisory
‘We believe that announcing vulnerabilities without a fix is the best solution for a difficult problem’
August 5, 2022
An incident impacting some accounts and private information on Twitter
https://privacy.twitter.com/en/blog/2022/an-issue-affecting-some-anonymous-accounts
An incident impacting some accounts and private information on Twitter
https://privacy.twitter.com/en/blog/2022/an-issue-affecting-some-anonymous-accounts
X
An incident impacting some accounts and private information on Twitter
RHBA-2022:5874 - Bug Fix Advisory
Issued:2022-08-09
OpenShift Container Platform 4.10.26 packages update
Affected Products
Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
Red Hat OpenShift Container Platform 4.10 for RHEL 7 x86_64
Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64
https://access.redhat.com/errata/RHBA-2022:5874
Issued:2022-08-09
OpenShift Container Platform 4.10.26 packages update
Affected Products
Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
Red Hat OpenShift Container Platform 4.10 for RHEL 7 x86_64
Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64
https://access.redhat.com/errata/RHBA-2022:5874
SysAdmin 24x7
VMSA-2022-0021 CVSSv3 Range: 4.7-9.8 Issue Date: 2022-08-02 CVE(s): CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665 Synopsis: VMware Workspace…
VMSA-2022-0021.1
CVSSv3 Range: 4.7-9.8
Issue Date: 2022-08-02
Updated On: 2022-08-09
Impacted Products
VMware Workspace ONE Access (Access)
VMware Workspace ONE Access Connector (Access Connector)
VMware Identity Manager (vIDM)
VMware Identity Manager Connector (vIDM Connector)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager
https://www.vmware.com/security/advisories/VMSA-2022-0021.html
CVSSv3 Range: 4.7-9.8
Issue Date: 2022-08-02
Updated On: 2022-08-09
Impacted Products
VMware Workspace ONE Access (Access)
VMware Workspace ONE Access Connector (Access Connector)
VMware Identity Manager (vIDM)
VMware Identity Manager Connector (vIDM Connector)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager
https://www.vmware.com/security/advisories/VMSA-2022-0021.html
VMSA-2022-0022
CVSSv3 Range: 5.6-7.2
Issue Date: 2022-08-09
Updated On: 2022-08-09 (Initial Advisory)
CVE(s): CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, CVE-2022-31675
Synopsis:
VMware vRealize Operations contains multiple vulnerabilities
https://www.vmware.com/security/advisories/VMSA-2022-0022.html
CVSSv3 Range: 5.6-7.2
Issue Date: 2022-08-09
Updated On: 2022-08-09 (Initial Advisory)
CVE(s): CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, CVE-2022-31675
Synopsis:
VMware vRealize Operations contains multiple vulnerabilities
https://www.vmware.com/security/advisories/VMSA-2022-0022.html
VMSA-2022-0023
CVSSv3 Range: 5.7
Issue Date: 2022-08-09
Updated On: 2022-08-09 (Initial Advisory)
CVE(s): CVE-2022-22983
Synopsis:
VMware Workstation update addresses an unprotected storage of credentials vulnerability (CVE-2022-22983)
Known Attack Vectors
A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.
https://www.vmware.com/security/advisories/VMSA-2022-0023.html
CVSSv3 Range: 5.7
Issue Date: 2022-08-09
Updated On: 2022-08-09 (Initial Advisory)
CVE(s): CVE-2022-22983
Synopsis:
VMware Workstation update addresses an unprotected storage of credentials vulnerability (CVE-2022-22983)
Known Attack Vectors
A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.
https://www.vmware.com/security/advisories/VMSA-2022-0023.html
Adobe Releases Security Updates for Multiple Products
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/09/adobe-releases-security-updates-multiple-products
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/09/adobe-releases-security-updates-multiple-products
www.cisa.gov
Adobe Releases Security Updates for Multiple Products | CISA
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security…
Microsoft Releases August 2022 Security Updates
https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug
https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug
Palo Alto Networks Releases Security Update for PAN-OS
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/05/palo-alto-networks-releases-security-update-pan-os
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/05/palo-alto-networks-releases-security-update-pan-os
www.cisa.gov
Palo Alto Networks Releases Security Update for PAN-OS | CISA
Palo Alto Networks has released a security update to address a vulnerability in PAN-OS firewall configurations. A remote attacker could exploit this vulnerability to conduct a reflected denial-of service. CISA encourages users and administrators to review…
Cisco Talos shares insights related to recent cyber attack on Cisco
[...]
During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
[...]
https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html
[...]
During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
[...]
https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html
Cisco Talos
Cisco Talos shares insights related to recent cyber attack on Cisco
Update History Aug. 10, 2022 Adding clarifying details on activity involving active directory. Aug. 10, 2022 Update made to the Cisco Response and Recommendations section related to MFA.
Citrix Hypervisor Security Bulletin for CVE-2022-33745
Security
https://support.citrix.com/article/CTX463455/citrix-hypervisor-security-bulletin-for-cve202233745
Security
https://support.citrix.com/article/CTX463455/citrix-hypervisor-security-bulletin-for-cve202233745
Open AMT Cloud Toolkit Advisory
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege
Severity rating: CRITICAL
Affected Products:
Open AMT Cloud Toolkit software maintained by Intel® before versions 2.0.2 and 2.2.2.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00694.html
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege
Severity rating: CRITICAL
Affected Products:
Open AMT Cloud Toolkit software maintained by Intel® before versions 2.0.2 and 2.2.2.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00694.html
Intel
INTEL-SA-00694
Intel® Data Center Manager Advisory
Intel ID: INTEL-SA-00662
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege, Denial of Service
Severity rating: CRITICAL
Affected Products:
Intel® Data Center Manager software before version 4.1.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00662.html
Intel ID: INTEL-SA-00662
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege, Denial of Service
Severity rating: CRITICAL
Affected Products:
Intel® Data Center Manager software before version 4.1.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00662.html
Intel
INTEL-SA-00662
SAP Security Patch Day –August2022
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability
Advisory ID: cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
First Published: 2022 August 10 16:00 GMT
CVSS Score: Base 7.4
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
Advisory ID: cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
First Published: 2022 August 10 16:00 GMT
CVSS Score: Base 7.4
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
Cisco
Cisco Security Advisory: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak…
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key.
This vulnerability…
This vulnerability…
Múltiples vulnerabilidades en Zimbra Collaboration Suite (ZCS)
Fecha de publicación: 17/08/2022
Identificador: INCIBE-2022-888
Importancia: 5 - Crítica
Recursos afectados:
Zimbra Collaboration Suite (ZCS).
Descripción:
CISA y MS-ISAC advierten de la explotación activa de múltiples vulnerabilidades en Zimbra Collaboration Suite (ZCS).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-zimbra-collaboration-suite-zcs
Fecha de publicación: 17/08/2022
Identificador: INCIBE-2022-888
Importancia: 5 - Crítica
Recursos afectados:
Zimbra Collaboration Suite (ZCS).
Descripción:
CISA y MS-ISAC advierten de la explotación activa de múltiples vulnerabilidades en Zimbra Collaboration Suite (ZCS).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-zimbra-collaboration-suite-zcs
INCIBE-CERT
[Actualización 28/09/2022] Múltiples vulnerabilidades en Zimbra
CISA y MS-ISAC advierten de la explotación activa de múltiples vulnerabilidades en Zimbra Collaboration Suite (ZCS).
Omisión de autenticación en productos ManageEngine
Fecha de publicación: 19/08/2022
Identificador: INCIBE-2022-0889
Importancia: 5 - Crítica
Descripción:
Se ha identificado una vulnerabilidad crítica en varios productos de ManageEngine que podría permitir a un atacante omitir el proceso de autenticación y acceder a API externas.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-productos-manageengine
Fecha de publicación: 19/08/2022
Identificador: INCIBE-2022-0889
Importancia: 5 - Crítica
Descripción:
Se ha identificado una vulnerabilidad crítica en varios productos de ManageEngine que podría permitir a un atacante omitir el proceso de autenticación y acceder a API externas.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-productos-manageengine
INCIBE-CERT
Omisión de autenticación en productos ManageEngine
Se ha identificado una vulnerabilidad crítica en varios productos de ManageEngine que podría permitir a un atacante omitir el proceso de autenticación y acceder a API externas.
Windows Bluetooth Driver Elevation of Privilege Vulnerability
CVE-2022-35820
Security Vulnerability
Released: Aug 9, 2022 Last updated: Aug 19, 2022
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35820
CVE-2022-35820
Security Vulnerability
Released: Aug 9, 2022 Last updated: Aug 19, 2022
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35820
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to include additional detection signatures.
CISA encourages organizations to review the latest update to AA22-228A and apply the recommended mitigations.
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/22/cisa-updates-advisory-threat-actors-exploiting-multiple-cves
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to include additional detection signatures.
CISA encourages organizations to review the latest update to AA22-228A and apply the recommended mitigations.
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/22/cisa-updates-advisory-threat-actors-exploiting-multiple-cves
www.cisa.gov
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite | CISA
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has…