Security News – Week 7

Swissport Aviation Services Company Targeted by Blackcat Ransomware

Swissport, which operates in the aviation industry, has been exposed to a Ransomware attack that caused flight delays and service interruptions. The BlackCat Ransomware Group -also known as ALPHV- accepted responsibility for the cyberattack and posted a series of allegedly seized samples of files belonging to Swissport on the leak site.

It is claimed that the data allegedly captured threat actors include sensitive information such as name, surname, e-mail, phone number, internal notes, and passport information of company personnel. The company stated that the attack caused minor delays between 3 and 20 minutes on 22 flights.

Confirming their affiliation with the BlackMatter/DarkSide operation, Blackcat threat actors have been carrying out attacks targeting multiple countries since November 2021, including the USA, Australia, and India. To be able to avoid possible Ransomware attacks, it is recommended not to interact with e-mails and links from unknown parties, use reliable security solutions, and download files or applications over known/trusted connections and sources.

Google Releases Updates to Actively Exploited 0-Day Security Vulnerability in Chrome

Google has released updates that address 11 vulnerabilities in the Chrome web browser, including a critical 0-day vulnerability actively exploited in attacks.

The vulnerability tracked as CVE-2022-0609 is due to a Use-After-Free error in the Animation component in Google Chrome. As a result, a remote threat actor can create a specially crafted web page and redirect users to this web page. Then it can execute arbitrary code on the target system by triggering the vulnerability.

It is recommended that Google Chrome users update to version 98.0.4758.102 released for Windows, Mac, and Linux to prevent attacks using these security vulnerabilities.

A Critical RCE Vulnerability Has Been Detected in Apache Cassandra

A security vulnerability has been detected in Apache Cassandra -an open-source NoSQL database management system- leading to remote code execution on affected systems. However, security researchers state that the vulnerability only occurs in non-default configurations of Cassandra.

The vulnerability, tracked as CVE-2021-44521, allows arbitrary code execution on the vulnerable system if the following settings are applied in the “cassandra.yaml” configuration file;

• Enable_user_defined_functions: True
• Enable_scripted_user_defined_functions: True
• Enable_user_defined_functions_threads: False

The vulnerability -rated as critical- affects Apache Cassandra versions 3.0.0 to 4.0.1 (Included). Therefore, it is recommended that Cassandra users upgrade their systems to versions 3.0.26, 3.11.12, and 4.0.2 by adding a new “allow_extra_insecure_udfs” flag not to be affected by the vulnerability.

DoS Security Vulnerability Detected in Cisco Email Security Appliance DNS Verification Component

A security vulnerability has been detected in the DNS Verification component of the AsyncOS Software for Cisco Email Security Appliance that could cause an affected device to denial of service (DoS).

The vulnerability, tracked as CVE-2022-20653, is caused by improper management of internal resources in the DNS-based Authentication of Named Entities (DANE) e-mail authentication component when performing DNS name resolution. As a result, a remote threat actor can perform a Denial of Service (DoS) attack by sending a specially crafted e-mail message to the system.

The vulnerability -which is considered critical- affects Cisco AsyncOS for Cisco Email Security Appliance 14.0, 13.5, 13.0, 12.5, and earlier versions. Cisco has released workarounds and updates that fix the vulnerability. It is recommended that users using vulnerable versions immediately upgrade to updated versions where the vulnerability has been fixed.