Cisco Talos shares insights related to recent cyber attack on Cisco
[...]
During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
[...]
https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html
[...]
During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
[...]
https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html
Cisco Talos
Cisco Talos shares insights related to recent cyber attack on Cisco
Update History Aug. 10, 2022 Adding clarifying details on activity involving active directory. Aug. 10, 2022 Update made to the Cisco Response and Recommendations section related to MFA.
Citrix Hypervisor Security Bulletin for CVE-2022-33745
Security
https://support.citrix.com/article/CTX463455/citrix-hypervisor-security-bulletin-for-cve202233745
Security
https://support.citrix.com/article/CTX463455/citrix-hypervisor-security-bulletin-for-cve202233745
Open AMT Cloud Toolkit Advisory
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege
Severity rating: CRITICAL
Affected Products:
Open AMT Cloud Toolkit software maintained by Intel® before versions 2.0.2 and 2.2.2.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00694.html
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege
Severity rating: CRITICAL
Affected Products:
Open AMT Cloud Toolkit software maintained by Intel® before versions 2.0.2 and 2.2.2.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00694.html
Intel
INTEL-SA-00694
Intel® Data Center Manager Advisory
Intel ID: INTEL-SA-00662
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege, Denial of Service
Severity rating: CRITICAL
Affected Products:
Intel® Data Center Manager software before version 4.1.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00662.html
Intel ID: INTEL-SA-00662
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege, Denial of Service
Severity rating: CRITICAL
Affected Products:
Intel® Data Center Manager software before version 4.1.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00662.html
Intel
INTEL-SA-00662
SAP Security Patch Day –August2022
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability
Advisory ID: cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
First Published: 2022 August 10 16:00 GMT
CVSS Score: Base 7.4
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
Advisory ID: cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
First Published: 2022 August 10 16:00 GMT
CVSS Score: Base 7.4
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
Cisco
Cisco Security Advisory: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak…
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key.
This vulnerability…
This vulnerability…
Múltiples vulnerabilidades en Zimbra Collaboration Suite (ZCS)
Fecha de publicación: 17/08/2022
Identificador: INCIBE-2022-888
Importancia: 5 - Crítica
Recursos afectados:
Zimbra Collaboration Suite (ZCS).
Descripción:
CISA y MS-ISAC advierten de la explotación activa de múltiples vulnerabilidades en Zimbra Collaboration Suite (ZCS).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-zimbra-collaboration-suite-zcs
Fecha de publicación: 17/08/2022
Identificador: INCIBE-2022-888
Importancia: 5 - Crítica
Recursos afectados:
Zimbra Collaboration Suite (ZCS).
Descripción:
CISA y MS-ISAC advierten de la explotación activa de múltiples vulnerabilidades en Zimbra Collaboration Suite (ZCS).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-zimbra-collaboration-suite-zcs
INCIBE-CERT
[Actualización 28/09/2022] Múltiples vulnerabilidades en Zimbra
CISA y MS-ISAC advierten de la explotación activa de múltiples vulnerabilidades en Zimbra Collaboration Suite (ZCS).
Omisión de autenticación en productos ManageEngine
Fecha de publicación: 19/08/2022
Identificador: INCIBE-2022-0889
Importancia: 5 - Crítica
Descripción:
Se ha identificado una vulnerabilidad crítica en varios productos de ManageEngine que podría permitir a un atacante omitir el proceso de autenticación y acceder a API externas.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-productos-manageengine
Fecha de publicación: 19/08/2022
Identificador: INCIBE-2022-0889
Importancia: 5 - Crítica
Descripción:
Se ha identificado una vulnerabilidad crítica en varios productos de ManageEngine que podría permitir a un atacante omitir el proceso de autenticación y acceder a API externas.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-productos-manageengine
INCIBE-CERT
Omisión de autenticación en productos ManageEngine
Se ha identificado una vulnerabilidad crítica en varios productos de ManageEngine que podría permitir a un atacante omitir el proceso de autenticación y acceder a API externas.
Windows Bluetooth Driver Elevation of Privilege Vulnerability
CVE-2022-35820
Security Vulnerability
Released: Aug 9, 2022 Last updated: Aug 19, 2022
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35820
CVE-2022-35820
Security Vulnerability
Released: Aug 9, 2022 Last updated: Aug 19, 2022
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35820
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to include additional detection signatures.
CISA encourages organizations to review the latest update to AA22-228A and apply the recommended mitigations.
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/22/cisa-updates-advisory-threat-actors-exploiting-multiple-cves
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to include additional detection signatures.
CISA encourages organizations to review the latest update to AA22-228A and apply the recommended mitigations.
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/22/cisa-updates-advisory-threat-actors-exploiting-multiple-cves
www.cisa.gov
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite | CISA
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has…
Ejecución remota de comandos en productos GitLab
Fecha de publicación: 23/08/2022
Identificador: INCIBE-2022-0891
Importancia: 5 - Crítica
Recursos afectados:
GitLab Community Edition (CE) y Enterprise Edition (EE), versiones anteriores a la 15.3.1, 15.2.3 y 15.1.5.
Descripción:
GitLab ha lanzado nuevas versiones que corrigen vulnerabilidades que podrían permitir a un atacante la ejecución remota de comandos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-comandos-productos-gitlab
Fecha de publicación: 23/08/2022
Identificador: INCIBE-2022-0891
Importancia: 5 - Crítica
Recursos afectados:
GitLab Community Edition (CE) y Enterprise Edition (EE), versiones anteriores a la 15.3.1, 15.2.3 y 15.1.5.
Descripción:
GitLab ha lanzado nuevas versiones que corrigen vulnerabilidades que podrían permitir a un atacante la ejecución remota de comandos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-comandos-productos-gitlab
VMSA-2022-0024
CVSSv3 Range: 7.0
Issue Date: 2022-08-23
CVE(s): CVE-2022-31676
Synopsis:
VMware Tools update addresses a local privilege escalation vulnerability (CVE-2022-31676)
Impacted Products
VMware Tools
https://www.vmware.com/security/advisories/VMSA-2022-0024.html
CVSSv3 Range: 7.0
Issue Date: 2022-08-23
CVE(s): CVE-2022-31676
Synopsis:
VMware Tools update addresses a local privilege escalation vulnerability (CVE-2022-31676)
Impacted Products
VMware Tools
https://www.vmware.com/security/advisories/VMSA-2022-0024.html
Cisco Releases Security Updates for Multiple Products
Original release date: August 25, 2022
Cisco has released security updates for vulnerabilities affecting ACI Multi-Site Orchestrator, FXOS, and NX-OS software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
CISA encourages users and administrators to review the advisories for ACI Multi-Site Orchestrator, FXOS, and NX-OS and apply the necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/25/cisco-releases-security-updates-multiple-products
Original release date: August 25, 2022
Cisco has released security updates for vulnerabilities affecting ACI Multi-Site Orchestrator, FXOS, and NX-OS software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
CISA encourages users and administrators to review the advisories for ACI Multi-Site Orchestrator, FXOS, and NX-OS and apply the necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/25/cisco-releases-security-updates-multiple-products
www.cisa.gov
Cisco Releases Security Updates for Multiple Products | CISA
Cisco has released security updates for vulnerabilities affecting ACI Multi-Site Orchestrator, FXOS, and NX-OS software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity…
Notice of Recent Security Incident
To All LastPass Customers,
I want to inform you of a development that we feel is important for us to share with our LastPass business and consumer community.
[...]
FAQs
1. Has my Master password or the Master Password of my users been compromised?
No. This incident did not compromise your Master Password. We never store or have knowledge of your Master Password. We utilize an industry standard Zero Knowledge architecture that ensures LastPass can never know or gain access to our customers’ Master Password. You can read about the technical implementation of Zero Knowledge here.
https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/
To All LastPass Customers,
I want to inform you of a development that we feel is important for us to share with our LastPass business and consumer community.
[...]
FAQs
1. Has my Master password or the Master Password of my users been compromised?
No. This incident did not compromise your Master Password. We never store or have knowledge of your Master Password. We utilize an industry standard Zero Knowledge architecture that ensures LastPass can never know or gain access to our customers’ Master Password. You can read about the technical implementation of Zero Knowledge here.
https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/
Lastpass
Security Incident December 2022 Update - LastPass - The LastPass Blog
Please refer to the latest article for updated information.nbs[..]
Bitbucket Server and Data Center - Command injection vulnerability - CVE-2022-36804
There is a command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center. An attacker with access to a public repository or with read permissions to a private Bitbucket repository can execute arbitrary code by sending a malicious HTTP request.
https://confluence.atlassian.com/bitbucketserver/bitbucket-server-and-data-center-advisory-2022-08-24-1155489835.html
There is a command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center. An attacker with access to a public repository or with read permissions to a private Bitbucket repository can execute arbitrary code by sending a malicious HTTP request.
https://confluence.atlassian.com/bitbucketserver/bitbucket-server-and-data-center-advisory-2022-08-24-1155489835.html
Twilio breach let hackers gain access to Authy 2FA accounts.
Twilio’s investigation into the attack on August 4 reveals that hackers gained access to some Authy user accounts and registered unauthorized devices.
https://www.bleepingcomputer.com/news/security/twilio-breach-let-hackers-gain-access-to-authy-2fa-accounts/
Twilio’s investigation into the attack on August 4 reveals that hackers gained access to some Authy user accounts and registered unauthorized devices.
https://www.bleepingcomputer.com/news/security/twilio-breach-let-hackers-gain-access-to-authy-2fa-accounts/
BleepingComputer
Twilio breach let hackers gain access to Authy 2FA accounts
Twilio's investigation into the attack on August 4 reveals that hackers gained access to some Authy user accounts and registered unauthorized devices.
Múltiples vulnerabilidades en GitLab
Fecha de publicación: 31/08/2022
Identificador: INCIBE-2022-0904
Importancia: 5 - Crítica
Recursos afectados:
GitLab CE/EE, versiones anteriores a 15.3.2, 15.2.4 y 15.1.6.
Descripción:
GitLab ha publicado 15 vulnerabilidades: 1 de severidad crítica, 2 de severidad alta, 10 de severidad media y 2 de severidad baja, por las que un atacante podría ejecutar comandos de forma remota o una vulnerabilidad tipo Stored Cross-Site Scripting (persistent XSS), divulgar información o causar una denegación de servicio entre otros.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-gitlab-2
Fecha de publicación: 31/08/2022
Identificador: INCIBE-2022-0904
Importancia: 5 - Crítica
Recursos afectados:
GitLab CE/EE, versiones anteriores a 15.3.2, 15.2.4 y 15.1.6.
Descripción:
GitLab ha publicado 15 vulnerabilidades: 1 de severidad crítica, 2 de severidad alta, 10 de severidad media y 2 de severidad baja, por las que un atacante podría ejecutar comandos de forma remota o una vulnerabilidad tipo Stored Cross-Site Scripting (persistent XSS), divulgar información o causar una denegación de servicio entre otros.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-gitlab-2
www.incibe.es
Múltiples vulnerabilidades en GitLab
GitLab ha publicado 15 vulnerabilidades: 1 de severidad crítica, 2 de severidad alta, 10 de severidad
Actualización de seguridad 6.0.2 para WordPress
Fecha de publicación: 31/08/2022
Identificador: INCIBE-2022-0905
Importancia: 4 - Alta
Recursos afectados:
WordPress, versiones anteriores a 6.0.2.
Descripción:
Se ha publicado la última versión de WordPress, que contiene 3 correcciones de seguridad.
Solución:
Actualizar a la versión 6.0.2 desde WordPress.org o desde el panel de control (Updates > Update Now).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-602-wordpress
Fecha de publicación: 31/08/2022
Identificador: INCIBE-2022-0905
Importancia: 4 - Alta
Recursos afectados:
WordPress, versiones anteriores a 6.0.2.
Descripción:
Se ha publicado la última versión de WordPress, que contiene 3 correcciones de seguridad.
Solución:
Actualizar a la versión 6.0.2 desde WordPress.org o desde el panel de control (Updates > Update Now).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-602-wordpress
INCIBE-CERT
Actualización de seguridad 6.0.2 para WordPress
Se ha publicado la última versión de WordPress, que contiene 3 correcciones de seguridad.
URGENT! Apple slips out zero-day update for older iPhones and iPads
https://nakedsecurity.sophos.com/2022/08/31/urgent-apple-quietly-slips-out-zero-day-update-for-older-iphones/
https://nakedsecurity.sophos.com/2022/08/31/urgent-apple-quietly-slips-out-zero-day-update-for-older-iphones/
Sophos News
Naked Security – Sophos News
Apple Releases Security Updates for Multiple Products
Original release date: September 01, 2022
Apple has released security updates to address a vulnerability (CVE-2022-32893) in iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). Exploitation of this vulnerability could allow an attacker to take control of affected device.
CISA encourages users and administrators to review Apple’s advisory HT213428 and apply necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/01/apple-releases-security-updates-multiple-products
https://support.apple.com/en-us/HT213428
Original release date: September 01, 2022
Apple has released security updates to address a vulnerability (CVE-2022-32893) in iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). Exploitation of this vulnerability could allow an attacker to take control of affected device.
CISA encourages users and administrators to review Apple’s advisory HT213428 and apply necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/01/apple-releases-security-updates-multiple-products
https://support.apple.com/en-us/HT213428
www.cisa.gov
Apple Releases Security Updates for Multiple Products | CISA
Apple has released security updates to address a vulnerability (CVE-2022-32893) in iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). Exploitation of this vulnerability could allow an attacker to take…