Using a Cisco ASA?
Do this: Apply the latest Cisco ASA patches.
Why: Researches have published exploit code for CVE-2020-3580, which allows for XSS and CSRF vulnerabilities on the appliances. Tenable notes, "Successful exploitation in this case means that unauthenticated, remote attackers could “execute arbitrary code within the [ASA] interface and access sensitive, browser-based information.”
Additional Info: Tenable Write-up here: https://www.tenable.com/blog/cve-2020-3580-proof-of-concept-published-for-cisco-asa-flaw-patched-in-october
Using Western Digital "My Book Live"?
Do this: Remove the network cable (e.g., disconnect it from the network) ASAP.
Why: Unsupported since 2015, a new remote "factory reset" is being triggered by malicious actors on network-accessible devices.
Additional Info: Recommended security measures here: https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo
Using Microsoft's Edge Browser
Do this: Apply the latest security updates from Microsoft.
Why: CVE-2021-34506 can allow an attacker to trigger a cross-site scripting (XSS) vulnerability that takes advantage of the built-in Microsoft Translator feature. This issue has been patched by Microsoft and it is recommended that all users apply the security update as soon as possible.
Additional Info: Detailed info from Microsoft here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34506
Using Zyxel Firewall?
Do this: Remove the HTTPS/HTTP administration UI from the WAN-accessible interface.
Why: The company published an email to its customers noting an uptick in attacks against their managmentment UI but it is unclear at this time how exactly it is being exploited. Thus the Taiwanese manufacturer recommends customers reduce the attack surface by removing the UI from the WAN interface.
Additional Info: Email captured in a Tweet: https://twitter.com/JAMESWT_MHT/status/1407987022170578946
Send Us Your Comments
What did you think of this article? Send us a note to let us know what you liked, would like to see more of, or what we can do better. And don't be surprised if we reach back out with a small 'thank you' gift for your feedback.