Fortinet SSL-VPN Vulnerability

Fortinet recently disclosed a critical buffer overflow vulnerability in FortiOS SSL-VPN that is deployed on a wide range of Fortinet products. The flaw has been tracked with an identifier CVE-2022-42475 and has got a score of 9.3 out of 10 on the CVSS scale. This vulnerability can be exploited by an attacker that results in Remote Code Execution or Remote Command Execution. The attacker can then take over the device to install programs, view, change or delete data, or create new accounts with full user rights.

Microsoft Internet Explorer Vulnerability

Microsoft disclosed a vulnerability in their legacy JScript9 library that attackers have exploited with phishing attachments involving Microsoft Word, Internet Explorer (IE) deprecated but still in use, and Rich Text Format (RTF) files. Known as CVE-2022-41128, this vulnerability is being weaponized by cyber criminals with phishing emails to trick unsuspecting users and to evade detection.

Apache Commons Text Vulnerability

A vulnerability has been found in the string interpolator module of a Java library called the Apache Commons Text library. Exploiting this vulnerability (CVE-2022-42889) can result in a cyber-criminal taking over your computer or manipulating data strings to force data leakage. Its severity rating is critical.

OpenSSL 3.0 Vulnerability

The OpenSSL project recently disclosed a critical vulnerability in the OpenSSL library for version 3.0.0 and above, specifically for a bug in the X.509 Certificate. OpenSSL is an encryption library widely used across on-premises, in SaaS applications, datacenter servers, critical endpoints, and in IoT infrastructures. Open SSL is found in commercial and government organizations.  Called CVE-2022-3062, this 4-byte buffer overflow vulnerability can be exploited by attackers to crash the device and cause a Denial of Service (DoS) attack or create a Remote Code Execution (RCE).

Microsoft Office RCE Follina MSDT Attack Detection and Workaround

Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on addressing the Zero-day remote code execution (RCE) vulnerability—CVE-2022-30190, known as "Follina"—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows.

Log4j Vulnerabilities

On Dec. 9, 2021, a remote code execution (RCE) vulnerability CVE-2021-44228 in Apache log4j 2 was identified, and attackers are already actively exploiting this vulnerability. On Dec. 14, 2021, a second vulnerability CVE-2021-45046 was announced and fixed in logvj2 v2.16.0.

LockBit Ransomware Encrypts Windows Domains

A new version of the LockBit 2.0 ransomware has been identified that automates the encryption of a Windows domain using Active Directory group policies. LockBit threat actors are actively exploiting existing vulnerabilities in the Fortinet FortiOS and FortiProxy products, identified as CVE-2018-13379, in order to gain initial access to specific victim networks.

Recommended Hardening for On-Premises-Self-Hosted EventTracker Customers

This advisory is intended for organizations that self-host the EventTracker Console. Attackers have been very active recently targeting on-premises hosted software. Accordingly, organizations that host Netsurion’s EventTracker on their own premises are urged to review the  EventTracker Hardening Guide  and implement these recommendations to reduce their attack surface.

Windows Elevation of Privilege Vulnerability (HiveNightmare | SeriousSAM)

Microsoft (CVE-2021-36934) issued an alert (on July 20, 2021) about the Windows Elevation of Privilege Vulnerability which provides non-privileged user access to system files on affected versions.

Ongoing Potential Attack Against Kaseya VSA Components

Kaseya announced a notification about a potential attack against the VSA that has been limited to a small number of on-premise customers.

NOBELIUM Email-Based Attack Prevention & Detection Solution

Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and tracked by Microsoft since January 2021, evolved over a series of waves demonstrating significant experimentation.

Hafnium Detection and Monitoring Solution

Microsoft has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts and allowed installation of additional malware to facilitate long-term access to victim environments.

Advisory & Monitoring Solution for Active Exploitation of SolarWinds Software

Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on Active exploitation of SolarWinds Orion Platform software versions 2019.4 HF 5 through 2020.2.1 HF 1, released between March 2020 and June 2020. Read Our Official Statement on the Active SolarWinds Exploit.

ADV200006 | Windows Remote Code Execution Vulnerability Advisory

Microsoft has released an out-of-band security advisory to address two critical remote code execution vulnerabilities in Adobe Type Manager Library. Microsoft is also aware of limited, targeted attacks that attempt to leverage this vulnerability.