Zoom has released to public knowledge of various vulnerabilities that have been patched by Zoom in its latest 5.0.5 version series. The vulnerabilities in Zoom client could allow for arbitrary code execution and in the Giphy feature of arbituary file write. Zoom is a video conferencing solution that for Windows, macOS, and Linux systems. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code as the root user on an affected device.
One of the new enhancements in the latest version of Zoom, version 5.0.0, requires all users to update their desktop client by May 30. I encourage all UCLA users to review Zoom’s summary of the latest updates, as well as UCLA’s latest guidance for using Zoom, and to update your desktop client today.
Apple has released security updates to address vulnerabilities in multiple products. These vulnerabilities can be exploited by a remote attacker to take control of an affected system.
Review the Apple security pages for the following products and apply the necessary updates:
Multiple security vulnerabilities in the VMware products listed below. Patches and workarounds are available to remediate or workaround these vulnerabilities in affected Time-of-check Time-of-use (TOCTOU) issue (CVE-2020-3957).
Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system to access more than the user should have access to, where Fusion, VMRC and Horizon Client are installed.
Sectigo at present offers the ability to cross-sign certificates with the AddTrust legacy root to increase support among very old systems and devices. This root is due to expire at the end of May, 2020. Any applications or installations that depend on this cross-signed root must be updated by May, 2020 or run the risk of outage or displayed error message.
For more information read:
Multiple vulnerabilities have been discovered in Apple iOS, iPadOS, and watchOS, which could allow for arbitrary code execution.
Cisco has released security updates to address vulnerabilities affecting FXOS, NX-OS, and Unified Computing System (UCS) software. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway. A remote attacker could exploit this vulnerability to run arbitrary code on a targeted system. This vulnerability was detected in exploits in the wild.
Since 2015, financially motivated cybercriminal groups have actively targeted businesses in the retail, restaurant, hotel, and gaming industries at an increasing rate. Recently, the cybercriminal group FIN7,1 known for targeting such businesses through phishing emails, deployed an additional tactic of mailing USB devices via the United States Postal Service (USPS). The mailed packages sometimes include items like teddy bears or gift cards to employees of target companies working in the Human Resources (HR), Information Technology (IT), or Executive Management (EM) roles.
There has been a circulation of malicious websites pretending to be credible sources for more information on the Coronavirus-19. PLEASE double check the validity and reliability of websites you are visiting. This also includes attachments!
The UCLA IT Security Office will send out a notification to system administrators when these issues have been resolved.
Both SentinelOne and Sophos are being tested for compatibility issues with the macOS Mojave Anti-Tampering mechanism.
As with any new OS release, we recommend waiting to upgrade until the early bugs have been removed.
If a machine is currently running macOS High Sierra and the SentinelOne Next Generation Endpoint Protection agent, UCLA IT Security recommends not upgrading to macOS Mojave.
On July 14, 2019, the data breach monitoring service haveibeenpwned.com posted a database dump of approximately 101 million users who had their information exposed as part of the Evite data breach.
This breach was officially reported in June of 2019 and thought to have occurred back on February 22, 2019. Review additional information regarding this incident at Evite’s security notice webpage.
UPDATE: 6/25/19 -- This implementation has been postponed until further notice.
Since June of 2019, unidentified cyber actors have leveraged a known SharePoint vulnerability, CVE-2019-0604, to exploit notable US entities. Following widespread scanning for CVE-2019-0604 in May, June, and October 2019, respectively, cyber actors compromised the network of two identified US municipalities using CVE-2019-0604. Malicious activities included exfiltration of user information, escalation of administrative privileges, and the dropping of webshells for remote/backdoor persistent access.
Original release date: February 25, 2020
OpenSMTPD has released version 6.6.4p1 to address a critical vulnerability. A remote attacker could exploit this vulnerability to take control of an affected server. OpenSMTPD is an open-source server-side implementation of the Simple Mail Transfer Protocol (SMTP) that is part of the OpenBSD Project.
Apache Tomcat servers released in the last 13 years are vulnerable to a bug named Ghostcat that can allow hackers to takeover unpatched systems.
Discovered by Chinese cybersecurity firm Chaitin Tech, Ghostcat is a flaw in the Tomcat AJP protocol.
AJP stands for Apache JServ Protocol and is a performance-optimized version of the HTTP protocol in binary format. Tomcat uses AJP to exchange data with nearby Apache HTTPD web servers or other Tomcat instances.
Tomcat's AJP connector is enabled by default on all Tomcat servers and listens on the server's port 8009.
National Consumer Protection Week (NCPW) is March 1–7. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade Commission (FTC) and its NCPW partners provide free resources to protect consumers from fraud, scams, and identity theft.
Review FTC’s NCPW resource page tips:
Attackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable to the CVE-2020-0688 remote code execution vulnerability patched by Microsoft two weeks ago.
All Exchange Server versions up to the last released patch are exposed to potential attacks following these ongoing scans, including those currently out of support even though Microsoft's security advisory doesn't explicitly list them.