Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash.
Month: April 2021
The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console.
Original release date: April 30, 2021
CISA is aware of a compromise of the Codecov software supply chain in which a malicious threat actor made unauthorized alterations of Codecov’s Bash Uploader script, beginning on January 31, 2021. Upon discovering the compromise on April 1, 2021, Codecov immediately remediated the affected script. On April 15, 2021, Codecov notified customers of the compromise and on April 29, 2021, Codecov released an update containing new detections—including indicators of compromise (IOCs) and a non-exhaustive data set of likely compromised environment variables—to assist organizations in determining whether they have been affected.
CISA urges all Codecov users to review the Codecov update and:
- Search for the IOCs provided.
- Log in to Codecov to see any additional information specific to their organization and repositories.
Affected users should immediately implement the guidance in the Recommended Actions for Affected Users and FAQ sections of Codecov’s update. CISA recommends giving special attention to Codecov’s guidance on changing (“re-rolling”) potentially affected credentials, tokens, and keys. CISA also recommends revoking and reissuing any potentially affected certificates.
This product is provided subject to this Notification and this Privacy & Use policy.
Categories
Samba Releases Security Updates
Original release date: April 30, 2021
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Samba Security Announcements for CVE-2021-20254 and apply the necessary updates and workarounds.
This product is provided subject to this Notification and this Privacy & Use policy.
A coalition of 60 global entities (including the DoJ) has proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations.
Original release date: April 29, 2021
CISA has released Industrial Control Systems Advisory ICSA-21-119-04 Multiple RTOS to provide notice of multiple vulnerabilities found in real-time operating systems (RTOS) and supporting libraries. Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution.
CISA encourages users and administrators to review the ICS Advisory for mitigation recommendations and available updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Modern Phishing: A Hidden Threat in Plain Sight
While it may come as a surprise to some, phishing is still a lucrative business for cybercriminals. Phishing is defined as the fraudulent practice of sending emails pretending to be from reputable companies in order to reveal personal information. In 2020 alone the FBI’s Internet Crime Report stated that phishing scams in the United States led to over 54 million dollars in damages. Here are a few of the modern phishing campaigns currently circulating: COVID-19 vaccine offers, requests to verify Personally Identifiable Information (PII) from the government, and requests to verify banking information for stimulus checks. Here are a few tips to minimize becoming a victim of phishing. Verify ALL aspects of an email if it contains an attachment. Enable multifactor authentication (MFA) on your accounts that offer this service. Most importantly, if something is being offered to you for free that you didn’t sign up for, its likely a scam.
SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug.
The information-disclosure flaw allows KASLR bypass and the discovery of additional, unpatched vulnerabilities in ARM devices.
The RaaS developers thumbed their noses at police, saying “We find 0 day before you.”