Multiple Security Vulnerabilities for Adobe Products
  • Advisory
  • June 18, 2020

The vulnerabilities found in the multiple adobe products affects versions 20.1 and earlier version of adobe classics, 13.0.6 and earlier versions of the Adobe Audition, 1.5.12 and earlier versions of the adobe premiere rush, 14.2 and earlier versions of adobe premiere pro, 24.1.2 and earlier versions of adobe illustrator, and 171 and earlier versions of adobe after effects.

SaltStack FrameWork Vulnerabilities in Cisco Products
  • Advisory
  • June 19, 2020

The vulnerabilities allow an attacker who can connect to the "request server" port to bypass all authentication and authorization controls and publish arbitrary control messages, read and write files anywhere on the "master" server filesystem and steal the secret key used to authenticate to the master as root. The impact is full remote command execution as root on both the master and all minions that connect to it. The vulnerabilities are of two different classes. One being authentication bypass where functionality was unintentionally exposed to unauthenticated network clients, the other being directory traversal where untrusted input (i.e. parameters in network requests) was not sanitized correctly allowing unconstrained access to the entire filesystem of the master server.

Webex Desktop App Vulnerability
  • Advisory
  • June 24, 2020

During an internal security testing of the Cisco Meetings Desktop App (Webex), it was discovered that the application has a vulnerability that is due to improper validation of inputs supplied to the application’s URLs which if exploited can allow attacker to cause the Webex application to execute other programs that are already present on the end-user system. This vulnerability affects Cisco Webex Meetings Desktop App releases earlier than Release 39.5.12. However, Cisco has released software updates that address this vulnerability.

New EvilQuest Ransomware for macOS Systems
  • Advisory
  • July 1, 2020

The EvilQuest ransomware is discovered to encrypt the user's files as soon as it's executed. Once the file encryption scheme ends, a popup is shown to the user, letting the victim know they've been infected and their files encrypted. Then the victim is directed to open a note in the form of a text file that has been placed on their desktop. After the encryption process ends, the ransomware installs keylogger to record all the user’s keystrokes, open a reverse shell on the target computer so that the attacker can continue to access it and steal sensitive information users enter with the keyboard.  Those capabilities could allow attackers "full control over an infected host. EvilQuest appears to be solely distributed through torrenting websites and pirated versions of macOS software. Researchers have found it also bundled in a package called Google Software Update, while others have seen it hidden in pirated versions of DJ app Mixed In Key, Ableton Live and security tool Little Snitch. The malware is also able to see whether a system is running in a virtual machine, whether there are security and antivirus solutions running on the system, and to implement several persistence tricks.

 

Cisco Small Business Routers Vulnerabilities
  • Advisory
  • July 17, 2020

The reported vulnerabilities is said to affect the Cisco Small Business RV110W, RV130, RV130W and RV215W routers, and Cisco Prime License Manager. This vulnerabilities are as a result of the following:

  1.  The RV110W Wireless-N VPN Firewall routers system account has a default and static password which could allow an unauthenticated, remote attacker to take full control of the of the affected device.
  2. The RV110W, RV130, RV130W, and RV215W Routers has an improper validation of user-supplied input in the web-based management interface which could allow attackers to execute arbitrary code as a root user by sending crafted HTTP requests to a targeted device.
  3. The Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router vulnerabilities is due to improper session management on the devices which could allow attackers to bypass authentication and execute arbitrary commands with administrative commands by sending crafted HTTP request to the affected device.
  4. The Cisco Prime License Manager (PLM) Software vulnerability is due to insufficient validation of user input on the web management interface that could allow a remote attacker to gain administrative-level privileges on the system to access to an affected device by submitting a malicious request to an affected system.

Remote Access Vulnerability
  • Advisory
  • July 22, 2020

The Active Ransomware Campaign is a well-crafted and sophisticated ransomware attacks said to be a result of weak authentication, non-use of multi-factor authentication, and unpatched software. Once access is gained to a network through a remote access system, tools such as mimikatz, psexec, and Cobalt Strike is used to escalate privileges, move through the network and establish persistence on the network.