Cybersecurity Weekly Briefing June 27-July 3

ElevenPaths    3 July, 2020

Adobe, Mastercard and Visa Warn of the Need to Upgrade to Magento 2.x

Payment providers Visa and Mastercard, together with Adobe, have tried for the last time to convince online shop owners to upgrade their platforms to the Magento 2.x version. On June 30, Magento 1.x platform has reached its official end of life date (EOL), after which Adobe plans to stop providing security updates. Last week, Adobe released the latest security updates for Magento 1.x but, unfortunately, despite the fact that online shop owners know since late 2018 that this EOL was approaching, many have not acted. About 75% of Magento stores currently still operate with version 1.x. Once the 1.x branch reaches the EOL, any new Magento 1.x exploits will be a disaster for the online store market since there will be no patches available. Due to the large amount of major changes between the two versions, many online store owners have chosen to stay with the previous 1.x version and avoid having to redeploy their stores from scratch.

More information: https://www.zdnet.com/article/adobe-mastercard-visa-warn-online-store-owners-of-magento-1-x-eol/

Critical Vulnerability in PAN-OS

Palo Alto has issued a security advisory to report a new vulnerability (CVE-2020-2021) that has been given a maximum base severity in the manufacturer’s bulletin: CVSSv3 of 10, since it is a remote, low complexity vulnerability, with no previous requirements or need for interaction with third parties. It is an authentication bypass vulnerability when SAML authentication is enabled and the Validate Identity Provider Certificate option is disabled. Exploiting the vulnerability for GlobalProtect Gateways, GlobalProtect Portal, VPN Clients, Captive Portal and Prisma Access products would allow a malicious user with network access to the vulnerable server to gain access to the resource, if allowed by the device configuration and policies applied. Regarding Panorama’s PAN-OS and web interface, exploiting the vulnerability would allow an unauthenticated remote user with network access to the vulnerable system to gain access as an administrator. Currently, there is no evidence of the vulnerability being exploited, although following information from the USCC, a tweet was posted alerting of the need for urgent patching. Before carrying out the update, it is recommended to check the manufacturer’s indications in the bulletin and to follow the previously recommended steps. Telefónica is taking the necessary actions to detect and patch the vulnerability.

Learn more: https://security.paloaltonetworks.com/CVE-2020-2021

Microsoft Security Updates

Microsoft has released emergency patches that address two bugs in the Windows 10 and Windows Server 2019 Codecs library. The two vulnerabilities were reported to the firm by the researcher Abdul-Aziz Hariri last March.

  • CVE-2020-1425: This is a critical-severity vulnerability that, if exploited, would allow a threat actor to access valuable information from the affected system, thus opening the possibility of future use with the aim of compromising the victim’s machine.
  •  CVE-2020-1457: This is an important-severity vulnerability that could allow an attacker to execute arbitrary code on an affected system.

Microsoft guarantees that customers and users do not need to take any action to fix this issue, since they will receive the updates automatically. 

More details: https://searchsecurity.techtarget.com/news/252485557/Microsoft-fixes-Windows-Codecs-flaws-with-emergency-patches

Critical Vulnerabilities in Apache Guacamole

Check Point researchers have discovered multiple critical reverse RDP vulnerabilities in Apache Guacamole, an open-source remote desktop application used by system administrators to access and manage Windows and Linux machines remotely. These vulnerabilities would allow an attacker who had previously compromised the computer to reattack through Guacamole when a user remotely connected to the infected computer. This would allow the threat actor to gain full control of Apache Guacamole server and intercept and control all sessions connected to the server. Apache has already deployed patches to mitigate this threat.

More: https://blog.checkpoint.com/2020/07/02/hole-y-guacamole-fixing-critical-vulnerabilities-in-apaches-popular-remote-desktop-gateway/

Agent Tesla Distribution Campaign Impersonating Logistics Companies

This week a new wave of a malspam campaign has been detected, targeting users and entities in the Spanish area and aimed at the distribution of the keylogger & infostealer Agent Tesla. The e-mails pretend to come from the messaging company TIBA, in the same way that last week the company GLS was impersonated. The content of these emails refers to a supposed delivery that the user is waiting for, and says that he or she can check more details by clicking on a link included within the email. This link leads to a free file hosting service (mediafire.com) where a compressed file in 7z format containing a malicious executable named “Detalles de envio.exe” is downloaded. 

Leave a Reply

Your email address will not be published. Required fields are marked *