Security News

CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory certificate authentication issues caused by Microsoft's May 2022 updates. The flaw is an actively exploited Windows LSA spoofing vulnerability tracked as CVE-2022-26925 and confirmed to be a new PetitPotam Windows NTLM Relay attack vector.

The U.S. Cybersecurity and Infrastructure Security Agency this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. Polkit is a toolkit for controlling system-wide privileges in Unix-like operating systems, and provides a mechanism for non-privileged processes to communicate with privileged processes.

The Cybersecurity and Infrastructure Security Agency has added a high-severity Linux vulnerability known as PwnKit to its list of bugs exploited in the wild. PwnKit is a memory corruption bug that unprivileged users can exploit to gain full root privileges on Linux systems with default configurations.

CISA has urged government agencies and private sector organizations using Microsoft's Exchange cloud email platform to expedite the switch from Basic Authentication legacy authentication methods without multifactor authentication support to Modern Authentication alternatives. Basic Auth is an HTTP-based auth scheme used by apps to send credentials in plain text to servers, endpoints, or online services.

If your organization is running VMware Horizon and Unified Access Gateway servers and you haven't implemented the patches or workarounds to fix/mitigate the Log4Shell vulnerability in December 2021, you should threat all those systems as compromised, the Cybersecurity and Infrastructure Security Agency has advised on Thursday. According to the CISA, cyber threat actors, including state-sponsored advanced persistent threat actors, have continued to exploit Log4Shell in unpatched, internet-facing VMware Horizon and Unified Access Gateway servers to obtain initial access to organizations.

CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway servers using the Log4Shell remote code execution vulnerability. Attackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks until they gain access to internal systems containing sensitive data.

Fifty-six vulnerabilities - some deemed critical - have been found in industrial operational technology systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to the US government's CISA and private security researchers. Forescout's Vedere Labs discovered the bugs in devices built by ten vendors in use across the security company's customer base, and collectively named them OT:ICEFALL. According to the researchers, the vulnerabilities affect at least 324 organizations globally - and in reality this number is probably much larger since Forescout only has visibility into its own customers' OT devices.

The U.S. Cybersecurity and Infrastructure Security Agency and Food and Drug Administration have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing software. The issues impact software in medical devices used for "Clinical diagnostic use in sequencing a person's DNA or testing for various genetic conditions, or for research use only," according to the FDA. "Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level," CISA said in an alert.

In a joint advisory [PDF] this week, the FBI, CISA and US Treasury Department outlined technical details about how Karakurt operates, along with actions to take, indicators of compromise, and sample ransom notes. Karakurt doesn't target any specific sectors or industries, and the gang's victims haven't had any of their documents encrypted and held to ransom.

The Cybersecurity & Infrastructure Security Agency has added 41 vulnerabilities to its catalog of known exploited flaws over the past two days, including flaws for the Android kernel and Cisco IOS XR. The added vulnerabilities come from a wide range of years, with the oldest disclosed in 2016 and the most recent being a Cisco IOS XR vulnerability fixed last Friday. CISA has given federal agencies until June 13th, 2022, to apply security updates for the Android and Cisco vulnerabilities.