Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ AA20-133A: Top 10 Routinely Exploited Vulnerabilities

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š AA20-133A: Top 10 Routinely Exploited Vulnerabilities


๐Ÿ’ก Newskategorie: Sicherheitslรผcken
๐Ÿ”— Quelle: us-cert.cisa.gov

Original release date: May 12, 2020

Summary

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors.

This alert provides details on vulnerabilities routinely exploited by foreign cyber actorsโ€”primarily Common Vulnerabilities and Exposures (CVEs)[1]โ€”to help organizations reduce the risk of these foreign threats.

Foreign cyber actors continue to exploit publicly knownโ€”and often datedโ€”software vulnerabilities against broad target sets, including public and private sector organizations. Exploitation of these vulnerabilities often requires fewer resources as compared with zero-day exploits for which no patches are available.

The public and private sectors could degrade some foreign cyber threats to U.S. interests through an increased effort to patch their systems and implement programs to keep system patching up to date. A concerted campaign to patch these vulnerabilities would introduce friction into foreign adversariesโ€™ operational tradecraft and force them to develop or acquire exploits that are more costly and less widely effective. A concerted patching campaign would also bolster network security by focusing scarce defensive resources on the observed activities of foreign adversaries.

For indicators of compromise (IOCs) and additional guidance associated with the CVEs in this Alert, see the each entry within the Mitigations section below.ย Click here for a PDF version of this report.

Technical Details

Top 10 Most Exploited Vulnerabilities 2016โ€“2019

U.S. Government reporting has identified the top 10 most exploited vulnerabilities by state, nonstate, and unattributed cyber actors from 2016 to 2019 as follows: CVE-2017-11882, CVE-2017-0199, CVE-2017-5638, CVE-2012-0158, CVE-2019-0604, CVE-2017-0143, CVE-2018-4878, CVE-2017-8759, CVE-2015-1641, and CVE-2018-7600.

  • According to U.S. Government technical analysis, malicious cyber actors most often exploited vulnerabilities in Microsoftโ€™s Object Linking and Embedding (OLE) technology. OLE allows documents to contain embedded content from other applications such as spreadsheets. After OLE the second-most-reported vulnerable technology was a widespread Web framework known as Apache Struts.
  • Of the top 10, the three vulnerabilities used most frequently across state-sponsored cyber actors from China, Iran, North Korea, and Russia are CVE-2017-11882, CVE-2017-0199, and CVE-2012-0158. All three of these vulnerabilities are related to Microsoftโ€™s OLE technology.
  • As of December 2019, Chinese state cyber actors were frequently exploiting the same vulnerabilityโ€”CVE-2012-0158โ€”that the U.S. Government publicly assessed in 2015 was the most used in their cyber operations.[2] This trend suggests that organizations have not yet widely implemented patches for this vulnerability and that Chinese state cyber actors may continue to incorporate dated flaws into their operational tradecraft as long as they remain effective.
  • Deploying patches often requires IT security professionals to balance the need to mitigate vulnerabilities with the need for keeping systems running and ensuring installed patches are compatible with other software. This can require a significant investment of effort, particularly when mitigating multiple flaws at the same time.
  • A U.S. industry study released in early 2019 similarly discovered that the flaws malicious cyber actors exploited the most consistently were in Microsoft and Adobe Flash products, probably because of the widespread use of these technologies.[3]ย  Four of the industry studyโ€™s top 10 most exploited flaws also appear on this Alertโ€™s list, highlighting how U.S. Government and private-sector data sources may complement each other to enhance security.

Vulnerabilities Exploited in 2020

In addition to the top 10 vulnerabilities from 2016 to 2019 listed above, the U.S. Government has reported that the following vulnerabilities are being routinely exploited by sophisticated foreign cyber actors in 2020:

  • Malicious cyber actors are increasingly targeting unpatched Virtual Private Network vulnerabilities.
    • An arbitrary code execution vulnerability in Citrix VPN appliances, known as CVE-2019-19781, has been detected in exploits in the wild.
    • An arbitrary file reading vulnerability in Pulse Secure VPN servers, known as CVE-2019-11510, continues to be an attractive target for malicious actors.
  • March 2020 brought an abrupt shift to work-from-home that necessitated, for many organizations, rapid deployment of cloud collaboration services, such as Microsoft Office 365 (O365). Malicious cyber actors are targeting organizations whose hasty deployment of Microsoft O365 may have led to oversights in security configurations and vulnerable to attack.
  • Cybersecurity weaknessesโ€”such as poor employee education on social engineering attacks and a lack of system recovery and contingency plansโ€”have continued to make organizations susceptible to ransomware attacks in 2020.

Mitigations

This Alert provides mitigations for each of the top vulnerabilities identified above. In addition to the mitigations listed below, CISA, FBI, and the broader U.S. Government recommend that organizations transition away from any end-of-life software.

Mitigations for the Top 10 Most Exploited Vulnerabilities 2016โ€“2019

Note: The lists of associated malware corresponding to each CVE below is not meant to be exhaustive but instead is intended to identify a malware family commonly associated with exploiting the CVE.ย 

CVE-2017-11882

CVE-2017-0199

CVE-2017-5638

CVE-2012-0158

CVE-2019-0604

CVE-2017-0143

  • Vulnerable Products: Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016
  • Associated Malware: Multiple using the EternalSynergy and EternalBlue Exploit Kit
  • Mitigation: Update affected Microsoft products with the latest security patches
  • More Detail: https://nvd.nist.gov/vuln/detail/CVE-2017-0143

CVE-2018-4878

CVE-2017-8759

CVE-2015-1641

  • Vulnerable Products: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1
  • Associated Malware: Toshliph, UWarrior
  • Mitigation: Update affected Microsoft products with the latest security patches
  • More Detail: https://nvd.nist.gov/vuln/detail/CVE-2015-1641
  • IOCs: https://www.us-cert.gov/ncas/analysis-reports/ar20-133m

CVE-2018-7600

  • Vulnerable Products: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1
  • Associated Malware: Kitty
  • Mitigation: Upgrade to the most recent version of Drupal 7 or 8 core.
  • More Detail: https://nvd.nist.gov/vuln/detail/CVE-2018-7600

Mitigations for Vulnerabilities Exploited in 2020

CVE-2019-11510

CVE-2019-19781

Oversights in Microsoft O365 Security Configurations

Organizational Cybersecurity Weaknesses

CISAโ€™s Free Cybersecurity Services

Adversaries use known vulnerabilities and phishing attacks to compromise the security of organizations. CISA offers several free scanning and testing services to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors.

Cyber Hygiene: Vulnerability Scanning helps secure your internet-facing systems from weak configuration and known vulnerabilities. It also encourages organizations to adopt modern security best practices. CISA performs regular network and vulnerability scans and delivers a weekly report for your action. Once initiated, this service is mostly automated and requires little direct interaction. After CISA receives the required paperwork for Cyber Hygiene, our scans will start within 72 hours and youโ€™ll begin receiving reports within two weeks.

Web Application Service checks your publicly accessible web sites for potential bugs and weak configurations. It provides a โ€œsnapshotโ€ of your publicly accessible web applications and also checks functionality and performance in your application.
If your organization would like these services or want more information about other useful services, please email [email protected].

CISA Online Resources

The Patch Factory: CISA infographic depicting the global infrastructure for managing vulnerabilities.

CISA Alert: (AA20-120A) Microsoft Office 365 Security Recommendations: recommendations for organizations to review and ensure their O365 environment is configured to protect, detect, and respond against would-be attackers.

CISAโ€™s Cyber Essentials: a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.

Contact Information

If you have any further questions related to this Joint Alert, please contact the FBI at either your local Cyber Task Force or FBI CyWatch.

To request incident response resources or technical assistance related to these threats, contact CISA at [email protected].

ย 

References

Revisions

  • May 12, 2020: Initial Version

This product is provided subject to this Notification and this Privacy & Use policy.

...



๐Ÿ“Œ Have you patched these top 10 routinely exploited vulnerabilities?


๐Ÿ“ˆ 45.69 Punkte

๐Ÿ“Œ AA22-117A: 2021 Top Routinely Exploited Vulnerabilities


๐Ÿ“ˆ 45.69 Punkte

๐Ÿ“Œ 2022 Top Routinely Exploited Vulnerabilities


๐Ÿ“ˆ 45.69 Punkte

๐Ÿ“Œ US, UK, and Australian agencies warn of top routinely exploited issues


๐Ÿ“ˆ 40.87 Punkte

๐Ÿ“Œ AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access


๐Ÿ“ˆ 36.18 Punkte

๐Ÿ“Œ AA20-099A: COVID-19 Exploited by Malicious Cyber Actors


๐Ÿ“ˆ 29.13 Punkte

๐Ÿ“Œ AA20-099A: COVID-19 Exploited by Malicious Cyber Actors


๐Ÿ“ˆ 29.13 Punkte

๐Ÿ“Œ How's that encryption coming, buddy? DNS requests routinely spied on, boffins claim


๐Ÿ“ˆ 26.97 Punkte

๐Ÿ“Œ Googleโ€™s location history data shared routinely with police


๐Ÿ“ˆ 26.97 Punkte

๐Ÿ“Œ One of my hard drives routinely "clicks" on Linux, yet doesn't make any noise on Windows. What's the issue?


๐Ÿ“ˆ 26.97 Punkte

๐Ÿ“Œ Facebook Moderators Are Routinely High and Joke About Suicide To Cope With Job, Says Report


๐Ÿ“ˆ 26.97 Punkte

๐Ÿ“Œ AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems


๐Ÿ“ˆ 24.75 Punkte

๐Ÿ“Œ AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems


๐Ÿ“ˆ 24.75 Punkte

๐Ÿ“Œ AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities


๐Ÿ“ˆ 24.75 Punkte

๐Ÿ“Œ AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations


๐Ÿ“ˆ 24.75 Punkte

๐Ÿ“Œ CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog


๐Ÿ“ˆ 23.23 Punkte

๐Ÿ“Œ CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog


๐Ÿ“ˆ 23.23 Punkte

๐Ÿ“Œ CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog


๐Ÿ“ˆ 23.23 Punkte

๐Ÿ“Œ AA20-006A: Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ AA20-006A: Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ AA20-020A: Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ AA20-020A: Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ AA20-031A: Detecting Citrix CVE-2019-19781


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ AA20-031A: Detecting Citrix CVE-2019-19781


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ AA20-049A: Ransomware Impacting Pipeline Operations


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ AA20-049A: Ransomware Impacting Pipeline Operations


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ AA20-049A: Ransomware Impacting Pipeline Operations


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ AA20-049A: Ransomware Impacting Pipeline Operations


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ AA20-073A: Enterprise VPN Security


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ AA20-073A: Enterprise VPN Security


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ AA20-106A: Guidance on the North Korean Cyber Threat


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching


๐Ÿ“ˆ 19.93 Punkte

๐Ÿ“Œ AA20-120A: Microsoft Office 365 Security Recommendations


๐Ÿ“ˆ 19.93 Punkte











matomo