CVE-2020-5902: Critical Vulnerability in F5 BIG-IP Traffic Management User Interface (TMUI) Actively Exploited

Three days after an advisory was disclosed for a critical remote code execution vulnerability in F5’s BIG-IP, active attempts to exploit vulnerable hosts have been observed in the wild. Background On June 30, F5 Networks published support articles identified as K52145254 and K43638305 to address two vulnerabilities in BIG-IP, its family of products which includes software and hardware solutions … [Read more...]

CVE-2017-7391: Vulnerability in Magento Mass Import (MAGMI) Plugin Exploited in the Wild

Just as Magento 1 reaches end of life, attackers are exploiting a vulnerability in a Magento plugin from 2017. Site owners should prepare to migrate their stores immediately. Background On May 17, ZDNet published an article about an FBI flash security alert shared with the private sector regarding attacks against Magento stores. Magento is a popular e-commerce platform used by many companies. … [Read more...]

CVE-2020-2021: Palo Alto Networks PAN-OS Vulnerable to Critical Authentication Bypass Vulnerability

Critical authentication bypass vulnerability in PAN-OS devices could be exploited in certain configurations, which are commonly recommended by identity providers. Background On June 29, Palo Alto Networks published an advisory for a critical vulnerability in PAN-OS. PAN-OS is the custom operating system (OS) that Palo Alto Networks (PAN) uses in their next-generation … [Read more...]

SMBleed (CVE-2020-1206) and SMBLost (CVE-2020-1301) Vulnerabilities Affect Microsoft SMBv3 and SMBv1

Three months after an out-of-band patch was released for SMBGhost, aka EternalDarkness (CVE-2020-0796), researchers disclosed two new flaws affecting Microsoft’s Server Message Block (SMB) protocol, including working proof-of-concepts. Background As part of Microsoft’s June 2020 Patch Tuesday release on June 9, researchers disclosed two new vulnerabilities in Microsoft Server Message Block (SMB), … [Read more...]

CVE-2020-2883: Oracle WebLogic Deserialization Vulnerability Exploited in the Wild

Following initial reports that attackers were exploiting a vulnerability in Oracle WebLogic Server, researchers have shared more information about the flaw and its connection to CVE-2020-2555, just as a proof-of-concept has become available. Background On April 14, Oracle released its Critical Patch Update (CPU) for April 2020, a quarterly round-up of fixes across its product line that addressed … [Read more...]

Scams Exploit COVID-19 Giveaways Via Venmo, PayPal and Cash App

The economic impact of COVID-19, which is causing record unemployment, creates a golden opportunity for scammers looking to target vulnerable people desperate for cash to help pay their bills. As Cash App steps up the frequency of its giveaways, and celebrities and other notable figures launch giveaways of their own, scammers are brushing off old tricks in a rush to exploit them. Over the last few … [Read more...]

Cisco Patches Multiple Flaws in Adaptive Security Appliance and Firepower Threat Defense (CVE-2020-3187)

Cisco releases a bundled publication to address 12 vulnerabilities across Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD) and Firepower Management Center (FMC), including a critical path traversal vulnerability. Background On May 6, Cisco released security advisories for 34 vulnerabilities, including 12 vulnerabilities rated as “High,” in its Adaptive Security Appliance (ASA), … [Read more...]

CVE-2020-12271: Zero-Day SQL Injection Vulnerability in Sophos XG Firewall Exploited in the Wild

Sophos pushes a hotfix to address a SQL injection vulnerability in Sophos XG Firewall that was exploited in the wild. Background On April 22, Sophos published a knowledge base entry on the Sophos Community regarding the discovery of a zero-day vulnerability in the Sophos XG Firewall that was exploited in the wild. According to Sophos, they were able to identify “an attack against physical and … [Read more...]

Multiple Zero-Day Vulnerabilities in iOS Mail App Exploited in the Wild

Patches for a pair of critical iOS vulnerabilities are currently in beta, as users are strongly encouraged to disable accounts in their Mail app until the fixes are generally available. Background On April 20, researchers at ZecOps published a blog post about their discovery of multiple zero-day vulnerabilities in the iOS Mail app. According to the researchers, the vulnerabilities were discovered … [Read more...]

ADV200004: Microsoft Releases Out-of-Band Advisory to Address Flaws in Autodesk Filmbox (FBX) Library

Microsoft responds to a recent security advisory from Autodesk by publishing an out-of-band advisory for Office products integrating the Autodesk library. Background On April 15, Autodesk released a security advisory, ADSK-SA-2020-0002, to address six vulnerabilities in the Autodesk Filmbox (FBX) Software Development Kit, which “allows application and content vendors to transfer existing content … [Read more...]