The flaws affected the Flexlan FX3000 and FX2000 series wireless LAN devices made by Contec
Daily Archives: September 14, 2022
SparklingGoblin APT Targeted Hong Kong University With New Linux Backdoor
Eset also said the same university was targeted during student protests in May 2020
AutoRabit launches devsecops tool for Salesforce environments
Devsecops firm AutoRabit is trying to address security issues arising from policy changes and misconfigurations in Salesforce environments with a new offering, CodeScan Shield.
CodeScan Shield is the next iteration of AutoRabit’s static code analysis tool, CodeScan, and elevates the capabilities of CodeScan with the help of a new module called OrgScan. The new module governs organizational policies by enforcing the security and compliance rules mandated for Salesforce environments.
With OrgScan, a dashboard is created at the end of each scan and identifies any areas of concern. This puts the control back in an organization’s hands, saving time and money, the company said.
FormBook Knocks Off Emotet As Most Used Malware in August
The report also suggested the Android spyware Joker took third place in the mobile index
CVE-2022-40139: Vulnerability in Trend Micro Apex One Exploited in the Wild
CVE-2022-40139: Vulnerability in Trend Micro Apex One Exploited in the Wild
Trend Micro has patched six vulnerabilities in its Apex One on-prem and software-as-a-service products, one of which has been exploited in the wild.
Background
On September 2, Trend Micro released an advisory for several vulnerabilities in its Apex One and Apex One software-as-a-service (SaaS) products which are used for agent-based threat detection and response.
CVE
Description
CVSSv3
CVE-2022-40139
Improper validation vulnerability in rollback functionality component
7.2
CVE-2022-40140
Source validation error vulnerability leading to denial of service
5.5
CVE-2022-40141
Information disclosure vulnerability
5.6
CVE-2022-40142
Agent link interpretation vulnerability leading to privilege escalation
7.8
CVE-2022-40143
Link interpretation vulnerability leading to privilege escalation
7.3
CVE-2022-40144
Login authentication bypass vulnerability
8.2
There is a fairly robust history of Apex One zero days. A little over a year ago, Trend Micro disclosed reports of two other zero days: CVE-2021-36741, an arbitrary file upload vulnerability, and CVE-2021-36742, a local privilege escalation. The Cybersecurity and Infrastructure Security Agency lists six vulnerabilities in Apex One in its Catalog of Known Exploited Vulnerabilities (KEV).
CVE
Description
CVSSv3
CVE-2020-8467
Remote code execution
8.8
CVE-2020-8468
Content validation escape
8.8
CVE-2020-24557
Privilege escalation
7.8
CVE-2020-8599
Arbitrary file upload vulnerability
9.8
CVE-2021-36742
Local privilege escalation (KEV lists as arbitrary file upload)
7.8
CVE-2021-36741
Arbitrary file upload vulnerability
8.8
Analysis
CVE-2022-40139 is an improper validation vulnerability in the “rollback” functionality which is used to revert Apex One agents to older versions. The vulnerability exists because Apex One agents are able download unverified components which could lead to code execution. While this vulnerability can only be exploited by an attacker with access to the Apex One administrative console, there have been reports of active exploitation.
It is also worth noting that other vulnerabilities patched in this release (and legacy vulnerabilities) could provide the administrative access required to exploit CVE-2022-40139. However, there is no indication that the other CVEs patched in this release have been exploited, yet.
Solution
The specific versions to resolve these vulnerabilities are listed below, though Trend Micro’s advisory notes that some of the vulnerabilities disclosed may have been patched in earlier releases for the SaaS product.
Vulnerable Product
Updated version
Apex One 2019 for Windows On-Prem
Apex One SP1 (b11092/11088)
Apex One (SaaS) for Windows
August 2022 Monthly Patch(202208)
Identifying affected systems
A list of Tenable plugins to identify these vulnerabilities can be found here.
Get more information
Trend Micro Apex One September 2022 Security Bulletin
Trend Micro Apex One July 2021 Security Bulletin
Join Tenable’s Security Response Team on the Tenable Community.
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.
Get a free 30-day trial of Tenable.io Vulnerability Management.
Most enterprises looking to consolidate security vendors
A total 75% of organizations across North America, Asia Pacific and EMEA plan to consolidate the number of security vendors they use, a Gartner survey of 418 respondents found. That percentage has increased significantly, as only 29% were looking to consolidate vendors in 2020. The main reasons are an increase in dissatisfaction with operational inefficiencies and lack of integration of a heterogenous security stack, the survey found.
Companies look to reduce the number of vendors they work with in key areas like secure access service edge (SASE) and extended detection and response (XDR). The survey found that 57% of organizations are working with fewer than ten vendors for their security needs.
New Sysdig cloud security software prioritizes risk, cuts remediation time
Unified container and cloud security firm Sysdig on Wednesday launched its cloud security posture management (CSPM) offering, which aggregates security findings by root cause and prioritizes remediation based on impact. The new offering consists of ToDo, an actionable checklist showing prioritized risks, and Remediation Guru, which offers guided remediation at the source.
“We consistently hear from prospects that the cloud security tools they are familiar with inundate teams with alerts and findings. Compounding the issue is cutting through the noise to know where to devote resources,” said Maya Levine, product manager at Sysdig.
One in 10 employees leaks sensitive company data every 6 months: report
Insider threats are an ongoing menace that enterprise security teams need to handle. It’s a global problem but especially acute in the US—with 47 million Americans quitting their jobs in 2021, the threat of ex-employees taking sensitive information to competitors, selling it to criminals in exchange for cash, and leaking files to media is making data exfiltration a growing concern.
About 1.4 million people who handle sensitive information in their organization globally were tracked over the period from January to June 30 this year by cybersecurity firm Cyberhaven to find out when, how and who is involved in data exfiltration.
On average, 2.5% of employees exfiltrate sensitive information in a month, but over a six-month period, nearly one in 10, or 9.4% of employees, do so, Cyberhaven noted in its report. Data exfiltration incident occurs when data is transferred outside the organization in unapproved ways.
Iranian cyberspies use multi-persona impersonation in phishing threads
One of the most prolific state-sponsored Iranian cyber espionage groups is targeting researchers from different fields by setting up sophisticated spear-phishing lures in which they use multiple fake personas inside the same email thread for increased credibility.
Security firm Proofpoint tracks the group as TA453, but it overlaps with activity that other companies have attributed to Charming Kitten, PHOSPHORUS and APT42. Incident response company Mandiant recently reported with medium confidence that APT42 operates on behalf of the Islamic Revolutionary Guard Corps (IRGC)’s Intelligence Organization (IRGC-IO) and specializes in highly targeted social engineering.
ISACs’ Possible Role in Software Supply Chain Assurance
Currently, there are two main roles that ISACs can serve in the software supply chain assurance process. Let’s examine both.