Everything you need to measure, manage, and reduce your cyber risk in one place
See entire attack surface, continuously maintain your CMDB, and track EOL/EOS software
Gain an attacker’s view of your external internet-facing assets and unauthorized software
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster
Consolidate & translate security & vulnerability findings from 3rd party tools
Automate scanning in CI/CD environments with shift left DAST testing
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Efficiently remediate vulnerabilities and patch systems
Quickly create custom scripts and controls for faster, more automated remediation
Address critical vulnerabilities with flexible, patchless solutions
Advanced endpoint threat protection, improved threat context, and alert prioritization
Extend detection and response beyond the endpoint to the enterprise
Reduce risk, and comply with internal policies and external regulations with ease
Reduce alert noise and safeguard files from nefarious actors and cyber threats
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.
Detect and remediate security issues within IaC templates
Manage your security posture and risk across your entire SaaS application stack
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.
Discover, track, and continuously secure containers – from build to runtime
Everything you need to measure, manage, and reduce your cyber risk in one place
Contact us below to request a quote, or for any product-related questions
See entire attack surface, continuously maintain your CMDB, and track EOL/EOS software
Gain an attacker’s view of your external internet-facing assets and unauthorized software
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster
Consolidate & translate security & vulnerability findings from 3rd party tools
Discover, track, and continuously secure containers – from build to runtime
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Automate scanning in CI/CD environments with shift left DAST testing
Efficiently remediate vulnerabilities and patch systems
Quickly create custom scripts and controls for faster, more automated remediation
Address critical vulnerabilities with flexible, patchless solutions
Advanced endpoint threat protection, improved threat context, and alert prioritization
Extend detection and response beyond the endpoint to the enterprise
Reduce risk, and comply with internal policies and external regulations with ease
Reduce alert noise and safeguard files from nefarious actors and cyber threats
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.
Detect and remediate security issues within IaC templates
Manage your security posture and risk across your entire SaaS application stack
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.
Discover, track, and continuously secure containers – from build to runtime
Vol. 22, Num. 08
This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter.
Archived issues may be found at the SANS @RISK Newletter Archive.
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES February 17-24, 2022
TOP VULNERABILITY THIS WEEK: Five critical vulnerabilities in Cisco RV routers could lead to code execution
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Cisco warns of several vulnerabilities in routers aimed at small and mid-sized businesses
Description: Cisco recently disclosed 15 vulnerabilities in its RV series of wireless routers, five of which are considered critical. The RV routers are aimed at small and mid-sized businesses’ networks. Three of the vulnerabilities have the highest possible severity rating — including a remote code execution vulnerability and an issue that could allow an attacker to elevate their privileges. When taken as a group, an attacker could exploit any of these vulnerabilities to carry out several malicious actions, including executing arbitrary commands and code, bypass authentication processes and cause a denial of service.
References: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D
SNORT® SIDs: 58967 – 58972, 58984, 58987 - 58989
Title: Vulnerability in Hancom Office could lead to memory corruption, code execution
Description: Cisco Talos recently discovered a vulnerability in Hancom Office — a popular software suite in South Korea — that could allow an attacker to corrupt memory on the targeted machine or execute remote code. Hancom Office offers similar services to that of Microsoft Office, including word processing and spreadsheet creation and management. CVE-2021-21958 exists in Hancom Office’s HwordApp.dll. An attacker-created malicious document could trigger a heap-based buffer overflow, eventually leading to code execution and/or memory corruption if the attacker follows a specific attack vector.
References: https://blog.talosintelligence.com/2022/02/vuln-spotlight-.html
SNORT® SIDs: 58365 and 58366
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
CISA launched a new “Shields Up” campaign and website to inform critical infrastructure operators how to spot signs of potential intrusions from Russian state-sponsored actors.
https://www.usatoday.com/story/news/politics/2022/02/18/biden-administration-goes-shields-up-protect-u-s-russian-cyber-attack/6853643001/
British leaders issued similar warnings, stating potential attacks from Russia could have “international consequences.”
https://www.reuters.com/technology/britain-warns-cyberattacks-russia-ukraine-crisis-escalates-2022-02-22/
Research conducted by Chainalysis found that 74 percent of all ransomware extortion payments, more than $400 million in 2021, are going to Russian-linked threat actors.
https://www.bbc.com/news/technology-60378009
A Seattle-based logistics company had to shut down much of its operations across the globe after a cyber attack Tuesday, noting that the company was implementing a restoration from backup systems.
https://www.zdnet.com/article/billion-dollar-logistics-giant-expeditors-struggling-to-recover-from-cyberattack/
RECENT VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
COMPILED BY THE QUALYS VULNERABILITY RESEARCH TEAM
This is a list of recent vulnerabilities for which exploits are available. System administrators can use this list to help in prioritization of their remediation activities. The Qualys Vulnerability Research Team compiles this information based on various exploit frameworks, exploit databases, exploit kits and monitoring of internet activity.
ID: CVE-2021-39675
Title: Heap buffer overflow in Google Android 12.0 gki buffer.cc
Description: In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Product: AndroidVersions: Android-12Android ID: A-205729183
CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
ID: CVE-2022-20699
Title: DoS exec code bypass vulnerability in the Cisco Small Business RV345
Description: The vulnerability is introduced when processing specific HTTP requests due to insufficient boundary checks. By sending malicious HTTP queries to a susceptible SSL VPN Gateway device, a threat actor could exploit this issue. On successful exploitation, the attacker might get root access to the target device and execute code remotely.
CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
ID: CVE-2022-20700, CVE-2022-20701, CVE-2022-20700
Title: DoS exec code bypass vulnerability in the Cisco Small Business RV345
Description: Because of insufficient authorization enforcement mechanisms, the flaws can be triggered by submitting specific commands to an affected device. The vulnerability affects Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers.
CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
MOST PREVALENT MALWARE FILES February 17-24, 2022
COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
SHA 256: e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934
MD5: 93fefc3e88ffb78abb36365fa5cf857c
VirusTotal: https://www.virustotal.com/gui/file/e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934/details
Typical Filename: Wextract
Claimed Product: Internet Explorer
Detection Name: PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg
SHA 256: 792bc2254ce371be35fcba29b88a228d0c6e892f9a525c330bcbc4862b9765d0
MD5: b46b60327c12290e13b86e75d53114ae
VirusTotal: https://www.virustotal.com/gui/file/792bc2254ce371be35fcba29b88a228d0c6e892f9a525c330bcbc4862b9765d0/details
Typical Filename: NAPA_HQ_SetW10config.exe
Claimed Product: N/A
Detection Name: W32.File.MalParent
SHA 256: 125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645
MD5: 2c8ea737a232fd03ab80db672d50a17a
VirusTotal: https://www.virustotal.com/gui/file/125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645/details
Typical Filename: LwssPlayer.scr
Claimed Product: ?????????
Detection Name: Auto.125E12.241442.in02
SHA 256: 3321b8ee0cafe7d336a93913c455bebbb821622c011ce10a9198a49392a3bb66
MD5: ed249eeca5364b32391801ec5c2d9a33
VirusTotal: https://www.virustotal.com/gui/file/3321b8ee0cafe7d336a93913c455bebbb821622c011ce10a9198a49392a3bb66/details
Typical Filename: Wave Browser.exe
Claimed Product: WaveBrowser
Detection Name: W32.PUA.Wavebrowser.Hunt.Talos
SHA 256: 59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa
MD5: df11b3105df8d7c70e7b501e210e3cc3
VirusTotal: https://www.virustotal.com/gui/file/59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa/details
Typical Filename: DOC001.exe
Claimed Product: N/A
Detection Name: Win.Worm.Coinminer::1201