Ajay Verma 21:45
Severity Rating: Medium

Software Affected
·         ISC BIND versions 9.11.14 to 9.11.19
·         ISC BIND versions 9.14.9 to 9.14.12
·         ISC BIND versions 9.16.0 to 9.16.3
·         ISC BIND versions 9.11.14-S1 to 9.11.19-S1

Overview
Multiple vulnerabilities have been reported in ISC BIND which could allow a
remote attacker to cause denial of service conditions on a targeted system.

Description
1. Denial of Service Vulnerability ( CVE-2020-8618 )
This vulnerability exists in BIND due to an error in rdataset.c. A remote
attacker could exploit this vulnerability by sending zone data of a
specially constructed zone to the affected server via zone transfer.

Successful exploitation of this vulnerability could allow the attacker to
cause denial of service conditions on the targeted system.

2. Denial of Service Vulnerability ( CVE-2020-8619 )
This vulnerability exists in BIND due to an error in rbtdb.c. A remote
attacker could exploit this vulnerability by changing zone content to
introduce a specially crafted record.

Successful exploitation of this vulnerability could allow the attacker to
cause denial of service conditions on the targeted system.

Solution
Update to the latest versions as available at the following URL:

Vendor Information
ISC

References
Debian Security Tracker

CVE Name
CVE-2020-8618
CVE-2020-8619

Read more [..]

Ajay Verma 21:44
Severity Rating: HIGH

Software Affected
·         AC1450  D6220, D6300, D6400, D7000v2, D8500, DC112A, DGN2200,
DGN2200v4, DGN2200M, DGND3700, EX3700,                 EX3800, EX3920,
EX6000, EX6100, EX6120, EX6130, EX6150, EX6200, EX6920, EX7000
·         LG2200D, MBM621, MBR624GU, MBR1200, MBR1515. MBR1516, MBRN3000,
MVBR1210C
·         R4500, R6200, R6200v2, R6250, R6300, R6300v2, R6400, R6400v2,
R6700, R6700v3, R6900, R6900P, R7000.
·         R7000P, R7100LG, R7300, R7850, R7900, R8000, R8300, R8500, RS400
·         WGR614v8, WGR614v9, WGR614v10, WGT624v4, WN2500RP, WN2500RPv2,
WN3000RP, WN3100RP, WN3500RP, WNCE3001, WNDR3300, WNDR3300v2, WNDR3400,
WNDR3400v2, WNDR3400v3.
·         WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR834Bv2,
WNR1000v3, WNR2000v2, WNR3500, WNR3500v2, WNR3500L, WNR3500Lv2, XR300.   

Overview
A remote execution vulnerability have been reported in NETGEAR Routers
which could allow a remote attacker to bypass the authentication to gain
control, obtain root privilege, and attack on the internal computer over
the LAN.   

Description
This vulnerability exists within httpd service listen on port 80 by default
due to lack of proper validation of the length of user-supplied data prior
to copying it to a fixed-length, stack-based buffer. This vulnerability
allows to create special crafted string to execute remote code command on
the router without authentication.

Successful exploitation of these vulnerabilities could allow the attacker
to execute code in the context of root, configure port forwarding, and
attack on the internal computer over the LAN.

Solution
Apply appropriate patches or workarounds as mentioned in NETGEAR.
Vendor Information
NETGEAR
ties-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders

References
ZDI

GRIMM Blog
Threat Post

Bleeping Computers
k-full-takeover-due-to-unpatched-bug/

Read more [..]

Ajay Verma 21:42
Severity Rating: Medium


Software Affected

Mozilla Firefox for iOS versions 26.0 and prior

Overview

A vulnerability has been reported in Mozilla Firefox for iOS that could

allow a remote attacker to gain access to sensitive information on the

targeted system.


Description

This vulnerability exists in Mozilla Firefox for iOS due to incorrect usage

of the API for 'WKWebViewConfiguration' which required the private

instance of this object to be deleted when leaving private mode. A remote

attacker could exploit this vulnerability by enticing the user to view a

specially crafted web page which resulted in non-clearance of IndexedDB

when leaving the private browsing mode.


Successful exploitation of this vulnerability could allow the attacker to

gain access to sensitive information on the targeted system.           .


Solution

Update to version 27.0 from Apple App Store.


Vendor Information

Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/


Reference

Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/


IBM

https://exchange.xforce.ibmcloud.com/vulnerabilities/184013



CVE Name

CVE-2020-12414 


Read more [..]

Ajay Verma 21:41
Severity Rating: Medium                                        

Systems Affected

FortiAnalyzer 6.2.x, on models supporting FortiRecorder, versions prior to
6.2.4
FortiAnalyzer 6.4.x, on models supporting FortiRecorder, versions prior to
6.4.1
Overview

A vulnerability has been reported in FortiAnalyzer that could allow a
remote attacker to cause denial of service (DoS) condition on the targeted
system.

 Description

This vulnerability exists in FortiAnalyzer due to an insufficient control
of network message volume. An unauthenticated remote attacker could exploit
this vulnerability by sending specially crafted mode 6 queries to the
FortiAnalyzer built-in NTP server and perform NTP amplification attacks on
the targeted system.

Successful exploitation of this vulnerability could allow the attacker to
cause denial of service (DoS) condition on the targeted system

Solution

Upgrade to FortiAnalyzer 6.2.4 or 6.4.1

Vendor Information

Fortiguard

References

Fortiguard

Read more [..]

Ajay Verma 02:22
It has been reported that Google has removed 106 extension of the Google
Chrome browser from the Chrome Web Store which were found collecting
sensitive user data. These extensions reportedly posed as tools to improve
web searches, convert files between different formats, as security
scanners, and more.

It has also been found that these extensions contained code to bypass
Google's Chrome Web Store security scans. They had the ability to take
screenshots, read the clipboard, harvest authentication cookies or grab
user keystrokes to read passwords and other confidential information.

Recommendations
·         Uninstall extensions with IDs given in the IOCs section. Users
can visit the chrome://extensions page, then enable Developer Mode and see
if they installed any of the malicious extensions and remove them from
their browsers.
·         Users of Google Chrome browser are advised to exercise caution
while installing browser extensions.
·         Install only extensions which are absolutely needed and refer
User reviews before installing extensions.
·         Uninstall extensions which are not in use.
·         Do not install extensions from unverified sources.

References


https://arstechnica.com/information-technology/2020/06/chrome-extensions-with-33-million-downloads-slurped-sensitive-user-data/

IOCs (Extension IDs)
acmnokigkgihogfbeooklgemindnbine
apgohnlmnmkblgfplgnlmkjcpocgfomp
apjnadhmhgdobcdanndaphcpmnjbnfng
bahkljhhdeciiaodlkppoonappfnheoi
bannaglhmenocdjcmlkhkcciioaepfpj
bgffinjklipdhacmidehoncomokcmjh
bifdhahddjbdbjmiekcnmeiffabcfjgh
bjpknhldlbknoidifkjnnkpginjgkgnm
blngdeeenccpfjbkolalandfmiinhkak
ccdfhjebekpopcelcfkpgagbehppkadi
cceejgojinihpakmciijfdgafhpchigo
cebjhmljaodmgmcaecenghhikkjdfabo
chbpnonhcgdbcpicacolalkgjlcjkbbd
cifafogcmckphmnbeipgkpfbjphmajbc
clopbiaijcfolfmjebjinippgmdkkppj
cpgoblgcfemdmaolmfhpoifikehgbjbf
dcmjopnlojhkngkmagminjbiahokmfig
deiiiklocnibjflinkfmefpofgcfhdga
dipecofobdcjnpffbkmfkdbfmjfjfgmn
dopkmmcoegcjggfanajnindneifffpck
dopmojabcdlfbnppmjeaajclohofnbol
edcepmkpdojmciieeijebkodahjfliif
ekbecnhekcpbfgdchfjcfmnocdfpcanj
elflophcopcglipligoibfejllmndhmp
eogfeijdemimhpfhlpjoifeckijeejkc
fcobokliblbalmjmahdebcdalglnieii
fgafnjobnempajahhgebbbpkpegcdlbf
fgcomdacecoimaejookmlcfogngmfmli
fgmeppijnhhafacemgoocgelcflipnfd
fhanjgcjamaagccdkanegeefdpdkeban
flfkimeelfnpapcgmobfgfifhackkend
fmahbaepkpdimfcjpopjklankbbhdobk
foebfmkeamadbhjcdglihfijdaohomlm
fpngnlpmkfkhodklbljnncdcmkiopide
gdifegeihkihjbkkgdijkcpkjekoicbl
gfcmbgjehfhemioddkpcipehdfnjmief
gfdefkjpjdbiiclhimebabkmclmiiegk
ggijmaajgdkdijomfipnpdfijcnodpip
ghgjhnkjohlnmngbniijbkidigifekaa
gllihgnfnbpdmnppfjdlkciijkddfohn
gmmohhcojdhgbjjahhpkfhbapgcfgfne
gofhadkfcffpjdbonbladicjdbkpickk
hapicipmkalhnklammmfdblkngahelln
hijipblimhboccjcnnjnjelcdmceeafa
hmamdkecijcegebmhndhcihjjkndbjgk
hodfejbmfdhcgolcglcojkpfdjjdepji
hpfijbjnmddglpmogpaeofdbehkpball
ianfonfnhjeidghdegbkbbjgliiciiic
ibfjiddieiljjjccjemgnoopkpmpniej
inhdgbalcopmbpjfincjponejamhaeop
iondldgmpaoekbgabgconiajpbkebkin
ipagcbjbgailmjeaojmpiddflpbgjngl
jagbooldjnemiedoagckjomjegkopfno
jdheollkkpfglhohnpgkonecdealeebn
jfefcmidfkpncdkjkkghhmjkafanhiam
jfgkpeobcmjlocjpfgocelimhppdmigj
jghiljaagglmcdeopnjkfhcikjnddhhc
jgjakaebbliafihodjhpkpankimhckdf
jiiinmeiedloeiabcgkdcbbpfelmbaff
jkdngiblfdmfjhiahibnnhcjncehcgab
jkofpdjclecgjcfomkaajhhmmhnninia
kbdbmddhlgckaggdapibpihadohhelao
keceijnpfmmlnebgnkhojinbkopolaom
khhemdcdllgomlbleegjdpbeflgbomcj
kjdcopljcgiekkmjhinmcpioncofoclg
kjgaljeofmfgjfipajjeeflbknekghma
labpefoeghdmpbfijhnnejdmnjccgplc
lameokaalbmnhgapanlloeichlbjloak
lbeekfefglldjjenkaekhnogoplpmfin
lbhddhdfbcdcfbbbmimncbakkjobaedh
ldoiiiffclpggehajofeffljablcodif
lhjdepbplpkgmghgiphdjpnagpmhijbg
ljddilebjpmmomoppeemckhpilhmoaok
ljnfpiodfojmjfbiechgkbkhikfbknjc
lnedcnepmplnjmfdiclhbfhneconamoj
lnlkgfpceclfhomgocnnenmadlhanghf
loigeafmbglngofpkkddgobapkkcaena
lpajppfbbiafpmbeompbinpigbemekcg
majekhlfhmeeplofdolkddbecmgjgplm
mapafdeimlgplbahigmhneiibemhgcnc
mcfeaailfhmpdphgnheboncfiikfkenn
mgkjakldpclhkfadefnoncnjkiaffpkp
mhinpnedhapjlbgnhcifjdkklbeefbpa
mihiainclhehjnklijgpokdpldjmjdap
mmkakbkmcnchdopphcbphjioggaanmim
mopkkgobjofbkkgemcidkndbglkcfhjj
mpifmhgignilkmeckejgamolchmgfdom
nabmpeienmkmicpjckkgihobgleppbkc
nahhmpbckpgdidfnmfkfgiflpjijilce
ncepfbpjhkahgdemgmjmcgbgnfdinnhk
npaklgbiblcbpokaiddpmmbknncnbljb
npdfkclmbnoklkdebjfodpendkepbjek
nplenkhhmalidgamfdejkblbaihndkcm
oalfdomffplbcimjikgaklfamodahpmi
odnakbaioopckimfnkllgijmkikhfhhf
oklejhdbgggnfaggiidiaokelehcfjdp
omgeapkgiddakeoklcapboapbamdgmhp
oonbcpdabjcggcklopgbdagbfnkhbgbe
opahibnipmkjincplepgjiiinbfmppmh
pamchlfnkebmjbfbknoclehcpfclbhpl
pcfapghfanllmbdfiipeiihpkojekckk
pchfjdkempbhcjdifpfphmgdmnmadgce
pdpcpceofkopegffcdnffeenbfdldock
pgahbiaijngfmbbijfgmchcnkipajgha
pidohlmjfgjbafgfleommlolmbjdcpal
pilplloabdedfmialnfchjomjmpjcoej
pklmnoldkkoholegljdkibjjhmegpjep
pknkncdfjlncijifekldbjmeaiakdbof
plmgefkiicjfchonlmnbabfebpnpckkk
pnciakodcdnehobpfcjcnnlcpmjlpkac
ponodoigcmkglddlljanchegmkgkhmgb

Read more [..]

Ajay Verma 23:05
Severity Rating: High     

Software Affected:
·         Rails prior to 6.0.3.2

Overview
A Remote Code Execution vulnerability has been reported in Rails which
could allow a remote attacker to execute malicious arbitrary code on the
targeted system.

Description
This vulnerability exists in Rails due to improper handling of pending
migrations by the affected Rails app running in production. A remote
attacker could exploit this vulnerability by executing any migrations that
are pending for a Rails application running in production mode.

Successful exploitation of this vulnerability could allow a remote attacker
to execute malicious arbitrary code on the targeted system.

Solution:
Apply appropriate security updates as mentioned in the Rails Advisory:

Vendor Information

References

CVE Name
CVE-2020-8185

Read more [..]

Ajay Verma 23:03
Severity Rating: High

Software Affected
·         Google Chrome versions prior to 83.0.4103.116

Overview
A vulnerability has been reported in Google Chrome that could allow a
remote attacker to execute arbitrary code on the targeted system.

Description
This vulnerability exists in Google Chrome due to use-after-free error in
extensions. A remote attacker could exploit this vulnerability by creating
a specially crafted web page on the targeted system.

Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary code on the targeted system.

Solution
·         Upgrade to Google Chrome 83.0.4103.116

Vendor Information
Google Chrome

References
Google Chrome


CVE Name
CVE-2020-6509

Read more [..]

Ajay Verma 23:02
Severity Rating: High

Systems Affected
·        Bitdefender Total Security 2020 versions prior to 24.0.20.116

Overview
A vulnerability has been reported in Bitdefender Total Security 2020 that
could allow a remote attacker to execute arbitrary code on the targeted
system.

Description
This vulnerability exists due to insufficient URL sanitization and
validation in SafePay browser component of Bitdefender Total Security 2020.
A remote attacker could exploit this vulnerability by enticing an
unsuspected victim to visit a specially crafted web page and execute
arbitrary commands inside the Safepay Utility process.

Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary code on the targeted system.

Best Practices
Users are urged not to visit un-trusted websites or follow links provided
by unknown or un-trusted sources.
Apply the Principle of Least Privilege to all systems and services.
Solution

Upgrade to Bitdefender Total Security 2020 versions 24.0.20.116

Vendor Information
Bitdefender

References
Bitdefender

CISecurity

CVE Name
CVE-2020-8631

Read more [..]

Ajay Verma 23:00
Severity Rating: High

Software Affected
Cisco IOS XE Software.

Overview
A vulnerability have been reported in Cisco devices which could allow
remote attacker to execute arbitrary code on targeted device.

Description
A buffer overflow vulnerability exists in telnetd due to incorrect bounds
checks in the services handling of short writes or urgent data. An attacker
could exploit this vulnerability by sending specially crafted telnet
packets to achieve arbitrary code execution in the telnet server.

Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary code on targeted device.

Solution
Apply appropriate updates as mentioned in:

Vendor Information
CISCO


Reference

CISCO

CVE Name
(CVE-2020-10188)

Read more [..]

Ajay Verma 22:48
Severity Rating: Medium

Software Affected
Cisco Webex Meetings Desktop App for Windows releases prior to 40.4.12 and 40.6.0.

Overview
A vulnerability have been reported in Cisco Webex Meetings Desktop App for
Windows which could allow an authenticated, local attacker to gain access
to sensitive information on an affected system.

Description
 Information Disclosure Vulnerability
A Vulnerability exists in Cisco Webex Meetings Desktop App for Windows due
to unsafe usage of shared memory that is used by the affected software site
that could allow the attacker to gain access to sensitive information on an
affected system. An attacker could exploit this vulnerability by running an
application on the local system that is designed to read shared memory.

Successful exploitation of this vulnerability could allow the attacker to
retrieve sensitive information from the shared memory, including usernames,
meeting information, or authentication tokens that could aid the attacker
in future attacks.

Solution
Apply appropriate updates as mentioned in:

Vendor Information
CISCO

Reference
CISCO

CVE Name
(CVE-2020-3347)

Read more [..]

Ajay Verma 22:46
Severity rating: High
Software affected
·         IBM Db2 version 9.7
·         IBM Db2 version 10.1
·         IBM Db2 version 10.5
·         IBM Db2 version 11.1
·         IBM Db2 version 11.5
·         IBM i2 Analyze version 4.3.0
·         IBM i2 Analyze version 4.3.1
·         IBM i2 Analyze version 4.3.2

Overview
Multiple vulnerabilities have been reported in IBM DB2 which could allow an
attacker to gain elevated privileges or cause denial of service conditions
on the targeted system.

Description
1.     Buffer Overflow Vulnerability (CVE-2020-4204)
This vulnerability exists in IBM DB2 due to improper bounds checking. A
local attacker could exploit this vulnerability to execute arbitrary code
with root privileges.

2.     Denial of Service Vulnerability (CVE-2020-4135)                    
This vulnerability exists in IBM DB2 due to uncontrolled resource
consumption. An attacker could exploit this vulnerability by sending
specially crafted packets to the DB2 server resulting in high usage of
memory.

Successful exploitation of this vulnerability could allow the attacker to
cause denial of service conditions resulting in the DB2 to stop working.

3.     Privilege Escalation Vulnerability (CVE-2020-4230)
This vulnerability exists in IBM DB2 due to improper privilege management.
A local attacker could exploit this vulnerability by executing specially
crafted DB2 commands resulting in modification of the owner of stored
procedures to SYSIBM.

Successful exploitation of this vulnerability could allow the attacker to
gain privileges on the target system.

4.     Denial of Service Vulnerability (CVE-2020-4200)
This vulnerability exists in IBM DB2 when a local attacker using a JDBC
client sends specially crafted commands to the DB2 server.

Successful exploitation of this vulnerability could allow the attacker to
cause denial of service conditions resulting in the DB2 to stop working.

5.     Denial of Service Vulnerability (CVE-2020-4161)
This vulnerability exists in IBM DB2 due to improper handling of certain
commands. A local attacker could exploit this vulnerability by sending
specially crafted commands to the DB2 server.

Successful exploitation of this vulnerability could allow the attacker to
cause denial of service conditions resulting in the DB2 to stop working.

Solution
Apply appropriate updates mentioned in the IBM Security Bulletin:

Vendor Information
IBM

References
IBM

IBM X-Force Exchange


CVE Name
CVE-2020-4230
CVE-2020-4135
CVE-2020-4204
CVE-2020-4200
CVE-2020-4161

Read more [..]

Ajay Verma 22:44
Severity Rating: High

Software Affected
·         Drupal  Version prior to 7.x
·         Drupal  Version prior to 8.8.x
·         Drupal  Version prior to 8.9.x
·         Drupal  Version prior to 9.0.x

Overview
Multiple vulnerabilities have been reported in Drupal which could lead to
execute remote code, bypass certain security restriction and Cross site
request forgery on the targeted system.

Description
1.      Cross Site Request Forgery Vulnerability

This vulnerability exists in Drupal core due to improper handling of the
certain form input by the affected software. A remote attacker could
exploit this vulnerability by visiting a malicious site through cross site
requests.

Successful exploitation of this vulnerability could lead to other
vulnerabilities.

2.      Remote Code Execution Vulnerability

This vulnerability exists in Drupal core due to improper handling of the
file system by the affected Drupal core software. A remote attacker could
exploit this vulnerability by visiting a malicious site that could result
in creating a carefully named directory on the file system.

Successful exploitation of this vulnerability could attempt to brute force
remote code execution vulnerability.

3.      Access bypass Vulnerability

This vulnerability exists in Drupal core due to improper handling of the
validation requests by the affected software. A remote attacker could
exploit this vulnerability by visiting  sites that have the read_only set
to FALSE under jsonapi.settings config are vulnerable.

Successful exploitation of this vulnerability could lead to Access bypass
of the targeted system.

Solution

Apply appropriate updates as mentioned in the following URLs.

Vendor Information

Drupal

References
Drupal

Read more [..]

Ajay Verma 21:43
Severity Rating: High

Software Affected
·         Internet Explorer 11 for
·         Windows 10 Version 2004 for x64-based Systems and  ARM64-based Systems
·         Windows 10 Version 1803 for 32-bit Systems, x64-based Systems and ARM64-based Systems
·         Windows 10 Version 1809 for 32-bit Systems,  x64-based Systems and ARM64-based Systems
·         Windows 10 Version 1909 for 32-bit Systems,  x64-based Systems and ARM64-based Systems
·         Windows 10 Version 1709 for 32-bit Systems, x64-based Systems and ARM64-based Systems
·         Windows 10 Version 1903 for 32-bit Systems, x64-based Systems and ARM64-based Systems
·         Windows 10 Version 1607 for 32-bit Systems and for x64-based Systems
·         Windows 10 for 32-bit Systems and x64-based Systems
·         Windows 10 Version 2004 for 32-bit Systems
·         Windows 7 for 32-bit Systems Service Pack 1 and x64-based Systems Service Pack 1
·         Windows 8.1 for 32-bit systems and x64-based systems
·         Windows Server 2008 R2 for x64-based Systems Service Pack 1
·         Windows RT 8.1
·         Windows Server 2012 R2
·         Windows Server 2012
·         Windows Server 2016
·         Windows Server 2019
·         Internet Explorer 9 for
·         Windows Server 2008 for 32-bit Systems Service Pack 2
·         Windows Server 2008 for x64-based Systems Service Pack 2

Overview
Multiple remote code execution vulnerabilities has been reported in Microsoft VBScript which could allow a remote attacker to execute arbitrary
code on the targeted system.

Description
These vulnerabilities exists in Microsoft VBScript due to improper handling
of objects in memory by VBScript engine. A remote attacker could exploit
this vulnerability by hosting a specially crafted website that is designed
to exploit the vulnerability through Internet Explorer and then convince a
user to view the website.

Successful exploitation of this Vulnerability could allow the attackers to
execute arbitrary code in the context of the current user and could take
control of an affected system.   

Solution
Apply appropriate patches as mentioned in Microsoft Security Guidance

Vendor Information
Microsoft

Reference
Microsoft

CVE Name
CVE-2020-1213
CVE-2020-1216
CVE-2020-1260

Read more [..]

Ajay Verma 04:46
Severity Rating: HIGH

Software Affected
    Google Chrome versions prior to 83.0.4103.97
    Google Chrome for IOS prior to 83.0.4103.88

Overview
Multiple vulnerabilities have been reported in Google Chrome that could
allow a remote attacker to execute arbitrary code, conduct spoofing attack,
bypass security restrictions and access sensitive information on the
targeted system.

Description
These vulnerabilities exist in Google Chrome due to use-after-free error
within the Web Authentication and payments component, insufficient
validation of user-supplied input in payments and progress display
component, insufficient policy enforcement in developer tools and Omnibox.
A remote attacker could exploit these vulnerabilities by creating a
specially crafted webpage on the targeted system.

Successful exploitation of these vulnerabilities could allow the attacker
to execute arbitrary code, conduct spoofing attack,bypass security
restrictions and access sensitive information on the targeted system.

Solution
    Upgrade to Google Chrome 83.0.4103.97
    Upgrade to Google Chrome for IOS 83.0.4103.88

Vendor Information
Google Chrome
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html

References
Google Chrome
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html

CVE Name
CVE-2020-6493
CVE-2020-6494
CVE-2020-6495
CVE-2020-6496
CVE-2020-6497
CVE-2020-6498

Read more [..]

Ajay Verma 21:57

Severity Rating: High

Software Affected
Cisco Webex Meetings Desktop App for Mac  releases prior to  Release 39.5.11.
Cisco Webex Meetings Desktop App releases prior to Release 39.5.12.

Overview
A vulnerability have been reported in the software update feature of Cisco
Webex Meetings Desktop App which could allow an unauthenticated, remote
attacker to execute arbitrary code and programs on an affected system.

Description
1.Code Execution Vulnerability Cisco Webex Meetings Desktop App for Mac
(CVE-2020-3342)
A Vulnerability exists in the software update feature of Cisco Webex
Meetings Desktop App for Mac due to improper validation of cryptographic
protections on files that are downloaded by the application as part of a
software that could allow the attacker to execute arbitrary code on an
affected system. An attacker could exploit this vulnerability by persuading
a user to go to a website that returns files to the client that are similar
to files that are returned from a valid Webex website. The client may fail
to properly validate the cryptographic protections of the provided files
before executing them as part of an update.

Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary code on the affected system with the privileges of the
user.

2. Program Execution Vulnerability Cisco Webex Meetings Desktop App
(CVE-2020-3263)
A Vulnerability exists in Cisco Webex Meetings Desktop App due to improper
validation of input that is supplied to application URLs that could allow
the attacker to execute programs on an affected end-user system. An
attacker could exploit this vulnerability by persuading a user to follow a
malicious URL.

 Successful exploitation of this vulnerability could allow the attacker to
cause the application to execute programs and arbitrary code on the
affected system .

Solution
Apply appropriate updates as mentioned in:


Vendor Information
CISCO


Reference
CISCO


CVE Name
(CVE-2020-3342)
(CVE-2020-3263)

Read more [..]

Ajay Verma 21:55
Severity Rating: HIGH

Software Affected
Cisco TelePresence Collaboration Endpoint Software and RoomOS Software

Overview
A vulnerability have been reported in the software upgrade process of Cisco
TelePresence Collaboration Endpoint Software and Cisco RoomOS Software 
which could allow an authenticated, remote attacker to modify the file
system to cause a denial of service (DoS) or gain privileged access to the
root file system.

Description
A Vulnerability exists in the software upgrade process of Cisco
TelePresence Collaboration Endpoint Software and Cisco RoomOS Software due
to insufficient input validation that could allow the attacker to modify
the file system to cause a denial of service (DoS) or gain privileged
access to the root file system. An attacker could exploit this
vulnerability by sending requests with malformed parameters to the system
using the console, Secure Shell (SSH), or web API. 

Successful exploitation of this vulnerability could allow the attacker to
modify the device configuration or cause a DoS.

Solution
Apply appropriate updates as mentioned in: 


Vendor Information
CISCO

References
CISCO

CVE Name
CVE-2020-3336

Read more [..]

Ajay Verma 21:54
Severity Rating: High
Systems Affected
Implementations of Treck TCP/IP Stack software library version 6.0.1.66 and prior

Overview
Multiple vulnerabilities have been reported in Treck TCP/IP software
library, which could be exploited by a remote attacker to gain access to
sensitive information or perform a denial of service (DoS) attack or
execute arbitrary code and take control of an affected system.

Description
Treck TCP/IP stack software is designed for and used in a variety of IoT
and embedded systems. The software can be licensed and integrated in
various ways, including compiled from source, licensed for modification and
reuse and finally as a dynamic or static linked library.

The vulnerabilities exist due to improper handling of length parameter
inconsistency, improper input validation, out-of-bounds read, integer
overflow, improper null termination, and improper access control of the
affected system.

Successful exploitation of these vulnerabilities allow a remote attacker to
execute arbitrary code, gain access to sensitive information or perform a
denial of service (DoS) attack on the target system.

Solution
Update to the latest version of Treck TCP/IP stack software (6.0.1.67 or later)

Vendor Information
Treck

Cisco

HP

Intel

Schneider Electric

References
Treck Inc.

CVE Name
CVE-2020-11896
CVE-2020-11897
CVE-2020-11898
CVE-2020-11899
CVE-2020-11900
CVE-2020-11901
CVE-2020-11902
CVE-2020-11903
CVE-2020-11904
CVE-2020-11905
CVE-2020-11906
CVE-2020-11907
CVE-2020-11908
CVE-2020-11909
CVE-2020-11910
CVE-2020-11911
CVE-2020-11912
CVE-2020-11913
CVE-2020-11914

Read more [..]

Ajay Verma 21:52
Severity Rating: HIGH

Systems Affected
Facebook Messenger Desktop application version 460.16
Overview

A vulnerability has been reported in Facebook Messenger desktop application
for Windows operating systems which could allow an attacker to execute
malicious files already present on a compromised system.

Description
This vulnerability exists in Facebook Messenger client call to Windows
Powershell at the path ¿C: \ python27¿ which corresponds to a directory
created by the Python interpreter installer. 

Successful exploitation of this vulnerability could allow an attacker to
execute malicious files already present on a compromised system, allowing
the malware to gain persistence and extended access to the system.

Solution
Upgrade to Facebook Messenger Desktop version 480.5 


References

Read more [..]

Ajay Verma 21:51
Severity Rating: High

Software Affected
·         Windows 10 Version 1903 for 32-bit Systems
·         Windows 10 Version 1903 for x64-based Systems

Overview
A vulnerability has been reported in Microsoft Windows which could allow an
attacker to gain elevated privileges of the target system.

Description
This vulnerability exists in the Microsoft Spatial Data Service due to an
error while handling objects in memory. An attacker could exploit this
vulnerability by logging on to the system and executing a specially crafted
application.

Successful exploitation of this vulnerability could allow the attacker to
overwrite or modify a protected file resulting in elevation of privileges
of the target system.

Solution
Apply appropriate patches as mentioned in Microsoft Security Guidance

Vendor Information
Microsoft

References
Microsoft

CVE Name
CVE-2020-1441

Read more [..]

Ajay Verma 21:49
Severity Rating: Medium

Software Affected
·         Perl versions prior to 5.30.3

Overview
Multiple vulnerabilities have been reported in Perl which could allow an
attacker to cause denial of service conditions on targeted system.

Description
1.     Heap-Based Buffer Overflow Vulnerability (CVE-2020-10543)
This vulnerability exists in Perl on 32-bit platforms due to an
out-of-bound write error. An attacker could exploit this vulnerability via
a signed size_t integer overflow in the storage space calculations for
nested regular expression quantifiers resulting in a heap buffer overflow
in Perl's regular expression compiler.

Successful exploitation of this vulnerability could allow the attacker to
cause denial of service conditions.

2.     Integer Overflow Vulnerability (CVE-2020-10878)
This vulnerability exists in Perl due to an error while handling of a
"PL_regkind[OP(n)] == NOTHING" situation. An attacker could exploit this
vulnerability via a crafted regular expression leading to malformed
bytecode which could result in integer overflow.

Successful exploitation of this vulnerability could allow the attacker to
cause denial of service conditions.

3.     Buffer Overflow Vulnerability (CVE-2020-12723)
This vulnerability exists in regcomp.c file in Perl due to a buffer
overflow error. An attacker could exploit this vulnerability via a crafted
expression which calls S_study_chunk() in a recursive way.

Successful exploitation of this vulnerability could allow the attacker to
cause denial of service conditions.

Solution
Upgrade to the latest Perl version 5.30.3

Vendor Information
Perl

References
Perl

Gentoo

Github

Redhat

CVE Name
CVE-2020-10543
CVE-2020-10878
CVE-2020-12723

Read more [..]

Ajay Verma 21:44
Severity Rating: High

Platform Affected
·         Windows 7 for 32-bit and x64-based SP 1
·         Windows 8.1 for 32-bit and x64-based systems
·         Windows RT 8.1
·         Windows 10 for 32-bit and x64-based Systems
·         Windows 10 Version 1607 for 32-bit and x64-based Systems
·         Windows 10 Version 1709 for 32-bit, x64-based and ARM64-based
Systems
·         Windows 10 Version 1803 for 32-bit, x64-based and ARM64-based
Systems
·         Windows 10 Version 1809 for 32-bit, x64-based and ARM64-based
Systems
·         Windows 10 Version 1903 for 32-bit, x64-based and ARM64-based
Systems
·         Windows 10 Version 1909 for 32-bit, x64-based and ARM64-based
Systems
·         Windows 10 Version 2004 for 32-bit, x64-based and ARM64-based
Systems
·         Windows Server 2008 for 32-bit SP 2 and 32-bit SP 2 (Server Core
installation)
·         Windows Server 2008 for Itanium-Based SP 2
·         Windows Server 2008 R2 for Itanium-Based SP 1
·         Windows Server 2008 R2 for x64-based SP 1 and x64-based SP 1
(Server Core installation)
·         Windows Server 2012 and 2012 (Server Core installation)
·         Windows Server 2012 R2 and 2012 R2 (Server Core installation)
·         Windows Server 2016 and 2016 (Server Core installation)
·         Windows Server 2019 and 2019 (Server Core installation)
·         Windows Server, version 1803, 1903, 1909 and 2004 (Server Core
Installation)

Overview
A Remote Code Execution vulnerability has been reported in Microsoft
Windows which could allow a remote attacker to trigger a remote code
execution on target system.

Description
This vulnerability exists in Microsoft Windows due to improper handling of
cabinet files. A remote attacker could exploit this vulnerability by
specially crafting a malicious cabinet file and convince the user to open
this cabinet file or spoof a network printer and trick a user into
installing a malicious cabinet file disguised as a printer driver.

Successful exploitation of this vulnerability could allow a remote attacker
to trigger a remote code execution on the target system.

Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin:

Vendor Information
Microsoft

References
Microsoft

CVE Name
CVE-2020-1300

Read more [..]

Ajay Verma 21:41
Severity rating: High

Software affected
·         Google Chrome versions prior to 83.0.4103.106

Overview
Multiple vulnerabilities have been reported in Google Chrome which could
allow a remote attacker to execute arbitrary code or bypass security
restrictions on the targeted system.

Description
These vulnerabilities exist in Google Chrome due to use-after-free error in
speech component, insufficient policy enforcement in WebView or
out-of-bounds write error in V8.  A remote attacker could exploit these
vulnerabilities by persuading a victim to visit a specially crafted web
site.

Successful exploitation of these vulnerabilities could allow the attacker
to execute arbitrary code or bypass security restrictions on the targeted
system resulting in complete system compromise.

Solution
Upgrade to Google Chrome 83.0.4103.106 as mentioned in:


Vendor Information
Google Chrome

References
Google Chrome

CVE Name
CVE-2020-6505
CVE-2020-6506
CVE-2020-6507

Read more [..]

Ajay Verma 21:39
Severity Rating: HIGH

Component Affected
RV016 Multi-WAN VPN: 4.2.3.10 and prior
RV042 Dual WAN VPN: 4.2.3.10 and prior
RV042G Dual Gigabit WAN VPN: 4.2.3.10 and prior
RV082 Dual WAN VPN: 4.2.3.10 and prior
RV320 Dual Gigabit WAN VPN: 1.5.1.05 and prior
RV325 Dual Gigabit WAN VPN: 1.5.1.05 and prior
Cisco Small Business RV110W Wireless-N VPN Firewall
Cisco Small Business RV130 VPN Router
Cisco Small Business RV130W Wireless-N
Multifunction VPN Router
Cisco Small Business RV215W Wireless-N VPN Router
RV016 Multi-WAN VPN: 4.2.3.10 and prior
RV042 Dual WAN VPN: 4.2.3.10 and prior
RV042G Dual Gigabit WAN VPN: 4.2.3.10 and prior
RV082 Dual WAN VPN: 4.2.3.10 and prior
RV320 Dual Gigabit WAN VPN: 1.5.1.05 and prior
RV325 Dual Gigabit WAN VPN: 1.5.1.05 and prior.

Overview
Multiple Vulnerabilities have been reported in the web-based management
interface of Cisco Small Business RV320, RV110W, RV130, RV130W,RV215W and
RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082
Routers which could allow an authenticated, remote attacker with
administrative privileges to execute arbitrary commands on an affected
device.

Description
These Vulnerabilities exist in web-based management interface of Cisco
Small Business RV320, , RV110W, RV130, RV130W,RV215Wand RV325 Series
Routers and Cisco Small Business RV016, RV042, and RV082 Routers due to
insufficient boundary restrictions on user-supplied input to scripts in the
web-based management interface that could allow the attacker to execute
arbitrary actions with administrative privileges on an affected device,
causing a stack overflow. An attacker could exploit this vulnerability by
sending malicious requests to an affected device. 

Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary commands with root privileges on the underlying operating
system.

Solution
Apply appropriate updates as mentioned in: 




Vendor Information
CISCO

References
CISCO
- -sa-rv-routers-Rj5JRfF8
- -sa-rv-routers-injection-tWC7krKQ
- -sa-rv-routers-stack-vUxHmnNz

CVE Name
CVE-2020-3274
CVE-2020-3275
CVE-2020-3276
CVE-2020-3277
CVE-2020-3278
CVE-2020-3279
CVE-2020-3268
CVE-2020-3269
CVE-2020-3286
CVE-2020-3287
CVE-2020-3288
CVE-2020-3289
CVE-2020-3290
CVE-2020-3291
CVE-2020-3292
CVE-2020-3293
CVE-2020-3294
CVE-2020-3295
CVE-2020-3296

Read more [..]

Ajay Verma 21:36
Severity Rating: HIGH

Software Affected
Cisco Webex Meetings sites releases WBS 39.5.25 and prior to, WBS 40.4.10
and prior to, or release WBS 40.6.0
Cisco Webex Meetings Server releases 4.0MR3 and prior to.

Overview
A vulnerability have been reported in Cisco Webex Meetings and Cisco Webex
Meetings Server which could allow an unauthenticated, remote attacker to
gain unauthorized access to a vulnerable Webex site.

Description
A Vulnerability exists in Cisco Webex Meetings and Cisco Webex Meetings
Server due to improper handling of authentication tokens by a vulnerable
Webex site that could allow the attacker to gain unauthorized access to a
vulnerable Webex site. An attacker could exploit this vulnerability by
sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco
Webex Meetings Server site. 

Successful exploitation of this vulnerability could allow the attacker to
gain the privileges of another user within the affected Webex site.

Solution
Apply appropriate updates as mentioned in:


Vendor Information
CISCO

References
CISCO

CVE Name
CVE-2020-3361

Read more [..]

Ajay Verma 03:19
Severity Rating: HIGH

Software Affected
    Microsoft ChakraCore 
    Internet Explorer 11 
    Microsoft Edge (EdgeHTML-based)

Overview
This vulnerability has been reported in Microsoft browsers which could
allow remote attacker to execute arbitrary code on the targeted system.

Description
This vulnerability exists in Microsoft browsers due to accessing objects in
memory. A remote attacker could exploit this vulnerability by adding
specially crafted content.

Successful exploitation of this vulnerability could allow a remote attacker
to execute arbitrary code in the context of the current user and take
control of an affected system.

Solution
Apply appropriate software fixes as available on the vendor website.
https://portal.msrc.microsoft.com/en-US/security-guidance

Vendor Information
Microsoft
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020- -1219

References
Microsoft
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020 -1219

CVE Name
CVE-2020-1219

Read more [..]

Ajay Verma 19:24
Severity Rating: HIGH

Software Affected
    Citrix Workspace app for Windows prior to 1912

Overview
Multiple vulnerabilities have been reported in Citrix Workspace and
Receiver that could allow a remote attacker to gain privileges on the
targeted system.

Description
These vulnerabilities exist in Citrix Workspace and Receiver due to
insecure permissions and an unquoted path for %PROGRAMDATA%\Citrix. A
remote attacker could exploit this vulnerability by copying a malicious
citrix.exe and webio.dll to the affected system.

Successful exploitation of this Vulnerability could allow the attackers to
gain privileges during the uninstallation of the application on the
targeted system.

Solution
Apply appropriate mitigation step as mentioned in the following link:
https://support.citrix.com/article/CTX275460

Vendor Information

Citrix System
https://support.citrix.com/article/CTX275460

References

Citrix System
https://support.citrix.com/article/CTX275460

GitHub
https://github.com/hessandrew/CVE-2020-13884
https://github.com/hessandrew/CVE-2020-13885

CVE Name
CVE-2020-13884
CVE-2020-13885

Read more [..]

Ajay Verma 19:19
Severity Rating: HIGH

Software Affected
    Adobe Flash Player Desktop Runtime Version 32.0.0.371 and earlier
    Adobe Flash Player for Google Chrome Version 32.0.0.371 and earlier
    Adobe Flash Player for Microsoft Edge and Internet Explorer 11 Version
32.0.0.330 and earlier
    Adobe Framemaker Version 2019.0.5 and below
    Adobe Experience Manager Version 6.5 and earlier

Overview
Multiple vulnerabilities have been reported in Adobe which could allow a
remote attacker to obtain sensitive information, conduct Cross-site
scripting and execute arbitrary code on the targeted system.

Description
1.  Use After Free Vulnerability ( CVE-2020-9633   )
A use-after-free vulnerability exists in Adobe Flash Player.
Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary code on the targeted system in the context of the current
user.

2. Memory Corruption Vulnerability ( CVE-2020-9636   )
A memory corruption vulnerability exists in Adobe Framemaker. A remote
attacker could exploit this vulnerability by persuading a victim to open a
specially-crafted document.
Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary code on the targeted system or cause the application to
crash.

3. Out-of-Bounds Write Vulnerability ( CVE-2020-9634   CVE-2020-9635   )
These vulnerabilities exist in Adobe Framemaker due to an out-of-bounds
write error. A remote attacker could exploit this vulnerability by
persuading a victim to open a specially-crafted document.
Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary code on the targeted system or cause the application to
crash.

4. Server-side request forgery (SSRF)Vulnerability ( CVE-2020-9643 
CVE-2020-9645   )
This vulnerability exists in Adobe Experience Manager (AEM) due server-side
request forgery. A remote attacker could exploit this vulnerability by
conducting SSRF attack.
Successful exploitation of this vulnerability could allow the attacker to
obtain sensitive information on the targeted system.

5. Cross-site scripting(DOM-based) Vulnerability ( CVE-2020-9647   )
This vulnerability exists in Adobe Experience Manager (AEM) due to improper
validation of user-supplied input. A remote attacker could exploit this
vulnerability by injecting malicious script into a Web page.
Successful exploitation of this vulnerability could allow the attacker to
steal the cookie-based authentication credentials on the targeted system.

6. Cross-site scripting Vulnerability ( CVE-2020-9648   CVE-2020-9651   )
This vulnerability exists in Adobe Experience Manager (AEM) due to improper
validation of user-supplied input. A remote attacker could exploit this
vulnerability by using a specially-crafted URL.
Successful exploitation of this vulnerability could allow the attacker to
steal the cookie-based authentication credentials on the targeted system.

7. Cross-site scripting(stored) Vulnerability ( CVE-2020-9644   )
This vulnerability exists in Adobe Experience Manager (AEM) due to improper
validation of user-supplied input. A remote attacker could exploit this
vulnerability by injecting malicious script into a Web page.
Successful exploitation of this vulnerability could allow the attacker to
steal the cookie-based authentication credentials on the targeted system.

Solution

Update to the latest versions as available at the following URLs:
https://helpx.adobe.com/security/products/flash-player/apsb20-30.html

https://helpx.adobe.com/security/products/framemaker/apsb20-32.html

https://helpx.adobe.com/security/products/experience-manager/apsb20-31.html

Vendor Information

Adobe
https://helpx.adobe.com/security/products/flash-player/apsb20-30.html
https://helpx.adobe.com/security/products/framemaker/apsb20-32.html
https://helpx.adobe.com/security/products/experience-manager/apsb20-31.html

References

Adobe
https://helpx.adobe.com/security/products/flash-player/apsb20-30.html
https://helpx.adobe.com/security/products/framemaker/apsb20-32.html
https://helpx.adobe.com/security/products/experience-manager/apsb20-31.html

CVE Name
CVE-2020-9633
CVE-2020-9636
CVE-2020-9634
CVE-2020-9635
CVE-2020-9643
CVE-2020-9645
CVE-2020-9647
CVE-2020-9648
CVE-2020-9651
CVE-2020-9644

Read more [..]

Ajay Verma 19:17
Severity Rating: HIGH

Software Affected
    PAN-OS 9.0 versions prior to 9.0.7
    PAN-OS 8.1 versions prior to 8.1.13
    All versions of PAN-OS 7.1 and PAN-OS 8.0
    GlobalProtect app 5.1 versions prior to 5.1.4
    GlobalProtect app 5.0 versions prior to 5.0.10

Overview
Multiple vulnerabilities have been reported in Palo Alto Networks products
which could allow an attacker to execute arbitrary code, gain elevated
privileges or gain unauthorized access on a targeted system.

Description
1. Arbitrary code execution vulnerability ( CVE-2020-2027   )
This vulnerability exists in authd component of the PAN-OS management
server due to a buffer overflow error.
Successful exploitation of this vulnerability could allow an authenticated
remote attacker with administrator privileges to disrupt system processes
and execute arbitrary code on the targeted system.

2. OScommand injection vulnerability ( CVE-2020-2028   )
This vulnerability exists in PAN-OS management server. An authenticated
remote attacker with administrator privileges could exploit this
vulnerability while uploading a new certificate in FIPS-CC mode on an
affected system.
Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary OS commands with root privileges on the targeted system.

3. OScommand injection vulnerability ( CVE-2020-2029   )
This vulnerability exists in PAN-OS web management interface. An
authenticated remote attacker with administrator privileges could exploit
this vulnerability by sending a malicious request to generate new
certificates for use in the PAN-OS configuration on an affected system.
Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary OS commands with root privileges on the targeted system.

4. Privilege escalation vulnerability ( CVE-2020-2032   )
This vulnerability exists in GlobalProtect app on Windows due to a race
condition. A local attacker could exploit this vulnerability while
performing a GlobalProtect app upgrade on an affected system.
Successful exploitation of this vulnerability could allow the attacker to
gain elevated privileges on the targeted system.

5. Unauthorized access vulnerability ( CVE-2020-2033   )
This vulnerability exists in GlobalProtect app when the pre-logon feature
is enabled, due to a missing certificate validation. A man-in-the-middle
attacker on the same LAN segment as the affected system could exploit this
vulnerability by manipulating ARP or conducting ARP spoofing attacks to
access the pre-logon authentication cookie.
Successful exploitation of this vulnerability could allow the attacker to
access the GlobalProtect Server as allowed by configured security rules for
the "pre-login" user.

Solution

Apply appropriate updates as mentioned by the vendor:
https://security.paloaltonetworks.com/CVE-2020-2028

https://security.paloaltonetworks.com/CVE-2020-2027

https://security.paloaltonetworks.com/CVE-2020-2029

https://security.paloaltonetworks.com/CVE-2020-2032

https://security.paloaltonetworks.com/CVE-2020-2033

Vendor Information

Palo Alto Networks
https://security.paloaltonetworks.com/CVE-2020-2027
https://security.paloaltonetworks.com/CVE-2020-2028
https://security.paloaltonetworks.com/CVE-2020-2029
https://security.paloaltonetworks.com/CVE-2020-2032
https://security.paloaltonetworks.com/CVE-2020-2033

References

CyberSecurityHelp
https://www.cybersecurity-help.cz/vdb/SB2020061107
https://www.cybersecurity-help.cz/vdb/SB2020061101

CVE Name
CVE-2020-2027
CVE-2020-2028
CVE-2020-2029
CVE-2020-2032
CVE-2020-2033

Read more [..]

Ajay Verma 19:15
Description

It has been reported that malicious actors are planning a large-scale
phishing attack campaign against Indian individuals and businesses (small,
medium, and large enterprises).

The phishing campaign is expected to use malicious emails under the pretext
of local authorities in charge of dispensing government-funded Covid-19
support initiatives. Such emails are designed to drive recipients towards
fake websites where they are deceived into downloading malicious files or
entering personal and financial information.

The phishing campaign is expected to be designed to impersonate government
agencies, departments, and trade associations who have been tasked to
oversee the disbursement of the government fiscal aid. The malicious actors
are claiming to have 2 million individual / citizen email IDs and are
planning to send emails with the subject: free COVID-19 testing for all
residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad, inciting them
to provide personal information.

It has been reported that these malicious actors are planning to spoof or
create fake email IDs impersonating various authorities. The email id
expected to be used for the phishing campaign towards Indian individuals
and businesses is expected to be from email such as "ncov2019@gov.in" and
the attack campaign is expected to start on 21st June 2020.The email may
look as follows:


Best Practices

    Don't open attachments in unsolicited e-mails, even if they come from
people in your contact list, and never click on a URL contained in an
unsolicited e-mail, even if the link seems benign. In cases of genuine URLs
close out the e-mail and go to the organization's website directly through
browser.
    Leverage Pretty Good Privacy in mail communications. Additionally,
advise the users to encrypt / protect the sensitive documents stored in the
internet facing machines to avoid potential leakage
    Exercise caution when opening e-mail attachments even if the attachment
is expected and the sender appears to be known.
    Scan for and remove suspicious e-mail attachments; ensure the scanned
attachment is its "true file type" (i.e. the extension matches the file
header). Block the attachments of file types,
"exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf"
    Beware about phishing domain, spelling errors in emails, websites and
unfamiliar email senders
    Check the integrity of URLs before providing login credentials or
clicking a link.
    Do not submit personal information to unknown and unfamiliar websites.
    Beware of clicking form phishing URLs providing special offers like
winning prize, rewards, cashback offers.
    Consider using Safe Browsing tools, filtering tools (antivirus and
content-based filtering) in your antivirus, firewall, and filtering
services.
    Update spam filters with latest spam mail contents
    Any unusual activity or attack should be reported immediately at
incident@cert-in.org.in. with the relevant logs, email headers for the
analysis of the attacks and taking further appropriate actions.

References
Zeenews
https://zeenews.india.com/india/north-koreas-lazarus-hackers-plan-phishing-attack-in-india-to-steal-covid-aid-2290701.html

Cyfirma
https://www.cyfirma.com/early-warning/global-covid-19-related-phishing-campaign-by-north-korean-operatives-lazarus-group-exposed-by-cyfirmaresearchers/

 
- --

Thanks and Regards,

CERT-In

"  Be clean! Be healthy! "

Note: Please do not reply to this e-mail.

For further queries contact
CERT-In Information Desk. Email: info@cert-in.org.in
Phone : 1800-11-4949
FAX : 1800-11-6969
Web : http://www.cert-in.org.in
PGP Finger Print:D1F0 6048 20A9 56B9 5DAA 02A8 0798 04C3 2D85 A787
PGP Key information:
http://www.cert-in.org.in/contact.htm

Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
 


-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.4.1 (Build 620) - not licensed for commercial use: www.pgp.com
Charset: utf-8

wsFVAwUBXu8Int4woHEnXMrPAQj8dQ/+Igw2YK52w9IZakKKtdhJn/Qzsa3gTBdb
6we50BmvV4hDme/85gb3Q4yKTw+UNYPLVNCeLxtiVydmtGzd9RaYra4Ezq+obQO3
7GU9wswshj8SZUGao90tLQFLsWM0bkddSRZzEuFDrjW0GWs02qZG0wPWjF2r+XhB
olDgNCNIeuotX3QRWLHDpFkMLvZWDK7qwl9RZCJKZMv2e7gLVQWgfo2gnPxJF/UA
D0NR4STDERg7QIOAVBhsT3N/C/bc2Ob47K6j5BUUzYF96scXNpc3htkKgIhhqAB4
6W0OA9JsLqpFTudLLSYvSjrgf6UijJMri8RYOS3rsUVVWCk+YXcdhwbl/jfIlPvh
mo/r7iGiIWBrQMHzPgfg5y8yl84FU7uOFW8lEJNd/gUkvFje40zjU5p9pTsdqwRC
FlUCeBzNBUeTX6x3xx9DxGIi5Tc475oiTx9EZ5EUJkWsftwtnLSyC3dBMemtLRro
rYtx6FeDWxsTGz2EqL0VWz6vj3sylrJqkTM8L9mE9iS08Smppu45G3IBb1NSIh6R
IaLIj6aI0F3dPMgyNAamrtxPcj5GzEwQt9X+23xbfTFKSunJEAWqfp+AmxPZHCvb
UPloNVx5zbI+lGNQcCqknIkmc7/zpZvYrlRD3sE1b1z3wCkrRLbA/7K3AgbK64dZ
qkLQLrcKMYM=
=E0ef
-----END PGP SIGNATURE-----
Read more [..]

Ajay Verma 19:12
Severity Rating: HIGH

Systems Affected
     D-Link DIR-865L Ax 1.20B01 Beta devices

Overview
Multiple security vulnerabilities have been reported in D-Link devices
which could allow a remote attacker to perform cross-site scripting, remote
code execution, bypass security restrictions or access sensitive
information on the targeted system.

Description
These vulnerabilities exist due to an inadequate encryption strength, a
predictable seed in a pseudo random number, cleartext storage and
transmission of sensitive information, cross-site request forgery (CSRF),
and Command Injection in D-Link devices.

Successful exploitation of these vulnerabilities allow a remote attacker to
perform cross-site scripting, execute remote code, security restriction
bypass or access sensitive information on the targeted system.

Solution
Apply appropriate patches as mentioned by the vendor
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name
=SAP10174

Vendor Information

D-Link
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name
=SAP10174

References

D-Link
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174

Palo Alto
https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/

Security Affairs
https://securityaffairs.co/wordpress/104684/security/d-link-dir-865l-flaws.
html

CVE Name
CVE-2020-13782
CVE-2020-13783
CVE-2020-13784
CVE-2020-13785
CVE-2020-13786
CVE-2020-13787

Read more [..]

Ajay Verma 19:09
Severity Rating: HIGH

Software Affected
    Windows 10 Version 1709 for 32-bit Systems and x64-based Systems
    Windows 10 Version 1709 for ARM64-based Systems
    Windows 10 Version 1803 for 32-bit Systems and x64-based Systems
    Windows 10 Version 1803 for ARM64-based Systems
    Windows 10 Version 1809 for 32-bit Systems and x64-based Systems
    Windows 10 Version 1809 for ARM64-based Systems
    Windows 10 Version 1903 for 32-bit Systems and x64-based Systems
    Windows 10 Version 1903 for ARM64-based Systems
    Windows 10 Version 1909 for 32-bit Systems and x64-based Systems
    Windows 10 Version 1909 for ARM64-based Systems
    Windows 10 Version 2004 for 32-bit Systems and x64-based Systems
    Windows 10 Version 2004 for ARM64-based Systems
    Windows Server 2019(Server Core Installation also affected)
    Windows Server, version 1803 (Server Core Installation also affected)
    Windows Server, version 1903 (Server Core installation)
    Windows Server, version 1909 (Server Core installation)
    Windows Server, version 2004 (Server Core installation)

Overview
A remote code execution vulnerability has been reported in Windows shell
which could allow an attacker to bypass security restrictions, access
sensitive information and execute arbitrary code to gain elevated
privileges on the targeted system.

Description
This vulnerability exists in Microsoft Windows shell due to improper
validation of file path. An attacker could exploit this vulnerability by
opening a specially crafted file on the affected system.

Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary code on the targeted system.

Solution
Apply appropriate software fixes as available on the vendor website.
https://portal.msrc.microsoft.com/en-US/security-guidance

Vendor Information

Microsoft
https://portal.msrc.microsoft.com/en-US/security-guidance

References

Microsoft
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020
- -1286

CVE Name
CVE-2020-1286

Read more [..]
Subscribe to: Posts ( Atom )

© Copyright 2020. Designed By Templateify

© Copyright 2020. Ud64

Scroll to Top