CySec News
Atlassian has addressed a hardcoded credential flaw in Questions for Confluence and servlet filter bypasses in multiple other products. The Australian vendor of software development and collaboration tools issued security advisories with instructions for applying updates and mitigations (July 20).
Reference: https://portswigger.net/daily-swig/atlassian-patches-batch-of-critical-vulnerabilities-across-multiple-products
Zyxel has released patches for several of its firewall products following the discovery of two security vulnerabilities that left business networks open to exploitation.
Reference: https://portswigger.net/daily-swig/zyxel-firewall-vulnerabilities-left-business-networks-open-to-abuse
Recent years have seen a growing interest in the use of machine learning and deep learning in cybersecurity, especially in network intrusion detection and prevention. However, according to a study by researchers at the Citadel, a military college in South Carolina, US, deep learning models trained for network intrusion detection can be bypassed through adversarial attacks, specially crafted data that fools neural networks to change their behavior.
Reference: https://portswigger.net/daily-swig/adversarial-attacks-can-cause-dns-amplification-fool-network-defense-systems-machine-learning-study-finds
Serious vulnerabilities in Cisco Nexus Dashboard give attackers a viable path to executing arbitrary commands as root, uploading container image files, or performing cross-site request forgery (CSRF) attacks.
Reference: https://portswigger.net/daily-swig/cisco-patches-dangerous-bug-trio-in-nexus-dashboard
Microsoft is warning customers that Windows updates released since June 28 will trigger printing issues on devices connected using USB. “Microsoft has received reports of issues affecting some printing devices following installation of Windows updates released June 28 ( KB5014666) and later,” Redmond explained.
Reference: https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-windows-10-usb-printing-breaks-due-to-recent-updates/
Microsoft has reminded customers once again that Windows Server, version 20H2, will be reaching its End of Service (EOS) in less than a month, on August 9.
Reference: https://www.bleepingcomputer.com/news/microsoft/microsoft-reminder-windows-server-20h2-reaches-eos-next-month/
SonicWall has published a security advisory today to warn of a critical SQL injection flaw impacting the GMS (Global Management System) and Analytics On-Prem products
Reference: https://www.bleepingcomputer.com/news/security/sonicwall-patch-critical-sql-injection-bug-immediately/
Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms. This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS).
Reference: https://thehackernews.com/2022/07/apple-releases-security-patches-for-all.html
Microsoft announced in July 21 that it resumed the rollout of VBA macro auto-blocking in downloaded Office documents after temporarily rolling it back earlier this month following user feedback.
Reference: https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-blocking-office-macros-by-default-once-again/
Recent Windows 11 builds come with the Account Lockout Policy policy enabled by default which will automatically lock user accounts (including Administrator accounts) after 10 failed sign-in attempts for 10 minutes.
Reference: https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/
A previously undetected malware dubbed ‘Lightning Framework’ that targets Linux systems can be used to backdoor infected devices using SSH and deploy rootkits to cover the attackers’ tracks. Described as a “Swiss Army Knife” in a report published by Intezer, Lightning Framework is a modular malware that also comes with support for plugins.
Reference: https://www.bleepingcomputer.com/news/security/new-lightning-framework-linux-malware-installs-rootkits-backdoors/
Attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanism for attackers. While prior research has been published on specific incidents and variants, little is generally known about how attackers leverage the IIS platform as a backdoor.
Reference: https://otx.alienvault.com/pulse/62e10bfe0fd0859d190ceb38
