- Use Cases
Staying on top of cybersecurity news can seem like a daunting task in today’s rapidly-evolving world of cyber threats. That’s why we’re summarizing the most relevant cybersecurity vulnerabilities, advisories, and reports for our many U.S. federal government customers. This post also offers insight on how customers can use Axonius to easily find devices affected by these vulnerabilities.
(5.27.21) Drupal Releases Security Updates
Drupal released security updates to address a vulnerability affecting Drupal 8.9, 9.0, and 9.1. An attacker could exploit this vulnerability to take control over an affected system.
Identifying Affected Version of Drupal and Ensuring Proper Updates Were Made
Drupal recommends that users upgrade to current versions in order to mitigate the cross-site scripting vulnerabilities they disclosed. Security teams can use Axonius to identify devices with the affected versions of Drupal on their devices.
Once the affected devices are identified, you can then use the Axonius Enforcement Center to proactively alert the right teams via messaging, ticketing, or email. Many other enforcement actions are available in the Enforcement Center based on the connected adapters and desired workflows.
Apple released security updates to address vulnerabilities in multiple products. An attacker could leverage some of these vulnerabilities to take control of an affected device.
Apple security updates include:
Finding the Affected Apple Products With Axonius
If you’ve run a recent vulnerability scan and have connected vulnerability scanners in the Axonius platform, you can search for the CVE associated with the Apple vulnerabilities (multiple CVEs listed in the Apple security update).
This query will return results if any of the vulnerabilities have been observed by any adapter connected in Axonius.
Another option is to look for devices running the affected versions of the Apple products on your network, that aren’t covered by a Mac/iOS specific endpoint protection provider like Jamf. This may reduce the likelihood of compromise if a vulnerability is present.
Adobe recently released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical vulnerabilities an attacker could exploit to take control of an affected system.
Finding Devices Running Affected Versions of Adobe Acrobat and Reader With Axonius
There are multiple ways to identify devices affected by the Adobe vulnerabilities using Axonius. For Windows machines the affected products were from version 2021.001.20150 and earlier and for macOS the affected versions were 2021.001.20149 and earlier.
To find devices running these versions of Adobe Reader and Acrobat DC, you could conduct a complex query, which means that all of the query parameters need to be true in order for the query to return results.
For this complex query you could select “Installed Software” and search for Windows or OS X operations systems AND Adobe Reader or Adobe Acrobat AND versions earlier than 2021.001.20150 or 2021.001.20149 . If there are any devices running Adobe Reader or Acrobat versions 2021.001.20150, 2021.001.20149, or earlier, they will be shown in the query results.
The Defense Information Systems Agency released the initial Department of Defense Zero Trust Reference Architecture aimed at boosting cybersecurity and maintaining “information superiority on the digital battlefield.”
President Joe Biden signed an executive order aimed at strengthening U.S. cybersecurity defenses: Read more on our blog.
This joint advisory recommends best practices that critical infrastructure entities should consider implementing to prevent and mitigate the effects of ransomware attacks.