X-Force Exchange - Collection Feed

Summary The Mozilla Foundation has issued a Moderate-rated security advisory that addresses multiple vulnerabilities in Thunderbird. Threat Type Vulnerability Overview The Mozilla Foundation has released Thunderbird 78.9.1 to cover multiple vulnerabilities related to OpenPGP functions. The advisory has been rated as Moderate. The vulnerabilities could potentially result in a failure to send encrypted emails or allow a remote attacker to conduct a spoofing attack. For further details, please refer to the app

Summary Throughout 2020 IBM X-Force saw a proliferation of malware created using the Go programming language, now some of that focus seems to be shifting onto the Nim programming language, with the latest addition being the Nimar Backdoor. Threat Type Vulnerability Overview Throughout 2020 IBM X-Force saw a proliferation of malware created using the Go programming language, now some of that focus seems to be shifting onto Nim. Nim is a flexible, statically typed programming language which is notable for hav

Summary The Android Security Bulletin for April has been released and provides information on the thirty-six vulnerabilities that are addressed in this bulletin. Threat Type Vulnerability Overview The April security bulletin for Android has been released. In it, thirty-six vulnerabilities are addressed. Some of the potential impacts of successful exploitation of the vulnerabilities are information disclosure, privilege escalation, and remote code execution. Two of the vulnerabilities were rated as "Critical

Summary Cisco has published fifteen Security Advisories. Of the advisories, two are rated as Critical, four are rated as High, and nine are rated as Medium. Threat Type Vulnerability Overview Cisco has published fifteen Security Advisories. Of the advisories, two are rated as Critical, four are rated as High, and nine are rated as Medium. For all advisories listed below, it is noted that Cisco's Product Security Incident Response Team (PSIRT) is "not aware of any public announcements or malicious use of the

Summary Microsoft released a security update for its Chromium-based Edge browser that addresses six CVE-numbered vulnerabilities. Threat Type Vulnerability Overview A security update for Microsoft's Chromium-based Edge browser has been released. Six CVE-numbered vulnerabilities are addressed in the update. The most serious of the vulnerabilities, if successfully exploited, could potentially allow a remote attacker to execute arbitrary code on an affected system. Further details are available from the links

Summary VMWare published a security advisory, VMSA-2021-0005, that addresses an authentication bypass vulnerability in the VMware Carbon Black Cloud Workload appliance. Threat Type Vulnerability Overview VMWare published a security advisory, VMSA-2021-0005, that addresses a vulnerability (CVE-2021-21982) in the VMware Carbon Black Cloud Workload appliance. The vulnerability is an authentication bypass issue which could potentially allow a remote attacker to obtain administrative access to an affected device

Summary The Federal Bureau of Investigations (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint cybersecurity advisory on APT actors exploiting vulnerabilities in FortiOS to gain initial access to commercial, government, and technology services networks. Threat Type Vulnerability Overview APT actors have been observed scanning devices on certain ports which are associated with the FortiOS vulnerability, CVE-2018-13379. The actors have also been enumerating devices that

Summary The ICS-CERT has published an advisory that affects Rockwell Automation's FactoryTalk AssetCentre. Threat Type Vulnerability Overview The ICS-CERT has published an advisory that affects Rockwell Automation's FactoryTalk AssetCentre. Further information is available from the advisory which is summarized below. ICS Advisory ICSA-21-091-01 - Rockwell Automation FactoryTalk AssetCentre CVE-2021-27462 - A deserialization vulnerability exists in how the AosService.rem service in FactoryTalk AssetCentre ve

Summary Proofpoint Threat Research discovered in late 2020 a new credential phishing campaign named BadBlood, carried out by threat group TA453, aka Charming Kitten. The campaign targets senior medical professionals who specialize in genetic, neurology, and oncology research in the United States and Israel. These targets are not the traditional targets for TA453, however, the tactics and techniques observed in BadBlood continue to mirror those used in historic TA453 campaigns. Threat Type Malware, Phishing,

Summary A security advisory has been published for Xen. The vulnerability addressed in the advisory could potentially allow an attacker to cause a denial of service condition on the host system. Threat Type Vulnerability Overview A security advisory has been published for Xen. The vulnerability addressed in the advisory could potentially allow an attacker to cause a denial of service condition on the host system. Further details are available from the advisories linked below. Xen Security Advisory CVE-2021-

Summary VMWare published a security advisory, VMSA-2021-0004, that addresses two vulnerabilities in vRealize Operations, Cloud Foundation, and vRealize Suite Lifecycle Manager. Threat Type Vulnerability Overview VMWare published a security advisory, VMSA-2021-0004, that addresses two vulnerabilities in vRealize Operations, Cloud Foundation, and vRealize Suite Lifecycle Manager. The first vulnerability (CVE-2021-21975) is caused by a failure to properly validate user-provided input. An unauthenticated, remot

Summary Google has released an update to its Chrome web browser for Windows, Mac, and Linux that provides fixes for eight vulnerabilities. Of the six CVE numbered vulnerabilities noted in the advisory, Google has rated all of them as High. Threat Type Vulnerability Overview Google has released an update, version 89.0.4389.114, to its Chrome web browser for Windows, Mac, and Linux that provides fixes for eight vulnerabilities. Of the six CVE numbered vulnerabilities noted in the advisory, Google has rated al

Summary Zimperium zLabs researchers discovered a new advanced android malware package posing as "System Update". The malware exfiltrates a wide range of data using methods to limit the amount of bandwidth used in order to avoid detection. The spyware mobile app is not found on the Google Play Store. Threat Type Malware, Infostealer, Spyware, RAT Overview Zimperium zLabs researchers discovered a new advanced android malware package posing as "System Update". The malware ex-filtrates a wide range of data usin

Summary Palo Alto's Unit 42 revisits the phishing trends they observed over the past year, gaining deeper insight into the various COVID-related topics that attackers might try to exploit. Attackers continued to change their tactics to adapt to the latest pandemic trends. Threat Type Phishing Overview Palo Alto's Unit 42 revisits the phishing trends they observed over the past year, gaining deeper insight into the various COVID-related topics that attackers might try to exploit.Attackers continued to change

Summary Four new vulnerabilities for SolarWinds' Orion platform have been disclosed. One vulnerability is rated as Critical, two are rated as High, and one is rated as medium. Threat Type Vulnerability Overview SolarWinds released details on four new disclosed vulnerabilities. The first vulnerability, rated as critical, if successfully exploited could allow for remote code execution. This vulnerability requires an authenticated user in order to exploit this vulnerability. The second and third vulnerabilitie

Summary The Mozilla Foundation has issued three High-rated security advisories that address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Threat Type Vulnerability Overview The Mozilla Foundation has released Firefox 87, Firefox ESR 78.9, and Thunderbird 78.9 to cover multiple vulnerabilities. All three advisories have been rated as High. The potential impact from successful exploitation of the most serious vulnerability is the remote execution of arbitrary code. For further details, pl

Summary Cisco has published thirty-eight Security Advisories. Of the advisories, one is rated as Critical, eighteen are rated as High and nineteen are rated as Medium. Threat Type Vulnerability Overview Cisco has published thirty-eight Security Advisories. Of the advisories, one is rated as Critical, eighteen are rated as High and nineteen are rated as Medium. For all advisories listed below, it is noted that Cisco's Product Security Incident Response Team (PSIRT) is "not aware of any public announcements o

Summary Microsoft has finally fixed a vulnerability initially disclosed by a Tenable researcher back in January 2021. Threat Type Vulnerability Overview A component of Microsoft's Sysinternals utility was found in January 2021 to be vulnerable to privilege escalation. According to the release notes from Microsoft: "This update to PsExec mitigates named pipe squatting attacks that can be leveraged by an attacker to intercept credentials or elevate to System privilege. the -i command line switch is now necess

Summary In mid-February, several vulnerabilities were attacked, according to researchers with Unit 42 of Palo Alto Networks. As of this writing, the attacks are ongoing. Unit 42 provides information about these attacks and the malware discovered during analysis. Threat Type Malware Overview Threat actors have been busy with exploits against several vulnerabilities, some of which are rated as critical. Among the vulnerabilities being exploited are VisualDoor, CVE-2020-25506, CVE-2021-27561, CVE-2021-27562, C

Summary PAM update 4103.23203 contains 1 new event, 1 new moderate event response, and 1 new aggressive event response. The new events relate to the vulnerability, CVE-2021-22986, in certain F5 products. Threat Type Vulnerability Overview PAM update 4103.23203 contains 1 new event, 1 new moderate event response, and 1 new aggressive event response. The new events relate to the vulnerability, CVE-2021-22986, in certain F5 products. This content update is compatible with IBM QRadar Network Security Firmware v