X-Force Exchange - Collection Feed

Summary Samba published a security advisory addressing a vulnerability in all versions of the Samba file server released since version 3.6.0. Threat Type Vulnerability Overview Samba published a security advisory addressing a vulnerability in all versions of the Samba file server released since version 3.6.0. The vulnerability is cause by a flaw in the code that map Windows group identities (SIDs) into unix group ids (gids). The vulnerability could potentially allow a local attacker to cause a denial of ser

Summary The ISC has published three Security Advisories pertaining to BIND. ISC has rated two of the advisories as High and one as Medium. Threat Type Vulnerability Overview Three Security Advisories for BIND have been published by the ISC. Two of the advisories have been rated as High and one as Medium by the ISC. All three of the vulnerabilities addressed by the advisories are exploitable remotely and have a potential impact of denial of service conditions. One of the vulnerabilities, CVE-2021-25216, if t

Summary Apple has published security updates for iCloud for Windows, Xcode, Safari, iOS and iPadOS, watchOS, tvOS, and macOS: Big Sur, Catalina, and Mojave. One of the vulnerabilities (CVE-2021-30657) addressed in the updates for macOS Big Sur, and Catalina, has been reported independently as being exploited in the wild. Threat Type Vulnerability Overview Apple has published security updates for iCloud for Windows, Xcode, Safari, iOS and iPadOS, watchOS, tvOS, and macOS: Big Sur, Catalina, and Mojave. Colle

Summary Cisco has published thirteen Security Advisories. Of the advisories, five are rated as High and eight are rated as Medium. Threat Type Vulnerability Overview Cisco has published thirteen Security Advisories. Of the advisories, five are rated as High and eight are rated as Medium. For all advisories listed below, it is noted that Cisco's Product Security Incident Response Team (PSIRT) is "not aware of any public announcements or malicious use of the vulnerabilities" that are described in the advisori

Summary Google has released an update to its Chrome web browser for Windows, Mac, and Linux that provides fixes for nine vulnerabilities. Of the seven CVE-numbered vulnerabilities noted in the advisory, Google has three of them rated as High, three as Medium, and one as Low. Threat Type Vulnerability Overview Google has released an update, version 90.0.4430.93, to its Chrome web browser for Windows, Mac, and Linux that provides fixes for nine vulnerabilities. Of the seven CVE-numbered vulnerabilities noted

Summary A Security Advisory for Drupal, SA-CORE-2021-002, addresses a vulnerability rated by Drupal as Critical. Threat Type Vulnerability Overview The Drupal security advisory, SA-CORE-2021-002, addresses a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. The vulnerability is caused by a failure to properly sanitize input. The vulnerability has been rated as Critical by Drupal. No CVE number has been provided for the vulnerability. The vulnerabili

Summary The ICS-CERT has published two advisories that affect Horner Automation Cscape and Mitsubishi Electric GOT. Threat Type Vulnerability Overview The ICS-CERT has published two advisories that affect Horner Automation Cscape and Mitsubishi Electric GOT. Further information is available from the advisories which are summarized below. ICS Advisory ICSA-21-112-01 - Horner Automation Cscape CVE-2021-22678 - The affected application lacks proper validation of user-supplied data when parsing project files. T

Summary Cisco has published five Security Advisories, all of which apply to Cisco's SD-WAN vManage software. The advisories are rated as Medium. Threat Type Vulnerability Overview Cisco has published five Security Advisories, all of which apply to Cisco's SD-WAN vManage software. The advisories are rated as Medium. For all advisories listed below, it is noted that Cisco's Product Security Incident Response Team (PSIRT) is "not aware of any public announcements or malicious use of the vulnerabilities" that a

Summary The ICS-CERT has published seven advisories that affect Hitachi ABB Power Grids Ellipse APM, Rockwell Automation Stratix Switches, Delta Industrial Automation COMMGR, Delta Electronics CNCSoft ScreenEditor and CNCSoft-B, Eaton Intelligent Power Manager, and Siemens Mendix. Threat Type Vulnerability Overview The ICS-CERT has published seven advisories that affect Hitachi ABB Power Grids Ellipse APM, Rockwell Automation Stratix Switches, Delta Industrial Automation COMMGR, Delta Electronics CNCSoft Sc

Summary Trend Micro spotted an enhanced SysUpdate Malware package that now uses five files in its infection routine instead of the usual three. While conducting an incident response investigation involving a Philippine-based gambling company, Trend Micro that the Iron Tiger threat actor had been targeting he same company for 18 months and it was in December 2020 that they discovered the SysUpdate malware sample. Threat Type Malware, APT, Backdoor Overview Continued targeting of gambling companies and an inc

Summary A software company specializing in auditing tools suffered an attack over the course of the the past four months and disclosed this month. Several news outlets have reported on the attack and the vulnerability used to exploit a zero-day vulnerability. Threat Type Vulnerability, Breach Overview An investigation by Codecov led to the discovery of a supply-chain attack that has been occurring since January 2021. The maker of auditing tools stated a threat actor had modified Bash Uploader script and exp

Summary The ICS-CERT has published two advisories that affect the Schneider Electric C-Bus Toolkit, and the EIPStackGroup OpENer Ethernet/IP. Threat Type Vulnerability Overview The ICS-CERT has published two advisories that affect the Schneider Electric C-Bus Toolkit, and the EIPStackGroup OpENer Ethernet/IP. Further information is available from the advisories which are summarized below. ICS Advisory ICSA-21-105-01 - Schneider Electric C-Bus Toolkit CVE-2021-22716 - The affected product is vulnerable to Im

Summary Google has released an update to its Chrome web browser for Windows, Mac, and Linux that provides fixes for thirty-seven vulnerabilities. Of the nineteen CVE-numbered vulnerabilities noted in the advisory, Google has six of them rated as High, ten as Moderate, and three as Low. Threat Type Vulnerability Overview Google has released an update, version 90.0.4430.72, to its Chrome web browser for Windows, Mac, and Linux that provides fixes for thirty-seven vulnerabilities. Of the nineteen CVE-numbered

Summary Zscaler has identified a threat actor spreading malicious android apps via WhatsApp and SMS. The apps are specifically targeting JIO telecom users in India. Those targeted are tricked into thinking that TikTok is available again in India or that they are installing an app to register to receive a free Lenovo laptop, courtesy of the Government of India. Threat Type Malware, Phishing, Smishing Overview An unnamed threat actor has been identified as actively operating since as early as March 20, 2020.

Summary In its April 2021 security updates, Microsoft list 108 CVE numbered vulnerabilities in various Microsoft products. Of those, nineteen are rated as Critical, eighty-eight rated as Important, and one as Moderate. One of the vulnerabilities is reported to have been exploited in the wild. Six vulnerabilities in Microsoft's Chromium based browser, Edge, were addressed in a prior update. Microsoft rated these vulnerabilities as Unknown. Threat Type Vulnerability Overview In its April 2021 security updates

Summary Adobe has released four security updates. The updates are for Photoshop, Digital Editions, Bridge, and RoboHelp. Three of the updates address at least one vulnerability rated by Adobe as Critical and one is rated Important. Threat Type Vulnerability Overview Adobe has released four security updates. The updates are for Photoshop, Digital Editions, Bridge, and RoboHelp. Three of the updates address at least one vulnerability rated by Adobe as Critical and one is rated Important. The potential impact

Summary CVE-2021-28310 is a privilege escalation vulnerability in Windows' Desktop Window Manager. It was discovered by Kaspersky being used in-the-wild by BITTER APT. Threat Type Vulnerability, Exploit, APT Overview Kaspersky published a blog post detailing CVE-2021-28310, a zero-day vulnerability they discovered being exploited by BITTER APT. It is a privilege escalation vulnerability, and Kaspersky believes it was used in combination with other browser exploits. Since the full exploit chain wasn't captur

Summary SAP has released its April 2021 security patches for a variety of products. Each product and a link to details on the vulnerability are listed below. In all, 14 security notes were released. Of these, 1 is rated critical, 4 are rated high, 9 are rated as medium, and 5 are updates to previously released patches. The potential impact from successful exploitation of the most serious vulnerability is remote code execution. In addition, privilege escalation, accessing sensitive files, and other nefarious

Summary The ICS-CERT has published fifteen advisories that affect Schneider Electric SoMachine Basic, Advantech WebAccessSCADA, JTEKT TOYOPUC products, the Siemens products Solid Edge File Parsing, Web Server of SCALANCE X200, SINEMA Remote Connect Server, LOGO! Soft Comfort, PKE Control Center Server, TIM 4R-IE Devices, Nucleus Products IPv6 Stack, Nucleus Products DNS Module, Tecnomatix RobotExpert, SIMOTICS CONNECT 400, Nucleus DNS, and the Siemens and Milestone Siveillance Video Open Network Bridge. Thr

Summary PAM update 4104.08194 contains 10 new events, 23 new moderate event responses, and 23 new aggressive event responses. Threat Type Vulnerability Overview This content update is compatible with IBM QRadar Network Security Firmware version 5.4 or later, IBM QRadar Network Security for VMware firmware version 5.4 or later, IBM Security Network IPS GV-Series Virtual Appliances, IBM Security Network IPS GX-Series Appliances Firmware version 4.5 or later, IBM Security Network Protection XGS Firmware versio