X-Force Exchange - Collection Feed

Summary A Critical Remote Code Execution Vulnerability in Microsoft's SPENGO Extended Negotiation Security Mechanism has been disclosed. A vendor provided patch is available to fix this flaw. Threat Type Vulnerability Overview In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022-37958). On December 13, Microsoft reclassified the vulnerability as “Critical” severity after IBM Security X-Force Red Security Researcher Valentina Palmiotti discovered the vulnera

Summary GTSC and other reputable sources have published blogs and analysis on a threat actor campaign exploiting Microsoft Exchange vulnerabilities. Patches are now available for these vulnerabilities. Threat Type Vulnerability Overview -Update 11/09/2022 - Microsoft has released their monthly update and included in this release are patches for the vulnerabilities covered in this collection. We recommend testing and applying these updates as soon as possible. Microsoft also recommends that you apply th

Summary VMWare has released Workspace ONE Assist 22.10 in order to patch three critical vulnerabilities in their remote access tool. Threat Type Vulnerability Overview Three critical authentication bypass bugs have been disclosed in VMWare’s remote access tool, Workspace ONE Assist. All three of these vulnerabilities have been rated at a 9.8 out of 10 on CVSSv3. According to the VMWare advisory, "A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access with

Summary ***UPDATED*** The OpenSSL Project has officially released version 3.0.7. This update contains a fix for a previously undisclosed vulnerability that affects all current versions of the technology. This vulnerability has been downgraded from critical to high. Threat Type Vulnerability Overview ***UPDATE 1, November 1, 2022*** OpenSSL has released version 3.0.7 to address the undisclosed, high rated vulnerability. The download can be found here as well as in the references section below. Please note th

Summary VMWare has released advisory VMSA-2022-0027 in order to remedy a critical remote code execution vulnerability in VMWare Cloud Foundation. This vulnerability is being tracked as CVE-2021-39144 and only affects VMware Cloud Foundation (NSX-V) version 3.11. Threat Type Vulnerability Overview X-Force is tracking the release of a patch for a critical remote code execution vulnerability in VMWare Cloud Foundation. VMWare has released advisory VMSA-2022-0027 to remedy this vulnerability tracked as CVE-202

Summary SOCRadar, a cyber intelligence company, has reported that they have discovered a data leakfrom a Microsoft Azure Blob Storage location. Microsoft has acknowledged the incident. However, details on the severity of the leak vary between Microsoft and the SOCRadar report. Threat Type Data Leak Overview Microsoft has published a blog on their Security Response Center in response to a report from a cyber intelligence company called SOCRadar. SOCRadar discovered and reported on a data leak in a misconfig

Summary A remote code execution vulnerability has been disclosed in Java Apache Commons Text. This vulnerability affects all versions prior to 1.10.0. Users of Apache Commons Text are advised to upgrade in order to mitigate this vulnerability. Threat Type Vulnerability Overview ***Update #1, October 19, 2022*** A proof-of-concept has been released by SeanWrightSec on GitHub. At present, there is no indication of this exploit being used in the wild. However, with a PoC released, organizations should be on

Summary Several reputable news outlets have reported on Killnet activities against multiple airports and government agencies across the U.S. and globally presently and over the past several months. The current efforts of Killnet appear to be mainly US airports as identified by a list within a twitter post linked below. Threat Type DDoS Campaign Overview ***UPDATE #1, OCTOBER 10, 2022*** A new post from Bleeping Computer lists the following airports suffering from potential DDoS attacks: Atlanta (ATL) Los An

Summary X-Force is tracking the disclosure that Optus, Australia's second-largest wireless carrier, was a victim of a cyberattack on September 22, 2022. According to reports from reputable sources, the PII of approximately 9.8 million Australians has been stolen. Threat Type Data Leak Overview On September 22, 2022, Optus, Australia's second-largest wireless carrier, disclosed that they had been the victim of a cyber attack. Further investigation provided by reputable sources then disclosed that the data

Summary An internal investigation by security researchers from WhatsApp has found and disclosed two critical vulnerabilities in its signature software. Threat Type Vulnerability Overview IBM X-Force Incident Command is monitoring a pair of critical vulnerabilities in Meta's WhatsApp software. The vulnerabilities were discovered internally by security researchers and responsibly disclosed after a software upgrade was issued. Older versions of the software are still vulnerable and include all versions includi

Summary A statement from GitLabs acknowledges a critical vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). Threat Type Vulnerability Overview A critical vulnerability has been disclosed by GitLab in its GitLab CE and EE software. The vulnerability, tracked as CVE-2022-2884, has a CVSS v3 score of 9.9 and could allow for Remote Code Execution. GitLab has updated the affected software to versions not vulnerable to this possible attack vector. Vulnerable versions start with 11.3.4 and

Summary On August 8, 2022, Intel published 27 security advisories addressing multiple vulnerabilities.  Among those vulnerabilities is a critical authentication bypass bug in Open AMT Cloud Toolkit, an open-source toolkit for integrating OOB management solutions. Threat Type Vulnerability Overview Intel has released patches for several vulnerabilities, one of which, includes a critical authentication bypass in the Open AMT Cloud Toolkit. This software in question is an open-source toolkit used in the manage

Summary According to a report from Bleeping Computer and confirmed by VMWare, vulnerabilities in a multitude of products have been marked as critical. Patches have been issued. Threat Type Vulnerability Overview Update 01 (08/09/2022) VMWare has published an update to this disclosure stating that there is now proof of concept code publicly available that can be used to exploit CVE-2022-31656 and CVE-2022-31659.  The POC was released, as promised, by Security security researcher Petrus Viet.  This is the sam

Summary Cisco has patched a critical vulnerability that could allow an unauthenticated, remote attacker to exploit the flaw and execute arbitrary code (RCE) or trigger a denial of service (DoS). The vulnerability, tracked as CVE-2022-20842, has been deemed critical with a CVSSv3 score of 9.8. Threat Type Vulnerability Overview A critical flaw in the web-based management of certain Small Business VPN routers has been patched by Cisco. The vulnerability could allow for a remote, unauthenticated attacker to ex

Summary ***Updated July 29, 2022*** IBM X-Force is monitoring the disclosure of a vulnerability disclosed by Atlassian in its Questions for Confluence app that could allow a remote attacker to use known, hardcoded credentials to gain access and, possibly, control over the application. Other vulnerabilities were disclosed however, this is the most critical issue. Threat Type Vulnerability Overview ***Update #2, July 29, 2022*** Rapid7 has published a report detailing active exploitation of the aforementioned

Summary GBHackers on Security and SonicWall have confirmed a critical SQL Injection vulnerability in SonicWall's Analytics On-Premise and Global Management System are affected and must be updated. Threat Type Vulnerability Overview SonicWall and GBHackers on Security have confirmed the existence of a SQL Injection vulnerability in SonicWall's Analytics On-Premise and Global Management System (GMS). The flaw, assigned CVE-2022-22280 , has special elements in SQL commands which are not neutralized appropriate

Summary A prototype pollution vulnerability in Blitz.js can allow attacker to remotely execute code on Node.js servers, according to a report from researchers at Sonar. Threat Type Vulnerability Overview A prototype pollution vulnerability (CVE-2022-23631) in Blitz.js could allow for remote code execution in an unauthenticated state. Should the Blitz.js-based application implement at least one RPC call makes the application vulnerable. Prototype pollution occurs when an attack can gain control over a proto

Summary ***UPDATED July 15, 2022*** X-Force continues to monitor the Ukraine-Russia war, including some historical and current cyberattack activity between Russia and Ukraine. See the updates in the Overview section for the latest information. This collection will continue to be updated as new information becomes available. Threat Type Cyber Attack Overview ***UPDATE #33, July 15, 2022*** As the Russian assault on Ukraine continues into its 7th month, the cyber threat landscape as it pertains to this situa

Summary IBM X-Force is monitoring the disclosure of a vulnerability in the in the WebRTC component of Google Chrome. Successful exploitation of this vulnerability could lead to remote code execution. An official patch has been released to mitigate this threat. Threat Type Vulnerability Overview A security patch has been released for Google Chrome in order to remedy a vulnerability in the in the WebRTC component of the web browser. This vulnerability, reported by Jan Vojtesek of the Avast Threat Intellige

Summary IBM X-Force is tracking the disclosure of a vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance, and Cisco Email Security Appliance. Cisco has released an advisory containing an official patch as well as other mitigation options. Threat Type Vulnerability Overview A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance, an