CVE-2022-42889 Apache Commons Text RCE via String Interpolation

A vulnerability in the Apache Commons Text library indicates that attackers can perform remote code execution (RCE). This new vulnerability is being analyzed currently by NIST and others.

TranStar does not contain an implementation of the Apache Commons Text library, and LinkStar uses an unaffected version. No action is required at this time.

CVE-2022-22965 Spring Framework RCE via Data Binding on JDK 9+

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Apache Tomcat as a WAR servlet deployment.

While LinkStar currently utilizes an affected version of the Spring Framework, LinkStar deployments only exist as executable JARs. TS Partners does not distribute WAR deployments of LinkStar.

CVE-2021-34484: Sitel/Sykes breach affecting Okta

Sitel, cited a legacy network from its 2021 acquisition Sykes Enterprise as the cause of the security incident that affected access management provider Okta.

Okta revealed that it notified Sitel of the breach on January 20, 2022 and the full report on the incident was not available from Sitel until March. During the intervening period, the extortion group Lapsus$ released data from Okta that was obtained through the compromise of Sitel’s systems.

TS Partners brings this information to client attention as Okta is an enterprise access management provider at a number of organizations.

CISA Alert (AA22-011A) Understanding Russian State-Sponsored Cyber Threats to U.S. Infrastructure

A Joint Cybersecurity Advisory (CSA) has been authored by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) to provide organizations with an overview of Russian state-sponsored cyber operations, tactics, and techniques.

TS Partners has evaluated its environment proactively to ensure potential threats are identified and mitigated.

As background: TS Partners is not an ASP/Service Bureau; TSP does not use cloud, contractors, sub-contractors or other third-parties in the development and support of the application software licensed to clients.

CVE-2021-44228: Apache Log4j Remote Code Execution Vulnerability

The Apache Software Foundation has released a security advisory to address a remote code execution vulnerability affecting Log4j versions. A remote attacker could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services.

CVE-2020-10148 SolarWinds Orion Supply Chain Attack

On Dec. 12, 2020, FireEye provided information on a widespread attack involving a backdoored component of the SolarWinds Orion platform used by numerous organizations to monitor and manage their IT infrastructures.

FireEye has given the incident an identifier of UNC2452 and the trojanized version of the SolarWinds Orion component is being called “Sunburst.” Microsoft has used the “Solorigate” identifier for the malware and added detection rules to its Defender antivirus. SolarWinds has issued a separate customer advisory for the incident.