12
NATIONAL KE-CIRT/CC CYBERSECURITY UPDATES 2 nd April 2020
NATIONAL KE-CIRTCC CYBERSECURITY UPDATES
2nd April 2020
Summary Headlines
Impact Metric Against Count of Events
Critical High Medium Informative
Regional Highlights 0 0 0 1
Top Stories 0 2 0 1
System Vulnerabilities
0 2 0 0
Malware 0 2 0 0
DDoSBotnets 0 1 0 0
Spam amp Phishing 0 1 1 0
Web Security 0 2 0 0
Updates amp Alerts 0 1 0 1
Regional Highlights
Source 1 Standard ( httpswwwstandardmediacoke ) httpswwwstandardmediacokebusinessarticle2001366627survey-closure-of-firms-ngos-affect-domain-registrationImpact value InformativeSurvey Closure of firms NGOs affect domain registration The total number of domainnames between October and December last year dropped from 93003 to 91940 a newsurvey by the Communications Authority of Kenya (CA) reveals During the same periodthe National KE-CIRTCC detected 371 million cyber threats as compared to 252 millioncyber threat events detected in the period July ndash September 2019 ldquoThis was a 472percent increase as compared to the previous quarter which is attributed to anexponentially high number of malware threats detected as demonstrated by theincreased number of cyber threat advisories issued during the quarter The National KE-CIRTCC analyzed the cyber threat events detected and issued advisories to the affectedcritical information infrastructure service providers
Top Stories
Source 1 Threat Post (httpsthreatpostcom)httpsthreatpostcom44m-digital-wallet-key-ring-cloud-misconfig154260Impact value High44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig Key Ring creator of a digitalwallet app used by 14 million people across North America has exposed 44 million IDs chargecards loyalty cards gift cards and membership cards to the open internet researchers sayAccording to the research team at vpnMentor it found 44 million scans exposed in amisconfigured cloud database that included Government IDs retail club membership andloyalty cards NRA membership cards gift cards credit cards with all details exposed (includingCVV numbers) medical insurance cards and medical marijuana ID cards among others
httpsthreatpostcomzoom-removes-data-mining-linkedin-feature154404Impact value InformativeZoom Removes Data-Mining LinkedIn Feature Zoom has nixed a feature that came under fire forldquoundisclosed data miningrdquo of usersrsquo names and email addresses used to match them with theirLinkedIn profiles The feature the LinkedIn Sales Navigator is a LinkedIn service used for salesprospecting When users enter a web conference meeting the tool automatically sent their usernames and email addresses to an Zoom internal company system This system would thenmatch this data to their LinkedIn profiles according to a New York Times investigation
Source 2 The Hackers News (httpsthehackernewscom)httpsthehackernewscom202004zoom-windows-passwordhtmlImpact value HighNew Zoom Hack Lets Hackers Compromise Windows and Its Login Password Confirmed byresearcher Matthew Hickey and demonstrated by Mohamed Baset the first attack scenarioinvolves the SMBRelay technique that exploits the fact that Windows automatically exposes ausers login username and NTLM password hashes to a remote SMB server when attempting toconnect and download a file hosted on it
System vulnerabilities
Source 1 Security Week (httpswwwsecurityweekcom)httpswwwsecurityweekcompatch-released-linux-kernel-vulnerability-disclosed-hacking-contestImpact value HighLinux kernel patch A patch has been released to address a Linux kernel vulnerability thatcan allow attackers to escalate privileges on Ubuntu Desktop The vulnerability tracked asCVE-2020-8835 is classified under high severity The flaw originates from the lack ofproper validation of user-supplied eBPF programs
Source 2 Security Affairs (httpssecurityaffairsco)httpssecurityaffairscowordpress100882hackingcve-2020-0796-poc-rcehtmlImpact value HighExploits for Windows SMBGhost flaw Security experts have released proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows flaw also known as SMBGhost that can allow hackers to escalate local privileges The issue stems from a pre-remote code execution flaw that resides in the Server Message Block 30 (SMBv3) network communication protocol The vulnerability affects systems running Windows 10 Version 1903 Windows Server Version 1903 (Server Core installation) Windows 10 Version 1909 and Windows Server Version 1909 (Server Core installation)
Malware
Source 1 Trend Micro (httpsblogtrendmicrocom)httpsblogtrendmicrocomtrendlabs-security-intelligenceraccoon-stealers-abuse-of-google-cloud-services-and-multiple-delivery-techniquesImpact value HighRaccoon Stealerrsquos previous campaigns Researchers have uncovered three campaigns thatused Fallout and RIG exploit kits to drop the Raccoon stealer While the campaign leveragingthe RIG exploit was launched in July 2019 the other two campaigns using Fallout exploit kitwere carried out in October 2019 Once the Raccoon malware infected a machine itconnected to a Google Drive URL to decrypt the actual C2 server and initiate the dataexfiltration
Source 2 ZDnet (httpswwwzdnetcom)httpswwwzdnetcomarticletheres-now-covid-19-malware-that-will-wipe-your-pc-and-rewrite-your-mbrImpact value HighNew COVID-19 wiper malware Researchers have discovered several new strains of COVID-19themed malware that are designed to destroy the data stored on infected systems One ofthe new malware poses as a CoronaVirus ransomwarerdquo to distract users while it stealssensitive data such as user credentials in the background Consequently the malwarerewrites the Master Boot Record (MBR) to prevent users from recovering their infecteddevices
BotnetsDDoS
Source Security Affairs (httpssecurityaffairsco)httpssecurityaffairscowordpress100895malwarevollgar-crypto-botnethtmlImpact value HighVollgar botnet campaign Researchers spotted an active Vollgar botnet campaign that hasbeen hijacking Microsoft SQL (MSSQL) database servers for nearly two years The botnetcampaign has been launching brute-force attacks against MSSQL databases to gain adminaccess and install Monero cryptocurrency mining scripts The campaign is reportedlytargeting nearly 3000 new MSSQL databases each day
Spam amp Phishing
Source 1 Krebsonsecurity ( httpskrebsonsecuritycom )httpskrebsonsecuritycom202003phish-of-godaddy-employee-jeopardized-escrow-com-among-othersImpact value MediumPhishing attack on GoDaddycom A spear-phishing attack on GoDaddycom gave phishersthe ability to view and modify key customer records This also enabled the attackers tochange domain settings for a half-dozen GoDaddy customers including transactionbrokering site escrowcom The domain name registrar has acknowledged the incidentand revealed that it has locked the impacted accounts to prevent further changes
Source 2 Cyberscoop (httpswwwcyberscoopcom)httpswwwcyberscoopcomsilverterrier-email-scam-nigeriaImpact value HighSilverTerrier hacker group A group of Nigerian scammers called SilverTerrier hasattempted an average of more than 90000 attacks per month last year The group isspecialized in business email compromise attacks and has been around since 2014 Thegroup was responsible for a 1163 uptick in attacks against the professional and legalservices industry last year The SilverTerrier hacker group typically relies on remote-accesstrojan tools to siphon data from a victim Over the past five years the group has beentracked using 13 different RAT families to compromise usersrsquo systems
Web Security
Source 1 The Hackers News (httpsthehackernewscom)httpsthehackernewscom202004magecart-digital-skimmerhtmlImpact value HighMakeFrame skimmer attack Security researchers uncovered a new ongoing Magecart skimmercampaign that has compromised 19 different e-commerce websites so far The new skimmerdubbed MakeFrame injects HTML iframes into webpages to steal customersrsquo payment dataThe researchers have attributed the MakeFrame attacks to Magecart Group 7 due to its use ofcompromised sites to host the skimming code load the skimmer on other websites and siphonoff the stolen data
Source 2 Bleeping Computer (httpswwwbleepingcomputercom)httpswwwbleepingcomputercomnewssecuritywordpress-plugin-bug-can-be-exploited-to-create-rogue-adminsImpact value HighWordPress Plugin Bug Can Be Exploited to Create Rogue Admins Owners of WordPress sites whouse the Contact Form 7 Datepicker plugin are urged to remove or deactivate it to preventattackers from creating rogue admins or taking over admin sessions after exploiting anauthenticated stored cross-site scripting (XSS) vulnerability Contact Form 7 Datepicker is a nolonger maintained plugin designed to integrate with and to add a date field to the user interfaceof the Contact Form 7 WordPress plugin a contact form management plugin installed on over 5million websites
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-041Vulnerability Summary for the Week of March 23 2020 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpujan2020html Oracle Critical Patch Update Advisory - January 2020 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Cisco (httpstoolsciscocomsecuritycenterpublicationListingx ) httpstoolsciscocomsecuritycentercontentCiscoSecurityAdvisorycisco-sa-uccx-privesc-Zd7bvwyfImpact value HighCisco Unified Contact Center Express Privilege Escalation Vulnerability A vulnerability in theAdministration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow anauthenticated remote attacker to upload arbitrary files and execute commands on the underlyingoperating system To exploit this vulnerability an attacker needs valid Administrator credentials
Source 2 Bleeping Computer (httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityhow-to-mitigate-the-windows-font-parsing-zero-day-bug-via-gpoImpact value InformativeHow to Mitigate the Windows Font Parsing Zero-Day Bug via GPO Active Directory (AD) adminscan mitigate the recently disclosed and actively exploited remote code execution (RCE) zero-dayfound in the Windows Adobe Type Manager Library in large AD environments using group policiesMicrosoft warned on March 23 of limited ongoing targeted attacks against Windows 7 devicesattempting to exploit two unpatched vulnerabilities in the Adobe Type Manager LibraryThe security flaws impact devices running both desktop and server Windows releases includingWindows 10 Windows 81 Windows 7 and multiple versions of Windows Server
wwwke-cirtgoke
Summary Headlines
Impact Metric Against Count of Events
Critical High Medium Informative
Regional Highlights 0 0 0 1
Top Stories 0 2 0 1
System Vulnerabilities
0 2 0 0
Malware 0 2 0 0
DDoSBotnets 0 1 0 0
Spam amp Phishing 0 1 1 0
Web Security 0 2 0 0
Updates amp Alerts 0 1 0 1
Regional Highlights
Source 1 Standard ( httpswwwstandardmediacoke ) httpswwwstandardmediacokebusinessarticle2001366627survey-closure-of-firms-ngos-affect-domain-registrationImpact value InformativeSurvey Closure of firms NGOs affect domain registration The total number of domainnames between October and December last year dropped from 93003 to 91940 a newsurvey by the Communications Authority of Kenya (CA) reveals During the same periodthe National KE-CIRTCC detected 371 million cyber threats as compared to 252 millioncyber threat events detected in the period July ndash September 2019 ldquoThis was a 472percent increase as compared to the previous quarter which is attributed to anexponentially high number of malware threats detected as demonstrated by theincreased number of cyber threat advisories issued during the quarter The National KE-CIRTCC analyzed the cyber threat events detected and issued advisories to the affectedcritical information infrastructure service providers
Top Stories
Source 1 Threat Post (httpsthreatpostcom)httpsthreatpostcom44m-digital-wallet-key-ring-cloud-misconfig154260Impact value High44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig Key Ring creator of a digitalwallet app used by 14 million people across North America has exposed 44 million IDs chargecards loyalty cards gift cards and membership cards to the open internet researchers sayAccording to the research team at vpnMentor it found 44 million scans exposed in amisconfigured cloud database that included Government IDs retail club membership andloyalty cards NRA membership cards gift cards credit cards with all details exposed (includingCVV numbers) medical insurance cards and medical marijuana ID cards among others
httpsthreatpostcomzoom-removes-data-mining-linkedin-feature154404Impact value InformativeZoom Removes Data-Mining LinkedIn Feature Zoom has nixed a feature that came under fire forldquoundisclosed data miningrdquo of usersrsquo names and email addresses used to match them with theirLinkedIn profiles The feature the LinkedIn Sales Navigator is a LinkedIn service used for salesprospecting When users enter a web conference meeting the tool automatically sent their usernames and email addresses to an Zoom internal company system This system would thenmatch this data to their LinkedIn profiles according to a New York Times investigation
Source 2 The Hackers News (httpsthehackernewscom)httpsthehackernewscom202004zoom-windows-passwordhtmlImpact value HighNew Zoom Hack Lets Hackers Compromise Windows and Its Login Password Confirmed byresearcher Matthew Hickey and demonstrated by Mohamed Baset the first attack scenarioinvolves the SMBRelay technique that exploits the fact that Windows automatically exposes ausers login username and NTLM password hashes to a remote SMB server when attempting toconnect and download a file hosted on it
System vulnerabilities
Source 1 Security Week (httpswwwsecurityweekcom)httpswwwsecurityweekcompatch-released-linux-kernel-vulnerability-disclosed-hacking-contestImpact value HighLinux kernel patch A patch has been released to address a Linux kernel vulnerability thatcan allow attackers to escalate privileges on Ubuntu Desktop The vulnerability tracked asCVE-2020-8835 is classified under high severity The flaw originates from the lack ofproper validation of user-supplied eBPF programs
Source 2 Security Affairs (httpssecurityaffairsco)httpssecurityaffairscowordpress100882hackingcve-2020-0796-poc-rcehtmlImpact value HighExploits for Windows SMBGhost flaw Security experts have released proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows flaw also known as SMBGhost that can allow hackers to escalate local privileges The issue stems from a pre-remote code execution flaw that resides in the Server Message Block 30 (SMBv3) network communication protocol The vulnerability affects systems running Windows 10 Version 1903 Windows Server Version 1903 (Server Core installation) Windows 10 Version 1909 and Windows Server Version 1909 (Server Core installation)
Malware
Source 1 Trend Micro (httpsblogtrendmicrocom)httpsblogtrendmicrocomtrendlabs-security-intelligenceraccoon-stealers-abuse-of-google-cloud-services-and-multiple-delivery-techniquesImpact value HighRaccoon Stealerrsquos previous campaigns Researchers have uncovered three campaigns thatused Fallout and RIG exploit kits to drop the Raccoon stealer While the campaign leveragingthe RIG exploit was launched in July 2019 the other two campaigns using Fallout exploit kitwere carried out in October 2019 Once the Raccoon malware infected a machine itconnected to a Google Drive URL to decrypt the actual C2 server and initiate the dataexfiltration
Source 2 ZDnet (httpswwwzdnetcom)httpswwwzdnetcomarticletheres-now-covid-19-malware-that-will-wipe-your-pc-and-rewrite-your-mbrImpact value HighNew COVID-19 wiper malware Researchers have discovered several new strains of COVID-19themed malware that are designed to destroy the data stored on infected systems One ofthe new malware poses as a CoronaVirus ransomwarerdquo to distract users while it stealssensitive data such as user credentials in the background Consequently the malwarerewrites the Master Boot Record (MBR) to prevent users from recovering their infecteddevices
BotnetsDDoS
Source Security Affairs (httpssecurityaffairsco)httpssecurityaffairscowordpress100895malwarevollgar-crypto-botnethtmlImpact value HighVollgar botnet campaign Researchers spotted an active Vollgar botnet campaign that hasbeen hijacking Microsoft SQL (MSSQL) database servers for nearly two years The botnetcampaign has been launching brute-force attacks against MSSQL databases to gain adminaccess and install Monero cryptocurrency mining scripts The campaign is reportedlytargeting nearly 3000 new MSSQL databases each day
Spam amp Phishing
Source 1 Krebsonsecurity ( httpskrebsonsecuritycom )httpskrebsonsecuritycom202003phish-of-godaddy-employee-jeopardized-escrow-com-among-othersImpact value MediumPhishing attack on GoDaddycom A spear-phishing attack on GoDaddycom gave phishersthe ability to view and modify key customer records This also enabled the attackers tochange domain settings for a half-dozen GoDaddy customers including transactionbrokering site escrowcom The domain name registrar has acknowledged the incidentand revealed that it has locked the impacted accounts to prevent further changes
Source 2 Cyberscoop (httpswwwcyberscoopcom)httpswwwcyberscoopcomsilverterrier-email-scam-nigeriaImpact value HighSilverTerrier hacker group A group of Nigerian scammers called SilverTerrier hasattempted an average of more than 90000 attacks per month last year The group isspecialized in business email compromise attacks and has been around since 2014 Thegroup was responsible for a 1163 uptick in attacks against the professional and legalservices industry last year The SilverTerrier hacker group typically relies on remote-accesstrojan tools to siphon data from a victim Over the past five years the group has beentracked using 13 different RAT families to compromise usersrsquo systems
Web Security
Source 1 The Hackers News (httpsthehackernewscom)httpsthehackernewscom202004magecart-digital-skimmerhtmlImpact value HighMakeFrame skimmer attack Security researchers uncovered a new ongoing Magecart skimmercampaign that has compromised 19 different e-commerce websites so far The new skimmerdubbed MakeFrame injects HTML iframes into webpages to steal customersrsquo payment dataThe researchers have attributed the MakeFrame attacks to Magecart Group 7 due to its use ofcompromised sites to host the skimming code load the skimmer on other websites and siphonoff the stolen data
Source 2 Bleeping Computer (httpswwwbleepingcomputercom)httpswwwbleepingcomputercomnewssecuritywordpress-plugin-bug-can-be-exploited-to-create-rogue-adminsImpact value HighWordPress Plugin Bug Can Be Exploited to Create Rogue Admins Owners of WordPress sites whouse the Contact Form 7 Datepicker plugin are urged to remove or deactivate it to preventattackers from creating rogue admins or taking over admin sessions after exploiting anauthenticated stored cross-site scripting (XSS) vulnerability Contact Form 7 Datepicker is a nolonger maintained plugin designed to integrate with and to add a date field to the user interfaceof the Contact Form 7 WordPress plugin a contact form management plugin installed on over 5million websites
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-041Vulnerability Summary for the Week of March 23 2020 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpujan2020html Oracle Critical Patch Update Advisory - January 2020 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Cisco (httpstoolsciscocomsecuritycenterpublicationListingx ) httpstoolsciscocomsecuritycentercontentCiscoSecurityAdvisorycisco-sa-uccx-privesc-Zd7bvwyfImpact value HighCisco Unified Contact Center Express Privilege Escalation Vulnerability A vulnerability in theAdministration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow anauthenticated remote attacker to upload arbitrary files and execute commands on the underlyingoperating system To exploit this vulnerability an attacker needs valid Administrator credentials
Source 2 Bleeping Computer (httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityhow-to-mitigate-the-windows-font-parsing-zero-day-bug-via-gpoImpact value InformativeHow to Mitigate the Windows Font Parsing Zero-Day Bug via GPO Active Directory (AD) adminscan mitigate the recently disclosed and actively exploited remote code execution (RCE) zero-dayfound in the Windows Adobe Type Manager Library in large AD environments using group policiesMicrosoft warned on March 23 of limited ongoing targeted attacks against Windows 7 devicesattempting to exploit two unpatched vulnerabilities in the Adobe Type Manager LibraryThe security flaws impact devices running both desktop and server Windows releases includingWindows 10 Windows 81 Windows 7 and multiple versions of Windows Server
wwwke-cirtgoke
Regional Highlights
Source 1 Standard ( httpswwwstandardmediacoke ) httpswwwstandardmediacokebusinessarticle2001366627survey-closure-of-firms-ngos-affect-domain-registrationImpact value InformativeSurvey Closure of firms NGOs affect domain registration The total number of domainnames between October and December last year dropped from 93003 to 91940 a newsurvey by the Communications Authority of Kenya (CA) reveals During the same periodthe National KE-CIRTCC detected 371 million cyber threats as compared to 252 millioncyber threat events detected in the period July ndash September 2019 ldquoThis was a 472percent increase as compared to the previous quarter which is attributed to anexponentially high number of malware threats detected as demonstrated by theincreased number of cyber threat advisories issued during the quarter The National KE-CIRTCC analyzed the cyber threat events detected and issued advisories to the affectedcritical information infrastructure service providers
Top Stories
Source 1 Threat Post (httpsthreatpostcom)httpsthreatpostcom44m-digital-wallet-key-ring-cloud-misconfig154260Impact value High44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig Key Ring creator of a digitalwallet app used by 14 million people across North America has exposed 44 million IDs chargecards loyalty cards gift cards and membership cards to the open internet researchers sayAccording to the research team at vpnMentor it found 44 million scans exposed in amisconfigured cloud database that included Government IDs retail club membership andloyalty cards NRA membership cards gift cards credit cards with all details exposed (includingCVV numbers) medical insurance cards and medical marijuana ID cards among others
httpsthreatpostcomzoom-removes-data-mining-linkedin-feature154404Impact value InformativeZoom Removes Data-Mining LinkedIn Feature Zoom has nixed a feature that came under fire forldquoundisclosed data miningrdquo of usersrsquo names and email addresses used to match them with theirLinkedIn profiles The feature the LinkedIn Sales Navigator is a LinkedIn service used for salesprospecting When users enter a web conference meeting the tool automatically sent their usernames and email addresses to an Zoom internal company system This system would thenmatch this data to their LinkedIn profiles according to a New York Times investigation
Source 2 The Hackers News (httpsthehackernewscom)httpsthehackernewscom202004zoom-windows-passwordhtmlImpact value HighNew Zoom Hack Lets Hackers Compromise Windows and Its Login Password Confirmed byresearcher Matthew Hickey and demonstrated by Mohamed Baset the first attack scenarioinvolves the SMBRelay technique that exploits the fact that Windows automatically exposes ausers login username and NTLM password hashes to a remote SMB server when attempting toconnect and download a file hosted on it
System vulnerabilities
Source 1 Security Week (httpswwwsecurityweekcom)httpswwwsecurityweekcompatch-released-linux-kernel-vulnerability-disclosed-hacking-contestImpact value HighLinux kernel patch A patch has been released to address a Linux kernel vulnerability thatcan allow attackers to escalate privileges on Ubuntu Desktop The vulnerability tracked asCVE-2020-8835 is classified under high severity The flaw originates from the lack ofproper validation of user-supplied eBPF programs
Source 2 Security Affairs (httpssecurityaffairsco)httpssecurityaffairscowordpress100882hackingcve-2020-0796-poc-rcehtmlImpact value HighExploits for Windows SMBGhost flaw Security experts have released proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows flaw also known as SMBGhost that can allow hackers to escalate local privileges The issue stems from a pre-remote code execution flaw that resides in the Server Message Block 30 (SMBv3) network communication protocol The vulnerability affects systems running Windows 10 Version 1903 Windows Server Version 1903 (Server Core installation) Windows 10 Version 1909 and Windows Server Version 1909 (Server Core installation)
Malware
Source 1 Trend Micro (httpsblogtrendmicrocom)httpsblogtrendmicrocomtrendlabs-security-intelligenceraccoon-stealers-abuse-of-google-cloud-services-and-multiple-delivery-techniquesImpact value HighRaccoon Stealerrsquos previous campaigns Researchers have uncovered three campaigns thatused Fallout and RIG exploit kits to drop the Raccoon stealer While the campaign leveragingthe RIG exploit was launched in July 2019 the other two campaigns using Fallout exploit kitwere carried out in October 2019 Once the Raccoon malware infected a machine itconnected to a Google Drive URL to decrypt the actual C2 server and initiate the dataexfiltration
Source 2 ZDnet (httpswwwzdnetcom)httpswwwzdnetcomarticletheres-now-covid-19-malware-that-will-wipe-your-pc-and-rewrite-your-mbrImpact value HighNew COVID-19 wiper malware Researchers have discovered several new strains of COVID-19themed malware that are designed to destroy the data stored on infected systems One ofthe new malware poses as a CoronaVirus ransomwarerdquo to distract users while it stealssensitive data such as user credentials in the background Consequently the malwarerewrites the Master Boot Record (MBR) to prevent users from recovering their infecteddevices
BotnetsDDoS
Source Security Affairs (httpssecurityaffairsco)httpssecurityaffairscowordpress100895malwarevollgar-crypto-botnethtmlImpact value HighVollgar botnet campaign Researchers spotted an active Vollgar botnet campaign that hasbeen hijacking Microsoft SQL (MSSQL) database servers for nearly two years The botnetcampaign has been launching brute-force attacks against MSSQL databases to gain adminaccess and install Monero cryptocurrency mining scripts The campaign is reportedlytargeting nearly 3000 new MSSQL databases each day
Spam amp Phishing
Source 1 Krebsonsecurity ( httpskrebsonsecuritycom )httpskrebsonsecuritycom202003phish-of-godaddy-employee-jeopardized-escrow-com-among-othersImpact value MediumPhishing attack on GoDaddycom A spear-phishing attack on GoDaddycom gave phishersthe ability to view and modify key customer records This also enabled the attackers tochange domain settings for a half-dozen GoDaddy customers including transactionbrokering site escrowcom The domain name registrar has acknowledged the incidentand revealed that it has locked the impacted accounts to prevent further changes
Source 2 Cyberscoop (httpswwwcyberscoopcom)httpswwwcyberscoopcomsilverterrier-email-scam-nigeriaImpact value HighSilverTerrier hacker group A group of Nigerian scammers called SilverTerrier hasattempted an average of more than 90000 attacks per month last year The group isspecialized in business email compromise attacks and has been around since 2014 Thegroup was responsible for a 1163 uptick in attacks against the professional and legalservices industry last year The SilverTerrier hacker group typically relies on remote-accesstrojan tools to siphon data from a victim Over the past five years the group has beentracked using 13 different RAT families to compromise usersrsquo systems
Web Security
Source 1 The Hackers News (httpsthehackernewscom)httpsthehackernewscom202004magecart-digital-skimmerhtmlImpact value HighMakeFrame skimmer attack Security researchers uncovered a new ongoing Magecart skimmercampaign that has compromised 19 different e-commerce websites so far The new skimmerdubbed MakeFrame injects HTML iframes into webpages to steal customersrsquo payment dataThe researchers have attributed the MakeFrame attacks to Magecart Group 7 due to its use ofcompromised sites to host the skimming code load the skimmer on other websites and siphonoff the stolen data
Source 2 Bleeping Computer (httpswwwbleepingcomputercom)httpswwwbleepingcomputercomnewssecuritywordpress-plugin-bug-can-be-exploited-to-create-rogue-adminsImpact value HighWordPress Plugin Bug Can Be Exploited to Create Rogue Admins Owners of WordPress sites whouse the Contact Form 7 Datepicker plugin are urged to remove or deactivate it to preventattackers from creating rogue admins or taking over admin sessions after exploiting anauthenticated stored cross-site scripting (XSS) vulnerability Contact Form 7 Datepicker is a nolonger maintained plugin designed to integrate with and to add a date field to the user interfaceof the Contact Form 7 WordPress plugin a contact form management plugin installed on over 5million websites
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-041Vulnerability Summary for the Week of March 23 2020 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpujan2020html Oracle Critical Patch Update Advisory - January 2020 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Cisco (httpstoolsciscocomsecuritycenterpublicationListingx ) httpstoolsciscocomsecuritycentercontentCiscoSecurityAdvisorycisco-sa-uccx-privesc-Zd7bvwyfImpact value HighCisco Unified Contact Center Express Privilege Escalation Vulnerability A vulnerability in theAdministration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow anauthenticated remote attacker to upload arbitrary files and execute commands on the underlyingoperating system To exploit this vulnerability an attacker needs valid Administrator credentials
Source 2 Bleeping Computer (httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityhow-to-mitigate-the-windows-font-parsing-zero-day-bug-via-gpoImpact value InformativeHow to Mitigate the Windows Font Parsing Zero-Day Bug via GPO Active Directory (AD) adminscan mitigate the recently disclosed and actively exploited remote code execution (RCE) zero-dayfound in the Windows Adobe Type Manager Library in large AD environments using group policiesMicrosoft warned on March 23 of limited ongoing targeted attacks against Windows 7 devicesattempting to exploit two unpatched vulnerabilities in the Adobe Type Manager LibraryThe security flaws impact devices running both desktop and server Windows releases includingWindows 10 Windows 81 Windows 7 and multiple versions of Windows Server
wwwke-cirtgoke
Top Stories
Source 1 Threat Post (httpsthreatpostcom)httpsthreatpostcom44m-digital-wallet-key-ring-cloud-misconfig154260Impact value High44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig Key Ring creator of a digitalwallet app used by 14 million people across North America has exposed 44 million IDs chargecards loyalty cards gift cards and membership cards to the open internet researchers sayAccording to the research team at vpnMentor it found 44 million scans exposed in amisconfigured cloud database that included Government IDs retail club membership andloyalty cards NRA membership cards gift cards credit cards with all details exposed (includingCVV numbers) medical insurance cards and medical marijuana ID cards among others
httpsthreatpostcomzoom-removes-data-mining-linkedin-feature154404Impact value InformativeZoom Removes Data-Mining LinkedIn Feature Zoom has nixed a feature that came under fire forldquoundisclosed data miningrdquo of usersrsquo names and email addresses used to match them with theirLinkedIn profiles The feature the LinkedIn Sales Navigator is a LinkedIn service used for salesprospecting When users enter a web conference meeting the tool automatically sent their usernames and email addresses to an Zoom internal company system This system would thenmatch this data to their LinkedIn profiles according to a New York Times investigation
Source 2 The Hackers News (httpsthehackernewscom)httpsthehackernewscom202004zoom-windows-passwordhtmlImpact value HighNew Zoom Hack Lets Hackers Compromise Windows and Its Login Password Confirmed byresearcher Matthew Hickey and demonstrated by Mohamed Baset the first attack scenarioinvolves the SMBRelay technique that exploits the fact that Windows automatically exposes ausers login username and NTLM password hashes to a remote SMB server when attempting toconnect and download a file hosted on it
System vulnerabilities
Source 1 Security Week (httpswwwsecurityweekcom)httpswwwsecurityweekcompatch-released-linux-kernel-vulnerability-disclosed-hacking-contestImpact value HighLinux kernel patch A patch has been released to address a Linux kernel vulnerability thatcan allow attackers to escalate privileges on Ubuntu Desktop The vulnerability tracked asCVE-2020-8835 is classified under high severity The flaw originates from the lack ofproper validation of user-supplied eBPF programs
Source 2 Security Affairs (httpssecurityaffairsco)httpssecurityaffairscowordpress100882hackingcve-2020-0796-poc-rcehtmlImpact value HighExploits for Windows SMBGhost flaw Security experts have released proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows flaw also known as SMBGhost that can allow hackers to escalate local privileges The issue stems from a pre-remote code execution flaw that resides in the Server Message Block 30 (SMBv3) network communication protocol The vulnerability affects systems running Windows 10 Version 1903 Windows Server Version 1903 (Server Core installation) Windows 10 Version 1909 and Windows Server Version 1909 (Server Core installation)
Malware
Source 1 Trend Micro (httpsblogtrendmicrocom)httpsblogtrendmicrocomtrendlabs-security-intelligenceraccoon-stealers-abuse-of-google-cloud-services-and-multiple-delivery-techniquesImpact value HighRaccoon Stealerrsquos previous campaigns Researchers have uncovered three campaigns thatused Fallout and RIG exploit kits to drop the Raccoon stealer While the campaign leveragingthe RIG exploit was launched in July 2019 the other two campaigns using Fallout exploit kitwere carried out in October 2019 Once the Raccoon malware infected a machine itconnected to a Google Drive URL to decrypt the actual C2 server and initiate the dataexfiltration
Source 2 ZDnet (httpswwwzdnetcom)httpswwwzdnetcomarticletheres-now-covid-19-malware-that-will-wipe-your-pc-and-rewrite-your-mbrImpact value HighNew COVID-19 wiper malware Researchers have discovered several new strains of COVID-19themed malware that are designed to destroy the data stored on infected systems One ofthe new malware poses as a CoronaVirus ransomwarerdquo to distract users while it stealssensitive data such as user credentials in the background Consequently the malwarerewrites the Master Boot Record (MBR) to prevent users from recovering their infecteddevices
BotnetsDDoS
Source Security Affairs (httpssecurityaffairsco)httpssecurityaffairscowordpress100895malwarevollgar-crypto-botnethtmlImpact value HighVollgar botnet campaign Researchers spotted an active Vollgar botnet campaign that hasbeen hijacking Microsoft SQL (MSSQL) database servers for nearly two years The botnetcampaign has been launching brute-force attacks against MSSQL databases to gain adminaccess and install Monero cryptocurrency mining scripts The campaign is reportedlytargeting nearly 3000 new MSSQL databases each day
Spam amp Phishing
Source 1 Krebsonsecurity ( httpskrebsonsecuritycom )httpskrebsonsecuritycom202003phish-of-godaddy-employee-jeopardized-escrow-com-among-othersImpact value MediumPhishing attack on GoDaddycom A spear-phishing attack on GoDaddycom gave phishersthe ability to view and modify key customer records This also enabled the attackers tochange domain settings for a half-dozen GoDaddy customers including transactionbrokering site escrowcom The domain name registrar has acknowledged the incidentand revealed that it has locked the impacted accounts to prevent further changes
Source 2 Cyberscoop (httpswwwcyberscoopcom)httpswwwcyberscoopcomsilverterrier-email-scam-nigeriaImpact value HighSilverTerrier hacker group A group of Nigerian scammers called SilverTerrier hasattempted an average of more than 90000 attacks per month last year The group isspecialized in business email compromise attacks and has been around since 2014 Thegroup was responsible for a 1163 uptick in attacks against the professional and legalservices industry last year The SilverTerrier hacker group typically relies on remote-accesstrojan tools to siphon data from a victim Over the past five years the group has beentracked using 13 different RAT families to compromise usersrsquo systems
Web Security
Source 1 The Hackers News (httpsthehackernewscom)httpsthehackernewscom202004magecart-digital-skimmerhtmlImpact value HighMakeFrame skimmer attack Security researchers uncovered a new ongoing Magecart skimmercampaign that has compromised 19 different e-commerce websites so far The new skimmerdubbed MakeFrame injects HTML iframes into webpages to steal customersrsquo payment dataThe researchers have attributed the MakeFrame attacks to Magecart Group 7 due to its use ofcompromised sites to host the skimming code load the skimmer on other websites and siphonoff the stolen data
Source 2 Bleeping Computer (httpswwwbleepingcomputercom)httpswwwbleepingcomputercomnewssecuritywordpress-plugin-bug-can-be-exploited-to-create-rogue-adminsImpact value HighWordPress Plugin Bug Can Be Exploited to Create Rogue Admins Owners of WordPress sites whouse the Contact Form 7 Datepicker plugin are urged to remove or deactivate it to preventattackers from creating rogue admins or taking over admin sessions after exploiting anauthenticated stored cross-site scripting (XSS) vulnerability Contact Form 7 Datepicker is a nolonger maintained plugin designed to integrate with and to add a date field to the user interfaceof the Contact Form 7 WordPress plugin a contact form management plugin installed on over 5million websites
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-041Vulnerability Summary for the Week of March 23 2020 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpujan2020html Oracle Critical Patch Update Advisory - January 2020 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Cisco (httpstoolsciscocomsecuritycenterpublicationListingx ) httpstoolsciscocomsecuritycentercontentCiscoSecurityAdvisorycisco-sa-uccx-privesc-Zd7bvwyfImpact value HighCisco Unified Contact Center Express Privilege Escalation Vulnerability A vulnerability in theAdministration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow anauthenticated remote attacker to upload arbitrary files and execute commands on the underlyingoperating system To exploit this vulnerability an attacker needs valid Administrator credentials
Source 2 Bleeping Computer (httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityhow-to-mitigate-the-windows-font-parsing-zero-day-bug-via-gpoImpact value InformativeHow to Mitigate the Windows Font Parsing Zero-Day Bug via GPO Active Directory (AD) adminscan mitigate the recently disclosed and actively exploited remote code execution (RCE) zero-dayfound in the Windows Adobe Type Manager Library in large AD environments using group policiesMicrosoft warned on March 23 of limited ongoing targeted attacks against Windows 7 devicesattempting to exploit two unpatched vulnerabilities in the Adobe Type Manager LibraryThe security flaws impact devices running both desktop and server Windows releases includingWindows 10 Windows 81 Windows 7 and multiple versions of Windows Server
wwwke-cirtgoke
System vulnerabilities
Source 1 Security Week (httpswwwsecurityweekcom)httpswwwsecurityweekcompatch-released-linux-kernel-vulnerability-disclosed-hacking-contestImpact value HighLinux kernel patch A patch has been released to address a Linux kernel vulnerability thatcan allow attackers to escalate privileges on Ubuntu Desktop The vulnerability tracked asCVE-2020-8835 is classified under high severity The flaw originates from the lack ofproper validation of user-supplied eBPF programs
Source 2 Security Affairs (httpssecurityaffairsco)httpssecurityaffairscowordpress100882hackingcve-2020-0796-poc-rcehtmlImpact value HighExploits for Windows SMBGhost flaw Security experts have released proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows flaw also known as SMBGhost that can allow hackers to escalate local privileges The issue stems from a pre-remote code execution flaw that resides in the Server Message Block 30 (SMBv3) network communication protocol The vulnerability affects systems running Windows 10 Version 1903 Windows Server Version 1903 (Server Core installation) Windows 10 Version 1909 and Windows Server Version 1909 (Server Core installation)
Malware
Source 1 Trend Micro (httpsblogtrendmicrocom)httpsblogtrendmicrocomtrendlabs-security-intelligenceraccoon-stealers-abuse-of-google-cloud-services-and-multiple-delivery-techniquesImpact value HighRaccoon Stealerrsquos previous campaigns Researchers have uncovered three campaigns thatused Fallout and RIG exploit kits to drop the Raccoon stealer While the campaign leveragingthe RIG exploit was launched in July 2019 the other two campaigns using Fallout exploit kitwere carried out in October 2019 Once the Raccoon malware infected a machine itconnected to a Google Drive URL to decrypt the actual C2 server and initiate the dataexfiltration
Source 2 ZDnet (httpswwwzdnetcom)httpswwwzdnetcomarticletheres-now-covid-19-malware-that-will-wipe-your-pc-and-rewrite-your-mbrImpact value HighNew COVID-19 wiper malware Researchers have discovered several new strains of COVID-19themed malware that are designed to destroy the data stored on infected systems One ofthe new malware poses as a CoronaVirus ransomwarerdquo to distract users while it stealssensitive data such as user credentials in the background Consequently the malwarerewrites the Master Boot Record (MBR) to prevent users from recovering their infecteddevices
BotnetsDDoS
Source Security Affairs (httpssecurityaffairsco)httpssecurityaffairscowordpress100895malwarevollgar-crypto-botnethtmlImpact value HighVollgar botnet campaign Researchers spotted an active Vollgar botnet campaign that hasbeen hijacking Microsoft SQL (MSSQL) database servers for nearly two years The botnetcampaign has been launching brute-force attacks against MSSQL databases to gain adminaccess and install Monero cryptocurrency mining scripts The campaign is reportedlytargeting nearly 3000 new MSSQL databases each day
Spam amp Phishing
Source 1 Krebsonsecurity ( httpskrebsonsecuritycom )httpskrebsonsecuritycom202003phish-of-godaddy-employee-jeopardized-escrow-com-among-othersImpact value MediumPhishing attack on GoDaddycom A spear-phishing attack on GoDaddycom gave phishersthe ability to view and modify key customer records This also enabled the attackers tochange domain settings for a half-dozen GoDaddy customers including transactionbrokering site escrowcom The domain name registrar has acknowledged the incidentand revealed that it has locked the impacted accounts to prevent further changes
Source 2 Cyberscoop (httpswwwcyberscoopcom)httpswwwcyberscoopcomsilverterrier-email-scam-nigeriaImpact value HighSilverTerrier hacker group A group of Nigerian scammers called SilverTerrier hasattempted an average of more than 90000 attacks per month last year The group isspecialized in business email compromise attacks and has been around since 2014 Thegroup was responsible for a 1163 uptick in attacks against the professional and legalservices industry last year The SilverTerrier hacker group typically relies on remote-accesstrojan tools to siphon data from a victim Over the past five years the group has beentracked using 13 different RAT families to compromise usersrsquo systems
Web Security
Source 1 The Hackers News (httpsthehackernewscom)httpsthehackernewscom202004magecart-digital-skimmerhtmlImpact value HighMakeFrame skimmer attack Security researchers uncovered a new ongoing Magecart skimmercampaign that has compromised 19 different e-commerce websites so far The new skimmerdubbed MakeFrame injects HTML iframes into webpages to steal customersrsquo payment dataThe researchers have attributed the MakeFrame attacks to Magecart Group 7 due to its use ofcompromised sites to host the skimming code load the skimmer on other websites and siphonoff the stolen data
Source 2 Bleeping Computer (httpswwwbleepingcomputercom)httpswwwbleepingcomputercomnewssecuritywordpress-plugin-bug-can-be-exploited-to-create-rogue-adminsImpact value HighWordPress Plugin Bug Can Be Exploited to Create Rogue Admins Owners of WordPress sites whouse the Contact Form 7 Datepicker plugin are urged to remove or deactivate it to preventattackers from creating rogue admins or taking over admin sessions after exploiting anauthenticated stored cross-site scripting (XSS) vulnerability Contact Form 7 Datepicker is a nolonger maintained plugin designed to integrate with and to add a date field to the user interfaceof the Contact Form 7 WordPress plugin a contact form management plugin installed on over 5million websites
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-041Vulnerability Summary for the Week of March 23 2020 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpujan2020html Oracle Critical Patch Update Advisory - January 2020 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Cisco (httpstoolsciscocomsecuritycenterpublicationListingx ) httpstoolsciscocomsecuritycentercontentCiscoSecurityAdvisorycisco-sa-uccx-privesc-Zd7bvwyfImpact value HighCisco Unified Contact Center Express Privilege Escalation Vulnerability A vulnerability in theAdministration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow anauthenticated remote attacker to upload arbitrary files and execute commands on the underlyingoperating system To exploit this vulnerability an attacker needs valid Administrator credentials
Source 2 Bleeping Computer (httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityhow-to-mitigate-the-windows-font-parsing-zero-day-bug-via-gpoImpact value InformativeHow to Mitigate the Windows Font Parsing Zero-Day Bug via GPO Active Directory (AD) adminscan mitigate the recently disclosed and actively exploited remote code execution (RCE) zero-dayfound in the Windows Adobe Type Manager Library in large AD environments using group policiesMicrosoft warned on March 23 of limited ongoing targeted attacks against Windows 7 devicesattempting to exploit two unpatched vulnerabilities in the Adobe Type Manager LibraryThe security flaws impact devices running both desktop and server Windows releases includingWindows 10 Windows 81 Windows 7 and multiple versions of Windows Server
wwwke-cirtgoke
Malware
Source 1 Trend Micro (httpsblogtrendmicrocom)httpsblogtrendmicrocomtrendlabs-security-intelligenceraccoon-stealers-abuse-of-google-cloud-services-and-multiple-delivery-techniquesImpact value HighRaccoon Stealerrsquos previous campaigns Researchers have uncovered three campaigns thatused Fallout and RIG exploit kits to drop the Raccoon stealer While the campaign leveragingthe RIG exploit was launched in July 2019 the other two campaigns using Fallout exploit kitwere carried out in October 2019 Once the Raccoon malware infected a machine itconnected to a Google Drive URL to decrypt the actual C2 server and initiate the dataexfiltration
Source 2 ZDnet (httpswwwzdnetcom)httpswwwzdnetcomarticletheres-now-covid-19-malware-that-will-wipe-your-pc-and-rewrite-your-mbrImpact value HighNew COVID-19 wiper malware Researchers have discovered several new strains of COVID-19themed malware that are designed to destroy the data stored on infected systems One ofthe new malware poses as a CoronaVirus ransomwarerdquo to distract users while it stealssensitive data such as user credentials in the background Consequently the malwarerewrites the Master Boot Record (MBR) to prevent users from recovering their infecteddevices
BotnetsDDoS
Source Security Affairs (httpssecurityaffairsco)httpssecurityaffairscowordpress100895malwarevollgar-crypto-botnethtmlImpact value HighVollgar botnet campaign Researchers spotted an active Vollgar botnet campaign that hasbeen hijacking Microsoft SQL (MSSQL) database servers for nearly two years The botnetcampaign has been launching brute-force attacks against MSSQL databases to gain adminaccess and install Monero cryptocurrency mining scripts The campaign is reportedlytargeting nearly 3000 new MSSQL databases each day
Spam amp Phishing
Source 1 Krebsonsecurity ( httpskrebsonsecuritycom )httpskrebsonsecuritycom202003phish-of-godaddy-employee-jeopardized-escrow-com-among-othersImpact value MediumPhishing attack on GoDaddycom A spear-phishing attack on GoDaddycom gave phishersthe ability to view and modify key customer records This also enabled the attackers tochange domain settings for a half-dozen GoDaddy customers including transactionbrokering site escrowcom The domain name registrar has acknowledged the incidentand revealed that it has locked the impacted accounts to prevent further changes
Source 2 Cyberscoop (httpswwwcyberscoopcom)httpswwwcyberscoopcomsilverterrier-email-scam-nigeriaImpact value HighSilverTerrier hacker group A group of Nigerian scammers called SilverTerrier hasattempted an average of more than 90000 attacks per month last year The group isspecialized in business email compromise attacks and has been around since 2014 Thegroup was responsible for a 1163 uptick in attacks against the professional and legalservices industry last year The SilverTerrier hacker group typically relies on remote-accesstrojan tools to siphon data from a victim Over the past five years the group has beentracked using 13 different RAT families to compromise usersrsquo systems
Web Security
Source 1 The Hackers News (httpsthehackernewscom)httpsthehackernewscom202004magecart-digital-skimmerhtmlImpact value HighMakeFrame skimmer attack Security researchers uncovered a new ongoing Magecart skimmercampaign that has compromised 19 different e-commerce websites so far The new skimmerdubbed MakeFrame injects HTML iframes into webpages to steal customersrsquo payment dataThe researchers have attributed the MakeFrame attacks to Magecart Group 7 due to its use ofcompromised sites to host the skimming code load the skimmer on other websites and siphonoff the stolen data
Source 2 Bleeping Computer (httpswwwbleepingcomputercom)httpswwwbleepingcomputercomnewssecuritywordpress-plugin-bug-can-be-exploited-to-create-rogue-adminsImpact value HighWordPress Plugin Bug Can Be Exploited to Create Rogue Admins Owners of WordPress sites whouse the Contact Form 7 Datepicker plugin are urged to remove or deactivate it to preventattackers from creating rogue admins or taking over admin sessions after exploiting anauthenticated stored cross-site scripting (XSS) vulnerability Contact Form 7 Datepicker is a nolonger maintained plugin designed to integrate with and to add a date field to the user interfaceof the Contact Form 7 WordPress plugin a contact form management plugin installed on over 5million websites
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-041Vulnerability Summary for the Week of March 23 2020 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpujan2020html Oracle Critical Patch Update Advisory - January 2020 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Cisco (httpstoolsciscocomsecuritycenterpublicationListingx ) httpstoolsciscocomsecuritycentercontentCiscoSecurityAdvisorycisco-sa-uccx-privesc-Zd7bvwyfImpact value HighCisco Unified Contact Center Express Privilege Escalation Vulnerability A vulnerability in theAdministration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow anauthenticated remote attacker to upload arbitrary files and execute commands on the underlyingoperating system To exploit this vulnerability an attacker needs valid Administrator credentials
Source 2 Bleeping Computer (httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityhow-to-mitigate-the-windows-font-parsing-zero-day-bug-via-gpoImpact value InformativeHow to Mitigate the Windows Font Parsing Zero-Day Bug via GPO Active Directory (AD) adminscan mitigate the recently disclosed and actively exploited remote code execution (RCE) zero-dayfound in the Windows Adobe Type Manager Library in large AD environments using group policiesMicrosoft warned on March 23 of limited ongoing targeted attacks against Windows 7 devicesattempting to exploit two unpatched vulnerabilities in the Adobe Type Manager LibraryThe security flaws impact devices running both desktop and server Windows releases includingWindows 10 Windows 81 Windows 7 and multiple versions of Windows Server
wwwke-cirtgoke
BotnetsDDoS
Source Security Affairs (httpssecurityaffairsco)httpssecurityaffairscowordpress100895malwarevollgar-crypto-botnethtmlImpact value HighVollgar botnet campaign Researchers spotted an active Vollgar botnet campaign that hasbeen hijacking Microsoft SQL (MSSQL) database servers for nearly two years The botnetcampaign has been launching brute-force attacks against MSSQL databases to gain adminaccess and install Monero cryptocurrency mining scripts The campaign is reportedlytargeting nearly 3000 new MSSQL databases each day
Spam amp Phishing
Source 1 Krebsonsecurity ( httpskrebsonsecuritycom )httpskrebsonsecuritycom202003phish-of-godaddy-employee-jeopardized-escrow-com-among-othersImpact value MediumPhishing attack on GoDaddycom A spear-phishing attack on GoDaddycom gave phishersthe ability to view and modify key customer records This also enabled the attackers tochange domain settings for a half-dozen GoDaddy customers including transactionbrokering site escrowcom The domain name registrar has acknowledged the incidentand revealed that it has locked the impacted accounts to prevent further changes
Source 2 Cyberscoop (httpswwwcyberscoopcom)httpswwwcyberscoopcomsilverterrier-email-scam-nigeriaImpact value HighSilverTerrier hacker group A group of Nigerian scammers called SilverTerrier hasattempted an average of more than 90000 attacks per month last year The group isspecialized in business email compromise attacks and has been around since 2014 Thegroup was responsible for a 1163 uptick in attacks against the professional and legalservices industry last year The SilverTerrier hacker group typically relies on remote-accesstrojan tools to siphon data from a victim Over the past five years the group has beentracked using 13 different RAT families to compromise usersrsquo systems
Web Security
Source 1 The Hackers News (httpsthehackernewscom)httpsthehackernewscom202004magecart-digital-skimmerhtmlImpact value HighMakeFrame skimmer attack Security researchers uncovered a new ongoing Magecart skimmercampaign that has compromised 19 different e-commerce websites so far The new skimmerdubbed MakeFrame injects HTML iframes into webpages to steal customersrsquo payment dataThe researchers have attributed the MakeFrame attacks to Magecart Group 7 due to its use ofcompromised sites to host the skimming code load the skimmer on other websites and siphonoff the stolen data
Source 2 Bleeping Computer (httpswwwbleepingcomputercom)httpswwwbleepingcomputercomnewssecuritywordpress-plugin-bug-can-be-exploited-to-create-rogue-adminsImpact value HighWordPress Plugin Bug Can Be Exploited to Create Rogue Admins Owners of WordPress sites whouse the Contact Form 7 Datepicker plugin are urged to remove or deactivate it to preventattackers from creating rogue admins or taking over admin sessions after exploiting anauthenticated stored cross-site scripting (XSS) vulnerability Contact Form 7 Datepicker is a nolonger maintained plugin designed to integrate with and to add a date field to the user interfaceof the Contact Form 7 WordPress plugin a contact form management plugin installed on over 5million websites
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-041Vulnerability Summary for the Week of March 23 2020 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpujan2020html Oracle Critical Patch Update Advisory - January 2020 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Cisco (httpstoolsciscocomsecuritycenterpublicationListingx ) httpstoolsciscocomsecuritycentercontentCiscoSecurityAdvisorycisco-sa-uccx-privesc-Zd7bvwyfImpact value HighCisco Unified Contact Center Express Privilege Escalation Vulnerability A vulnerability in theAdministration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow anauthenticated remote attacker to upload arbitrary files and execute commands on the underlyingoperating system To exploit this vulnerability an attacker needs valid Administrator credentials
Source 2 Bleeping Computer (httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityhow-to-mitigate-the-windows-font-parsing-zero-day-bug-via-gpoImpact value InformativeHow to Mitigate the Windows Font Parsing Zero-Day Bug via GPO Active Directory (AD) adminscan mitigate the recently disclosed and actively exploited remote code execution (RCE) zero-dayfound in the Windows Adobe Type Manager Library in large AD environments using group policiesMicrosoft warned on March 23 of limited ongoing targeted attacks against Windows 7 devicesattempting to exploit two unpatched vulnerabilities in the Adobe Type Manager LibraryThe security flaws impact devices running both desktop and server Windows releases includingWindows 10 Windows 81 Windows 7 and multiple versions of Windows Server
wwwke-cirtgoke
Spam amp Phishing
Source 1 Krebsonsecurity ( httpskrebsonsecuritycom )httpskrebsonsecuritycom202003phish-of-godaddy-employee-jeopardized-escrow-com-among-othersImpact value MediumPhishing attack on GoDaddycom A spear-phishing attack on GoDaddycom gave phishersthe ability to view and modify key customer records This also enabled the attackers tochange domain settings for a half-dozen GoDaddy customers including transactionbrokering site escrowcom The domain name registrar has acknowledged the incidentand revealed that it has locked the impacted accounts to prevent further changes
Source 2 Cyberscoop (httpswwwcyberscoopcom)httpswwwcyberscoopcomsilverterrier-email-scam-nigeriaImpact value HighSilverTerrier hacker group A group of Nigerian scammers called SilverTerrier hasattempted an average of more than 90000 attacks per month last year The group isspecialized in business email compromise attacks and has been around since 2014 Thegroup was responsible for a 1163 uptick in attacks against the professional and legalservices industry last year The SilverTerrier hacker group typically relies on remote-accesstrojan tools to siphon data from a victim Over the past five years the group has beentracked using 13 different RAT families to compromise usersrsquo systems
Web Security
Source 1 The Hackers News (httpsthehackernewscom)httpsthehackernewscom202004magecart-digital-skimmerhtmlImpact value HighMakeFrame skimmer attack Security researchers uncovered a new ongoing Magecart skimmercampaign that has compromised 19 different e-commerce websites so far The new skimmerdubbed MakeFrame injects HTML iframes into webpages to steal customersrsquo payment dataThe researchers have attributed the MakeFrame attacks to Magecart Group 7 due to its use ofcompromised sites to host the skimming code load the skimmer on other websites and siphonoff the stolen data
Source 2 Bleeping Computer (httpswwwbleepingcomputercom)httpswwwbleepingcomputercomnewssecuritywordpress-plugin-bug-can-be-exploited-to-create-rogue-adminsImpact value HighWordPress Plugin Bug Can Be Exploited to Create Rogue Admins Owners of WordPress sites whouse the Contact Form 7 Datepicker plugin are urged to remove or deactivate it to preventattackers from creating rogue admins or taking over admin sessions after exploiting anauthenticated stored cross-site scripting (XSS) vulnerability Contact Form 7 Datepicker is a nolonger maintained plugin designed to integrate with and to add a date field to the user interfaceof the Contact Form 7 WordPress plugin a contact form management plugin installed on over 5million websites
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-041Vulnerability Summary for the Week of March 23 2020 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpujan2020html Oracle Critical Patch Update Advisory - January 2020 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Cisco (httpstoolsciscocomsecuritycenterpublicationListingx ) httpstoolsciscocomsecuritycentercontentCiscoSecurityAdvisorycisco-sa-uccx-privesc-Zd7bvwyfImpact value HighCisco Unified Contact Center Express Privilege Escalation Vulnerability A vulnerability in theAdministration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow anauthenticated remote attacker to upload arbitrary files and execute commands on the underlyingoperating system To exploit this vulnerability an attacker needs valid Administrator credentials
Source 2 Bleeping Computer (httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityhow-to-mitigate-the-windows-font-parsing-zero-day-bug-via-gpoImpact value InformativeHow to Mitigate the Windows Font Parsing Zero-Day Bug via GPO Active Directory (AD) adminscan mitigate the recently disclosed and actively exploited remote code execution (RCE) zero-dayfound in the Windows Adobe Type Manager Library in large AD environments using group policiesMicrosoft warned on March 23 of limited ongoing targeted attacks against Windows 7 devicesattempting to exploit two unpatched vulnerabilities in the Adobe Type Manager LibraryThe security flaws impact devices running both desktop and server Windows releases includingWindows 10 Windows 81 Windows 7 and multiple versions of Windows Server
wwwke-cirtgoke
Web Security
Source 1 The Hackers News (httpsthehackernewscom)httpsthehackernewscom202004magecart-digital-skimmerhtmlImpact value HighMakeFrame skimmer attack Security researchers uncovered a new ongoing Magecart skimmercampaign that has compromised 19 different e-commerce websites so far The new skimmerdubbed MakeFrame injects HTML iframes into webpages to steal customersrsquo payment dataThe researchers have attributed the MakeFrame attacks to Magecart Group 7 due to its use ofcompromised sites to host the skimming code load the skimmer on other websites and siphonoff the stolen data
Source 2 Bleeping Computer (httpswwwbleepingcomputercom)httpswwwbleepingcomputercomnewssecuritywordpress-plugin-bug-can-be-exploited-to-create-rogue-adminsImpact value HighWordPress Plugin Bug Can Be Exploited to Create Rogue Admins Owners of WordPress sites whouse the Contact Form 7 Datepicker plugin are urged to remove or deactivate it to preventattackers from creating rogue admins or taking over admin sessions after exploiting anauthenticated stored cross-site scripting (XSS) vulnerability Contact Form 7 Datepicker is a nolonger maintained plugin designed to integrate with and to add a date field to the user interfaceof the Contact Form 7 WordPress plugin a contact form management plugin installed on over 5million websites
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-041Vulnerability Summary for the Week of March 23 2020 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpujan2020html Oracle Critical Patch Update Advisory - January 2020 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Cisco (httpstoolsciscocomsecuritycenterpublicationListingx ) httpstoolsciscocomsecuritycentercontentCiscoSecurityAdvisorycisco-sa-uccx-privesc-Zd7bvwyfImpact value HighCisco Unified Contact Center Express Privilege Escalation Vulnerability A vulnerability in theAdministration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow anauthenticated remote attacker to upload arbitrary files and execute commands on the underlyingoperating system To exploit this vulnerability an attacker needs valid Administrator credentials
Source 2 Bleeping Computer (httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityhow-to-mitigate-the-windows-font-parsing-zero-day-bug-via-gpoImpact value InformativeHow to Mitigate the Windows Font Parsing Zero-Day Bug via GPO Active Directory (AD) adminscan mitigate the recently disclosed and actively exploited remote code execution (RCE) zero-dayfound in the Windows Adobe Type Manager Library in large AD environments using group policiesMicrosoft warned on March 23 of limited ongoing targeted attacks against Windows 7 devicesattempting to exploit two unpatched vulnerabilities in the Adobe Type Manager LibraryThe security flaws impact devices running both desktop and server Windows releases includingWindows 10 Windows 81 Windows 7 and multiple versions of Windows Server
wwwke-cirtgoke
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-041Vulnerability Summary for the Week of March 23 2020 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpujan2020html Oracle Critical Patch Update Advisory - January 2020 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Cisco (httpstoolsciscocomsecuritycenterpublicationListingx ) httpstoolsciscocomsecuritycentercontentCiscoSecurityAdvisorycisco-sa-uccx-privesc-Zd7bvwyfImpact value HighCisco Unified Contact Center Express Privilege Escalation Vulnerability A vulnerability in theAdministration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow anauthenticated remote attacker to upload arbitrary files and execute commands on the underlyingoperating system To exploit this vulnerability an attacker needs valid Administrator credentials
Source 2 Bleeping Computer (httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityhow-to-mitigate-the-windows-font-parsing-zero-day-bug-via-gpoImpact value InformativeHow to Mitigate the Windows Font Parsing Zero-Day Bug via GPO Active Directory (AD) adminscan mitigate the recently disclosed and actively exploited remote code execution (RCE) zero-dayfound in the Windows Adobe Type Manager Library in large AD environments using group policiesMicrosoft warned on March 23 of limited ongoing targeted attacks against Windows 7 devicesattempting to exploit two unpatched vulnerabilities in the Adobe Type Manager LibraryThe security flaws impact devices running both desktop and server Windows releases includingWindows 10 Windows 81 Windows 7 and multiple versions of Windows Server
wwwke-cirtgoke
Updates ampAlerts
Source 1 Cisco (httpstoolsciscocomsecuritycenterpublicationListingx ) httpstoolsciscocomsecuritycentercontentCiscoSecurityAdvisorycisco-sa-uccx-privesc-Zd7bvwyfImpact value HighCisco Unified Contact Center Express Privilege Escalation Vulnerability A vulnerability in theAdministration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow anauthenticated remote attacker to upload arbitrary files and execute commands on the underlyingoperating system To exploit this vulnerability an attacker needs valid Administrator credentials
Source 2 Bleeping Computer (httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityhow-to-mitigate-the-windows-font-parsing-zero-day-bug-via-gpoImpact value InformativeHow to Mitigate the Windows Font Parsing Zero-Day Bug via GPO Active Directory (AD) adminscan mitigate the recently disclosed and actively exploited remote code execution (RCE) zero-dayfound in the Windows Adobe Type Manager Library in large AD environments using group policiesMicrosoft warned on March 23 of limited ongoing targeted attacks against Windows 7 devicesattempting to exploit two unpatched vulnerabilities in the Adobe Type Manager LibraryThe security flaws impact devices running both desktop and server Windows releases includingWindows 10 Windows 81 Windows 7 and multiple versions of Windows Server
wwwke-cirtgoke
wwwke-cirtgoke
