Australian Government’s lead security agency sends out warnings.
The Australian Cyber Security Centre (ACSC), the Australian Government lead agency for cyber security has sent out a number of high alerts for vulnerabilities in a number of software products, including Accellion which affected Singapore telecommunications provider, Singtel.
According to the ACSC the top three vulnerabilities for organisations to be aware of includes:
Malware targeting Centreon software
On 16 Feb 2021, France’s cyber security agency, Agence Nationale de la SĂ©curitĂ© des Systèmes d’Information (ANSSI), released information relating to ongoing malware targeting Centreon software since 2017. Centreon produce software for system and network monitoring, which is also named Centreon. ANSSI states that on compromise, two webshell variants, P.A.S and Exaramel, were uploaded. ANSSI have provided analysis of the malware including detection methods and Indicators of Compromise
Mitigation
The ACSC recommends Australian organisations utilising Centreon follow advice provided by ANSSI and apply any updates or patches that are released. Until updates or patches are released, the ACSC recommends that Centreon software management console be isolated from the internet and internal network connections be minimised.
VMware vCenter Server products, including as part of VMware Cloud Foundation
ACSC recommends organisations ensure their systems are promptly patched after the recent disclosure of a new remote code execution vulnerability.
If successfully exploited, CVE-2021-21972 would allow an adversary with access to port 443 to remotely execute commands with unrestricted privileges on the underlying operating system hosting VMware vCenter Server. VMware evaluates the severity of this issue to be Critical in their severity range. Proof of concept code to exploit the vulnerability has been published online.
The ACSC strongly encourages users and administrators to review the VMware advisory for CVE-2021-21972 (VMSA-2021-0002) and update their systems promptly. The ACSC recommends that enterprises should restrict the exposure of management interfaces internally and externally to their enterprise.
SQL injection vulnerability in the Accellion File Transfer Appliance (FTA)
According to the ACSC If exploited, this vulnerability may provide an attacker with access to content stored on, and accessible by, the FTA instance.
Mitigation
If an organisation is impacted by the Accellion FTA vulnerability, the ACSC’s recommendations are:
Temporarily isolate or block internet access to and from systems hosting the FTA.
Review the joint United States, United Kingdom, Australia, New Zealand, and Singapore advisory available at CISA and examine the FTA using the included indicators of compromise.
If no indicators of compromise are identified, follow Accellion’s advice to apply security patches as soon as possible. Given that FTA is regarded as a legacy product by Accellion, organisations using FTA should migrate to currently supported products.