A weekly recap of pertinent security events you need to be aware of and can read in 7 seconds (or so...)
Using a Cisco ASA?
Do this: Apply the latest Cisco ASA patches.
Why: Researches have published exploit code for CVE-2020-3580, which allows for XSS and CSRF vulnerabilities on the appliances. Tenable notes, "Successful exploitation in this case means that unauthenticated, remote attackers could “execute arbitrary code within the [ASA] interface and access sensitive, browser-based information.”
Additional Info: Tenable Write-up here: https://www.tenable.com/blog/cve-2020-3580-proof-of-concept-published-for-cisco-asa-flaw-patched-in-october
Using Western Digital "My Book Live"?
Do this: Remove the network cable (e.g., disconnect it from the network) ASAP.
Why: Unsupported since 2015, a new remote "factory reset" is being triggered by malicious actors on network-accessible devices.
Additional Info: Recommended security measures here: https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo
Using Microsoft's Edge Browser
Do this: Apply the latest security updates from Microsoft.
Why: CVE-2021-34506 can allow an attacker to trigger a cross-site scripting (XSS) vulnerability that takes advantage of the built-in Microsoft Translator feature. This issue has been patched by Microsoft and it is recommended that all users apply the security update as soon as possible.
Additional Info: Detailed info from Microsoft here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34506
Using Zyxel Firewall?
Do this: Remove the HTTPS/HTTP administration UI from the WAN-accessible interface.
Why: The company published an email to its customers noting an uptick in attacks against their managmentment UI but it is unclear at this time how exactly it is being exploited. Thus the Taiwanese manufacturer recommends customers reduce the attack surface by removing the UI from the WAN interface.
Additional Info: Email captured in a Tweet: https://twitter.com/JAMESWT_MHT/status/1407987022170578946
About the Author
Matt Barnett, CISSP, GFCA
Chief Strategist & Cofounder
After years in IT, performing network and system administration, software development, and architecting cloud migrations, Matt began to focus his efforts in cybersecurity. Matt draws on his technical competency and law enforcement background to assist clients, in both proactive and incident response capacities. In addition, Matt has developed an arsenal of applications, strategies, policies, and procedures to assist clients in achieving better cybersecurity.