Articles

Multiple vulnerabilities have been discovered in Palo Alto PAN-OS, the most severe of which could allow for session fixation attacks. PAN-OS is an operating system for Palo Alto Network Appliances. An attacker can exploit this issue using maliciously crafted URI. The attacker uses email or other means to distribute the malicious URI and entices an unsuspecting user to follow it hijacking the user session ID. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated remote attacker to gain unauthorized access to the affected application.

Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for a denial-of-service condition. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successfully exploiting the most severe of these vulnerabilities could allow an attacker to crash the PHP process. This could allow for a denial-of-service condition once the process stops running.

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain sensitive information.

Visit the Adobe Security Bulletins to apply the necessary updates

A new method to deliver the TrickBot Trojan has been discovered on Windows 10 systems.  TrickBot has been a reliable workhorse for cybercriminals since at least 2016 and is thought to have compromised at least 250 million email accounts globally. TrickBot may be responsible for hundreds of millions of dollars in fraud losses. The recent twist takes advantage of the remote desktop ActiveX control class to automatically execute the OSTAP malware JavaScript downloader on victim machines.

The Internal Revenue Service (IRS) has issued warning of an ongoing IRS-impersonation scam targeting educational institutes, primarily students/staff who have a “.edu” email address. The phishing email appears to target individuals affiliated with education in all formats including public and private, profit and non-profit institutions.

Whether you still use and enjoy the Windows 7 operating system or not, the end-of-life date for that operating system arrives next week. Official support for Windows 7 from Microsoft ends on January 14, 2020.

Recently a significant number of UCLA hosts running MacOSX participated in a DDoS amplification attack that leveraged the Apple Remote Desktop (ARD) or Apple Remote Management Service (ARMS) services, which provides Remote Desktop and management services on MacOSX devices using UDP Port 3283.

Recommended steps to harden MacOSX against these attacks:

The FBI identified a new trend of banking trojan infections and PowerShell Empire activity preceding BitPaymer ransomware attacks.  The FBI normally issues Flash Reports like this when there is a marked increase in attack activity and exploit reports from victims.  H-ISAC urges all members to take this Flash Report seriously and follow the recommended actions and mitigation techniques.  

MITRE has released version 4.0 of the community-developed Common Weakness Enumeration (CWE) list. Previous CWE list versions describe common software security weaknesses. With version 4.0, the CWE list expands to include hardware security weaknesses. Additionally, version 4.0 simplifies the presentation of weaknesses into various views and adds a search function to enable easier navigation of the information.  Visit Common Weakness Enumeration to learn how to get involved.

Cisco has released updates to address three vulnerabilities in its software-defined networking for wide-area network (SD-WAN) Solutions software. All three flaws have been rated high severity. The issues affect a range of Cisco products that are running SD-WAN software that is older than the current version: Release 19.2.2.

Microsoft today released the latest batch of software security updates for all supported versions of its Windows operating systems and other products that patch a total of 113 new security vulnerabilities, 17 of which are critical and 96 rated important in severity.

On Friday, January 10, 2020, honeypots have detected internet-wide opportunistic scanning activity targeting vulnerable Citrix endpoints. This critical vulnerability allows unauthenticated remote attackers to execute commands on the targeted server after chaining an arbitrary file read/write (directory traversal) flaw.