Recent News Articles

The Internal Revenue Service (IRS) has issued warning of an ongoing IRS-impersonation scam targeting educational institutes, primarily students/staff who have a “.edu” email address. The phishing email appears to target individuals affiliated with education in all formats including public and private, profit and non-profit institutions.

Committee:  UCLA Cyber-Risk and Data Privacy Governance Committee

Chair:  Cyber-Risk Responsible Executive

Executive Leader:  Administrative Vice-Chancellor and Cyber-Risk Responsible Executive Michael Beck

As we focus on research around COVID-19, cybercriminals are focused on targeting researchers. The newest attack involves a fraudulent request for an interview with a well-known New Yorker columnist, Atul Gawande. From early reports, after initial contact, it seems the cybercriminals start a back and forth communication with anyone who responds. The attacker may even set up a phone conversation but ultimately, they send a malicious Microsoft Teams-like link.

Of the 120 bugs, Microsoft ranked 17 as “critical” and 103 as “important” vulnerabilities.

Five of the critical bugs (CVE-2020-1554, CVE-2020-1492, CVE-2020-1379, CVE-2020-1477 and CVE-2020-1525) are tied to Microsoft’s Windows Media Foundation (WMF), a multimedia framework and infrastructure platform for handling digital media in Windows 7 through Windows 10 and Windows Server 2008 through 2019. August’s bugs bring the number of critical bugs to ten, points out Allan Liska, senior security architect at Recorded Future.

Netlogon Remote Protocol (MS-NRPC) provides authentication for user and computer accounts in Windows active directory domain. A vulnerability in Netlogon Remote Protocol enables an unauthenticated attacker to impersonate a domain-joined computer and obtain domain administrator privileges.

The impact of this vulnerability is high.

A vulnerability has been discovered in F5 BIG-IP Edge Client for Windows, which could allow for remote code execution. F5's BIG-IP is a family of products covering software and hardware designed around application availability, access control, and security solutions. Successful exploitation of this vulnerability allows for remote unauthenticated attackers to execute arbitrary code in the context of the application used to browse a specially-crafted web-page. This vulnerability may result in complete system compromise

Multiple vulnerabilities have been discovered in GRUB2, the most severe of which could allow for complete system compromise. GRUB2 is a popular Linux bootloader that works with UEFI secure boot. A boot loader is a piece of software that is designed to load and hand over control to the operating system when the system is first turned on. UEFI secure boot is a verification method added to the boot up process used to verify binaries loaded during bootup against a list of known trusted binary files.

In response to malicious activity targeting COVID-19 research and vaccine development in the United States, United Kingdom (UK), and Canada, the National Security Agency (NSA) released a Joint Cybersecurity Advisory to expose the threat. A malicious cyber actor is using a variety of tools and techniques to target organizations involved in COVID-19 research and vaccine development.

Zoom updates 2020 

VMware has released a security update to address a vulnerability in VeloCloud. An attacker could exploit this vulnerability to obtain sensitive information.

VMware SD-WAN by VeloCloud (VeloCloud)

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.5.

Multiple vulnerabilities have been discovered in Juniper products, the most severe of which could allow for remote code execution. Juniper is a vendor for IT, networking and cybersecurity solutions. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions.

Cisco has released a security advisory on a Telnet vulnerability—CVE-2020-10188—affecting Cisco IOS XE devices. A remote attacker could exploit this vulnerability to take control of an affected system. The advisory contains workarounds as well as indicators of compromise.

This advisory is available at the following link:

Cisco Security Advisory

The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition. Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M5 Apache Tomcat 9.0.0.M1 to 9.0.35 Apache Tomcat 8.5.0 to 8.5.55

A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

A vulnerability has been discovered in F5 BIG-IP Traffic Management User Interface (TMUI), which could allow for remote code execution. F5's BIG-IP is a family of products covering software and hardware designed around application availability, access control, and security solutions. Successful exploitation of this vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the TMUI, through the BIG-IP management port and/or Self IPs, to execute remote system commands, create or delete files, disable services, and/or execute remote Java code.

Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for an attacker gaining administrator privileges. Cisco is a vendor for IT, networking and cybersecurity solutions. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining administrator privileges. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Citrix has released security updates to address vulnerabilities in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Review the advisory.

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Microsoft Releases July 2020 Security Updates

On July 14, 2020, Microsoft released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a wormable vulnerability and has a Common Vulnerability Scoring System (CVSS) base score of 10.0.

The Apache Software Foundation has released security advisories to address multiple vulnerabilities in ApacheTomcat CVE-2020-13934 and CVE-2020-13935. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

Many of you know this already but some may not, Zoom has delayed the implementation of the waiting room and passcode changes announced back in June. The following quote is directly from a Zoom communication I received.

"While the majority of our customers have already secured their meetings with passcodes or waiting rooms, after hearing helpful feedback from those who haven't, we are extending the date for these security requirements to September 27th, 2020 to give you more time to prepare.