Failing to Patch Vulnerabilities can lead you Open to Attack
Software vulnerabilities are weaknesses in computer programs that are exploited by cyber attackers to gain unauthorised access to systems. Attackers can take advantage of these vulnerabilities to run malicious codes, bypass security measures, and access sensitive information. In the last year, several vulnerabilities have been identified, and some have been exploited in attacks on organisations. The most commonly exploited vulnerabilities are discussed below.
CVE-2021-44228 (Log4Shell) is a vulnerability in the Apache Java logging library, Log4j. Attackers can use this vulnerability to execute code remotely, and it is widespread in web applications. Despite the existence of patches for the vulnerability, many organizations have not taken action to protect their systems.
CVE-2021-40539 (Zoho ManageEngine ADSelfService Plus) is a vulnerability that was patched in September 2021. It allows attackers to bypass authentication and execute remote code by exploiting a flaw in the software’s REST API.
CVE-2021-31207, CVE-2021-34473, CVE-2021-34523 (ProxyShell) are a set of three vulnerabilities in Microsoft Exchange email server. These vulnerabilities allow attackers to bypass security measures, execute code remotely, and elevate privileges. When combined, the vulnerabilities can give attackers full control over vulnerable systems.
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 (ProxyLogon) are a set of four vulnerabilities in Microsoft Exchange 2013, 2016, and 2019. These vulnerabilities allow attackers to bypass authentication, read emails, and deploy malware. They can be exploited without user interaction, and attackers can use automated tools to scan for and identify unpatched servers.
CVE-2021-26084 (Atlassian Confluence Server & Data Center) is a vulnerability that allows an attacker to execute arbitrary code on a Confluence Server or Data Center instance. It is widely deployed in enterprise environments, and the vulnerability can be exploited by unauthenticated users regardless of configuration. Public exploit code exists for this vulnerability.
CVE-2021-21972 (VMware vSphere Client) allows attackers with network access to port 443 to execute commands with unrestricted privileges on the host operating system. Hackers have already started scanning vulnerable VMware vCenter servers and there is even proof of concept code available online. VMware vSphere is a virtualisation software commonly used by businesses.
CVE-2020-1472 (ZeroLogon) is one of the top vulnerabilities being exploited, even though there have been mitigations available for a while. This bug is related to a flaw in Microsoft’s Active Directory Netlogon Remote Protocol (MS-NRPC) that allows an attacker to log in to servers using NT LAN Manager (NTLM). The bug is caused by a mistake made by Microsoft when implementing a custom encryption algorithm, resulting in the initialisation vector (IV) being set to all zeros instead of a random number. This vulnerability can be exploited by attackers to forge an authentication token and set the computer password of the domain controller to a known value, which can be used to compromise other devices on the network. Zerologon has been used by ransomware actors like Ryuk, and several public POC exploits are available.
CVE-2020-0688 is a remote code execution vulnerability in Microsoft Exchange Server. It was revealed in 2020 and occurs when the server fails to create unique keys at install time. An authenticated user with a mailbox can pass arbitrary objects to be deserialised by the web application, which runs as SYSTEM, if they have knowledge of the validation key. Chinese-affiliated actors exploited it in 2020, while Russian-affiliated threat actors exploited it in 2021 and 2022 to escalate privileges and gain remote code execution on vulnerable Microsoft Exchange servers.
CVE-2019-11510 is a flaw in Pulse Secure VPN that lets attackers read files and access networks. Chinese and Russian hackers have exploited it to target COVID-19 research. Although patches were released in 2019, compromised credentials have been used in attacks months later. The US government and businesses have also reported incidents involving this vulnerability.
CVE-2018-13379 is a path traversal vulnerability found in Fortinet FortiOS and FortiProxy SSL VPN web portal. It has been exploited for 4 years and is one of the top 15 vulnerabilities. Exploiting the bug can allow attackers to download FortiProxy system files. It has been used by Russian and Iranian state actors for ransomware and data theft. In February 2022, TunnelVision, an Iranian-aligned threat actor, used this vulnerability to target organisations along with Log4Shell and ProxyShell vulnerabilities.
Conclusion
These vulnerabilities highlight the importance of keeping software up-to-date with the latest patches and security measures. Businesses that fail to properly inventory and patch their systems are at risk of being exploited by threat actors who actively seek out and exploit vulnerable systems. As part of One2Call’s Complete Cyber Security & IT Support solutions, we can ensure that all of your equipment always have the latest updates and are secure against the latest vulnerabilities.
Latest News Stories
Australian firm Latitude Financial Services refuses to pay Ransomware Demand
Australian based financial services company Latitude Financial Services has announced its refusal to pay the ransom demanded by the cyber criminals responsible for the recent attack on the company's systems. This decision comes in the aftermath of one of Australia's...
(Updated 12/04/23 – 09:30BST) SECURITY ALERT: 3CX Desktop App Security Vulnerability
UPDATE 12/04/2023 - 09:30BST: Mandiant's initial investigation into the 3CX intrusion and supply chain attack attributes the activity to a North Korean-linked group, UNC4736. They discovered that the attackers infected targeted 3CX systems with Windows-based TAXHAUL...
FBI Issues Cyber Security Warning over using Public Charging Points
The FBI has issued a warning urging individuals and businesses to avoid using public USB ports due to the risk of malware infections. According to a tweet from the Denver FBI office (as reported by CNBC), cyber criminals have exploited charging stations and points...
Our Customers
Testimonials
Rebecca, Straaltechniek
Pawel is great and very helpful!
Steve Garbett, Jaxson Wolf
Very helpful, good staff. they do what they say they can do and on time. they also go the extra mile for the customer which is very refreshing.
Kim, Intake Transport
Pav is brilliant, always quick to help us and resolve issues meaning minimal impact on our business.