MA-991.112023: MyCERT Advisory - Adobe Releases Security Updates for ColdFusion

  • 24 Nov 2023
  • Advisory
  • adobe, coldfusion, vulnerability, update

1.0 Introduction

On Nov. 14, 2023, Adobe released security updates addressing vulnerabilities affecting unpatched ColdFusion software.

2.0 Impact
Exploitation of some of these vulnerabilities may allow a malicious cyber actor to take control of an affected system.

3.0 Affected Products

ProductUpdate numberPlatform
ColdFusion 2023
 
Update 5 and earlier versions
  
All
ColdFusion 2021
 
Update 11 and earlier versionsAll

4.0 Recommendations
MyCERT urges organizations to review Adobe ColdFusion security bulletin APSB23-52 for more information and to:

Kindly visit https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html for more information.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

MA-990.112023: MyCERT Advisory - Mozilla Releases Security Updates for Firefox and Thunderbird

  • 24 Nov 2023
  • Advisory
  • mozilla, firefox, thunderbird, update

1.0 Introduction

Recently, Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird.

2.0 Impact
A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products

  • Firefox iOS
  • Firefox
  • Firefox ESR
  • Thunderbird

4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates:

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

MA-988.112023: MyCERT Advisory - VMware Releases Security Update for Cloud Director Appliance

  • 21 Nov 2023
  • Advisory
  • vmware, cloud, director, update, vulnerability

1.0 Introduction

Recently, VMware has released a security advisory addressing a vulnerability in VMWare Cloud Director Appliance. 

2.0 Impact
Cyber threat actors may exploit this vulnerability to take control of an affected system.

3.0 Affected Products
VMware Cloud Director Appliance (VCD Appliance)

4.0 Recommendations
MyCERT encourages users and administrators to review the following VMware security advisory and apply the recommended updates:

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

MA-987.112023: MyCERT Advisory - Fortinet Releases Security Updates for FortiClient and FortiGate

  • 21 Nov 2023
  • Advisory
  • fortinet, fortigate, forticlient, security, update, vulnerability

1.0 Introduction

Recently, Fortinet has released security advisories addressing vulnerabilities in FortiClient and FortiGate.

2.0 Impact
Cyber threat actors may exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products
Fortinet FortiClient and FortiGate.

4.0 Recommendations
MyCERT encourages users and administrators to review the following Fortinet security advisories and apply the recommended updates:

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

MA-986.112023: MyCERT Advisory - Microsoft Releases November 2023 Security Updates

  • 21 Nov 2023
  • Advisory
  • microsoft, update, november

1.0 Introduction

Recently, Microsoft has released updates addressing multiple vulnerabilities in Microsoft software.

2.0 Impact
A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products
Multiple Microsoft Windows and Software

4.0 Recommendations
MyCERT encourages users and administrators to review Microsoft’s November 2023 Security Update Guide and apply the necessary updates.

Kindly refer to the URL for more information: https://msrc.microsoft.com/update-guide/releaseNote/2023-Nov

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

MA-985.112023: MyCERT Advisory - Adobe Releases Security Updates for Multiple Products

  • 21 Nov 2023
  • Advisory
  • adobe, security, update

1.0 Introduction

Recently, Adobe has released security updates to address vulnerabilities affecting multiple Adobe products.

2.0 Impact
A cyber threat actor could exploit some of these vulnerabilities to take control of affected system.

3.0 Affected Products

  • Adobe ColdFusion
  • Adobe RoboHelp Server
  • Adobe Acrobat and Reader
  • Adobe InDesign
  • Adobe Photoshop
  • Adobe Bridge
  • Adobe FrameMaker Publishing Server
  • Adobe InCopy
  • Adobe Animate
  • Adobe Dimension
  • Adobe Media Encoder
  • Adobe Audition
  • Adobe Premiere Pro
  • Adobe After Effects

4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References
https://www.cisa.gov/news-events/alerts/2023/11/14/adobe-releases-security-updates-multiple-products

MA-984.112023: MyCERT Advisory - Cisco Releases Security Advisories for Multiple Products

  • 10 Nov 2023
  • Advisory
  • cisco, update, vulnerability

1.0 Introduction

Recently, Cisco released security advisories for vulnerabilities affecting multiple Cisco products.

2.0 Impact
A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products

  • Cisco Firepower Management Center Software
  • Cisco Identity Services Engine
  • Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series Firewalls
  • Cisco Firepower Threat Defense Software
  • Cisco Firepower Threat Defense Software and Firepower Management Center Software 
  • Cisco Firepower Management Center Software
  • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software 

4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates:

For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References
https://www.cisa.gov/news-events/alerts/2023/11/03/cisco-releases-security-advisories-multiple-products

MA-982.112023: MyCERT Advisory - Critical Vulnerability in F5 BIG-IP Product

  • 02 Nov 2023
  • Advisory
  • big, ip, f5, firewall, vulnerability, update

1.0 Introduction

MyCERT has observed a critical vulnerability in the F5 BIG-IP product that could be exploited to execute malicious code on vulnerable systems.

The F5 BIG-IP Configuration Utility contains an unauthenticated remote code execution (RCE) vulnerability that allows an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. The vulnerability is caused by an improper authentication mechanism in the Configuration Utility.

2.0 Impact
Successful exploitation could allow a threat actor to execute arbitrary system commands on the BIG-IP system by sending specially crafted HTTP requests to the BIG-IP system.

3.0 Affected Products

  • BIG-IP (all modules)
    • 17.1.0
    • 16.1.0 - 16.1.4
    • 15.1.0 - 15.1.10
    • 14.1.0 - 14.1.5
    • 13.1.0 - 13.1.5

4.0 Recommendations
MyCERT recommends upgrading affected versions to the fixed or most recent version released by F5. Kindly refer to the following link for more information:
https://my.f5.com/manage/s/article/K000137353

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

MA-981.112023: MyCERT Advisory - Microsoft's Monthly (Oct 2023) consolidated tech and security patches update

  • 02 Nov 2023
  • Advisory
  • microsoft, update, october

1.0 Introduction

Recently, Microsoft has released updates to address multiple vulnerabilities in Microsoft software.

2.0 Impact
A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products
Multiple Microsoft software/products and Windows Operating Systems

4.0 Recommendations
MyCERT encourages users and administrators to review Microsoft’s October 2023 Security Update Guide and apply the necessary updates. Kindly refer to the following link:
https://msrc.microsoft.com/update-guide/releaseNote/2023-oct

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

MA-980.112023: MyCERT Advisory - Critical Vulnerability in Confluence Server and Data Center

  • 02 Nov 2023
  • Advisory
  • atlassian, confluence, vulnerability, update

1.0 Introduction

Recently, Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.

2.0 Impact
This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious cyber threat actors to obtain initial access to Confluence instances by creating unauthorized Confluence administrator accounts. Threat actors exploited CVE-2023-22515 as a zero-day to obtain access to victim systems and continue active exploitation post-patch.

Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

3.0 Affected Products
The Confluence Data Center and Server versions listed below are affected by this vulnerability. Customers using these versions should upgrade your instance as soon as possible.

Versions prior to 8.0.0 are not affected by this vulnerability.

ProductAffected Versions
Confluence Data Center and Confluence Server
  • 8.0.0
  • 8.0.1
  • 8.0.2
  • 8.0.3
  • 8.0.4
  • 8.1.0
  • 8.1.1
  • 8.1.3
  • 8.1.4
  • 8.2.0
  • 8.2.1
  • 8.2.2
  • 8.2.3
  • 8.3.0
  • 8.3.1
  • 8.3.2
  • 8.4.0
  • 8.4.1
  • 8.4.2
  • 8.5.0
  • 8.5.1

Atlassian recommends that you upgrade each of your affected installations to one of the listed fixed versions (or any later version) below.

ProductFixed Versions
Confluence Data Center and Confluence Server
  • 8.3.3 or later
  • 8.4.3 or later
  • 8.5.2 (Long Term Support release) or later

For a full description of the latest versions of Confluence Data Center and Confluence Server, see the release notes, here. You can download the latest version from the download center, here.

4.0 Recommendations
4.1 Upgrade to a fixed version. (See: Upgrade Instructions)

Customers with Confluence Data Center and Server instances accessible to the public internet including with user authentication, should restrict external network access until you can upgrade.

If you cannot restrict external network access before your upgrade, apply the following interim measures to mitigate known attack vectors by blocking access to the /setup/* endpoints on Confluence instances. This is possible at the network layer or by making the following changes to Confluence configuration files.

  • On each node, modify /<confluence-install-dir>/confluence/WEB-INF/web.xml  and add the following block of code (just before the </web-app> tag at the end of the file):
    • <security-constraint>      <web-resource-collection>        <url-pattern>/setup/*</url-pattern> <http-method-omission>*</http-method-omission> </web-resource-collection>      <auth-constraint /> </security-constraint>
  • Restart Confluence.

This action will block access to setup pages that are not required for typical Confluence usage, for further details see the FAQ page below.

Note: These mitigation actions are limited and not a replacement for upgrading your instance; you must upgrade as soon as possible.

4.2 Threat detection

Atlassian cannot confirm if your instances have been affected by this vulnerability. Work with your security team to check all affected Confluence instances for evidence of compromise, as outlined below. If any evidence is found, you should assume that your instance has been compromised and evaluate the risk of flow-on effects. If your Confluence instances have been compromised, these threat attackers hold full administrative access and can perform any number of unfettered actions including - but not limited to - exfiltration of content and system credentials, and installation of malicious plugins.

Evidence of compromise may include:

  • unexpected members of the confluence-administrators group
  • unexpected newly created user accounts
  • requests to /setup/*.action in network access logs
  • presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory

If you believe you were compromised, please raise a support request as Atlassian assistance is required to recover and protect your instance.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References
[1]   Atlassian: CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server
[2]   Rapid7: CVE-2023-22515 Analysis
[3]   Microsoft: CVE-2023-22515 Exploit IP Addresses
[4]   Proofpoint: Emerging Threats Rulesets
[5]   Confluence CVE-2023-22515 Proof of Concept - vulhub
[6]   Atlassian Support: Upgrading Confluence

Showing 1-10 of 307 items.
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)