Archive for April, 2021

CVE-2021-3243

Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function.
Source: NIST
CVE-2021-3243

6 Tips for Managing Operational Risk in a Downturn

Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.
Source: DarkReading
6 Tips for Managing Operational Risk in a Downturn

How to Create an Incident Response Plan From the Ground Up

Security 101: In the wake of an incident, it’s important to cover all your bases — and treat your IR plan as a constantly evolving work in progress.
Source: DarkReading
How to Create an Incident Response Plan From the Ground Up

Sanctions Escalate US–Russia Tensions

Sanctions Escalate US–Russia Tensions

Relations between the United States and Russia have soured following the imposition of new sanctions by the Biden administration on America’s former Cold War enemy.



The measures were introduced today in retaliation for cyber-attacks and election interference that the United States says were carried out by Russia. President Joe Biden announced the sanctions earlier today in one of the more than 50 executive orders he has signed during his first four months in power. 



In the order, Biden said that “specified harmful foreign activities” of the Russian government “constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.”



Among the harmful activities listed in the order were “efforts to undermine the conduct of free and fair democratic elections and democratic institutions in the United States and its allies and partners” and engaging in and facilitating “malicious cyber-enabled activities against the United States and its allies and partners.”



The United States says Moscow interfered in the 2020 presidential election and that Russian intelligence officials were behind last year’s Microsoft hack in which attackers exploited SolarWinds’ Orion business software to gain access to nine federal agencies and around 100 American companies.



Sources quoted by Bloomberg say that 32 individuals and entities and six Russian companies that support the Russian government’s hacking operation will be sanctioned. US financial institutions will be barred from participating in certain transactions with the Russian central bank from June 14. 



In addition to the sanctions, the White House said that it will expel 10 Russian diplomats who are currently residing in Washington, DC, including “representatives of Russian intelligence services.” 



Responding to the imposition of the sanctions, Russian government official Dmitry Polyanskiy posted the following message on social media: “Well, actions speak stronger than words! If that’s true and US continues to promote its baseless accusations, it will get adequate response and deprive the world of maybe the last opportunity to avoid Great Powers’ confrontation instead of solving acute problems. Not our choice!” 


Biden’s actions echo the decision by the Obama administration in 2016 to expel 35 Russian diplomats from the US and impose sanctions on Russia in retaliation for election hacking.  




Source: Infosecurity
Sanctions Escalate US–Russia Tensions

CVE-2021-29448

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details.
Source: NIST
CVE-2021-29448

CVE-2021-30138

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Source: NIST
CVE-2021-30138

CVE-2021-27112

LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.
Source: NIST
CVE-2021-27112

Arrest Made Over California City Data Breach

Arrest Made Over California City Data Breach

Almost every member of a California city’s finance department has been placed on leave and one has been placed under arrest following a probe into a data breach. 



The city of Huntington Park launched an investigation after becoming aware of a “large-scale security breach of electronic financial records at Huntington Park City Hall” that was “intercepted and contained” by staff in the city’s information technology department. 



Personal information belonging to Huntington Park city residents is not believed to have been compromised in the data breach, according to city officials. However, the city did say that the investigation into what records were accessed or exposed remains ongoing. 



As reported by the Los Angeles Times, a statement issued by the city on April 14 said that the data breach had triggered a criminal investigation by the Huntington Park Police Department (HPPD). 



On April 8, HPPD arrested a 48-year-old city employee and charged them with carrying out a felony offense in connection with the data breach. 



Los Cerritos reports that the city’s budget analyst, Teresa Garcia, was arrested and booked into Los Angeles County Jail at 8:30pm on April 8 on suspicion of identity theft and unauthorized computer access. 



Garcia, who has worked for the department for over a decade, is due to appear before Downey Municipal Court on August 9. 



On Monday, five other finance department employees were escorted from City Hall by police and placed on leave, leading to the closure of the department on Monday and Tuesday. 



City Mayor Graciela Ortiz confirmed that an arrest had been made and said that the data breach had impacted confidential information belonging to an employee. 



“As an elected official, I do not handle personnel matters, that is the role of the City Administrators,” said Ortiz. “However, I can tell you that a serious data breach of confidential data, that includes employee’s identity information, was performed by an employee in the City’s finance department and was discovered by the city’s police department, and the investigation and case was turned over to an independent agency, the Los Angeles County Sheriff’s Department, which resulted in the arrest of the employee.”



She added: “Finance staff was placed on temporary paid administrative leave to maximize the integrity of the on-going Sheriff investigation.”


Source: Infosecurity
Arrest Made Over California City Data Breach

CVE-2021-31229

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.
Source: NIST
CVE-2021-31229

CVE-2021-20288

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn’t sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Source: NIST
CVE-2021-20288