VLCM Cybersecurity Alerts - September 2019

 

cybersecurity---september

 

The month of September came in with a Hurricane named Dorian and a flurry of fraudulent email scams following close behind.  There were lots of update notifications from the usual vendors, including a high-profile update for the Exim email server that fixes critical vulnerabilities that are being actively exploited.  There were also numerous articles provided by the FBI, Multi-State Information Sharing & Analysis Center (MS-ISAC), the Cybersecurity and Infrastructure Security Agency (CISA) and even the United Kingdom (UK) National Cyber Security Centre (NCSC) and the Canadian Centre for Cyber Security (CCCS) with guidance covering social media, more guidance on ransomware protection and information focused on helping students and children stay safe online.  The month of October is known for ghosts and goblins but it's also National Cybersecurity Awareness Month (NCSAM) so check this blog often for related news!

 

Prepare for National Cybersecurity Awareness Month

September 30, 2019

October is National Cybersecurity Awareness Month (NCSAM), which is a collaborative effort between the Cybersecurity and Infrastructure Security Agency (CISA) and its public and private partners—including the National Cyber Security Alliance (NCSA)—to ensure every American has the resources they need to stay safe and secure online while increasing the resilience of the Nation against cyber threats. This year’s theme, “Own IT. Secure IT. Protect IT.,” focuses on promoting personal accountability and positive behavior when it comes to cybersecurity.

CISA encourages organizations to see the NCSAM 2019 webpage and the NCSAM 2019 Toolkit for ways to participate in and promote NCSAM.

 

MS-ISAC Releases Advisory on PHP Vulnerability

September 27, 2019

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on a vulnerability in Hypertext Preprocessor (PHP). An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC Advisory 2019-101 and the PHP Downloads page and apply the necessary update.

 

Apple Releases Security Updates

September 27, 2019

Apple has released security updates to address a vulnerability in multiple products. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

 

Cisco Releases Security Advisories

September 26, 2019

Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.

 

Canadian Centre for Cyber Security Releases Advisory on New Ransomware Campaign

September 25, 2019

The Canadian Centre for Cyber Security (CCCS) has released an advisory on a new ransomware campaign. The malware, named TFlower, may infect users via exposed, unpatched Remote Desktop Protocol (RDP) services.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review CCCS’s TFlower Ransomware Campaign Advisory for recommended mitigations and refer to CISA’s resource page on ransomware for more information on protecting against ransomware.

 

VMware Releases Security Updates

September 25, 2019

VMware has released security updates to address vulnerabilities in Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0015 and apply the necessary updates and workarounds.

 

Adobe Releases Security Updates for ColdFusion

September 25, 2019

Adobe has released security updates to address vulnerabilities in ColdFusion. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB19-47 and apply the necessary updates.

 

Microsoft Releases Out-of-Band Security Updates

September 23, 2019

Microsoft has released out-of-band security updates to address vulnerabilities in Microsoft software. A remote attacker could exploit of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Security Advisories for CVE-2019-1367, CVE-2019-1255, and Microsoft’s Cumulative security update for Internet Explorer and apply the necessary updates.

 

VMware Releases Security Updates for Multiple Products

September 20, 2019

VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0014 and apply the necessary updates.

 

CISA Releases Four New Insights Products

September 20, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has released four new CISA Insights products informed by U.S. intelligence and real-world events. Each of the following products provides a description of the threat, lessons learned, recommendations, and additional relevant resources:

CISA urges organizations to review the updated CISA Insights page and implement the recommendations.

 

Google Releases Security Updates for Chrome

September 19, 2019

Google has released Chrome 77.0.3865.90 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

 

VMware Releases Security Updates for Multiple Products

September 17, 2019

VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0013 and apply the necessary updates and workarounds.

 

2019 CWE Top 25 Most Dangerous Software Errors

September 17, 2019

MITRE has released the 2019 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors list. The Top 25 is a compilation of the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Top 25 list and evaluate recommended mitigations to determine those most suitable to adopt.

 

Intel Releases Security Updates

September 10, 2019

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to gain an escalation of privileges on a previously infected machine.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Intel's Security Advisories INTEL-SA-00290 and INTEL-SA-00285 and apply the necessary updates.

 

Google Releases Security Updates for Chrome

September 10, 2019

Google has released Chrome version 77.0.3865.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Releases page and apply the necessary updates.

 

MS-ISAC Releases Security Event Primer on Malware

September 10, 2019

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released a Security Event Primer on Malware. The white paper outlines general malware operations and includes common malware event types and best practice recommendations. An attacker can use malware to gain access to a network, obtain sensitive data, and damage systems.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC’s White Paper: Security Event Primer – Malware, see CISA’s Tip on Protecting Against Malicious Code, and implement the recommended best practices.

 

Adobe Releases Security Updates

September 10, 2019

Adobe has released security updates to address vulnerabilities affecting Flash Player and Application Manager. An attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-45 and APSB19-46 and apply the necessary updates.

 

Microsoft Releases September 2019 Security Updates

September 10, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s September 2019 Security Update Summary and Deployment Information and apply the necessary updates.

 

North Korean Malicious Cyber Activity

September 9, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified two malware variants—referred to as ELECTRICFISH and BADCALL—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

CISA encourages users and administrators to review the HIDDEN COBRA - North Korean Malicious Cyber Activity page, which contains links to Malware Analysis Reports MAR-10135536-21 and MAR-10135536-10, for more information.

 

FBI Safe Online Surfing Challenge

September 9, 2019

The Federal Bureau of Investigation (FBI) has launched the Safe Online Surfing (SOS) Challenge, encouraging educators to promote web literacy and safety for students during the 2019-20 school year. FBI developed the program to educate children on how to navigate the web securely using activities that correspond with specific grade levels. Public, private, and home schools with at least five students are eligible to participate in the online challenge.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the FBI SOS Challenge Announcement and the CISA Tip Keeping Children Safe Online.

 

U.S. Cyber Command Shares 11 New Malware Samples

September 8, 2019

U.S. Cyber Command has released 11 malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review U.S. Cyber Command’s VirusTotal page to view the samples. CISA also recommends users and administrators review the CISA Tip on Protecting Against Malicious Code for best practices on protecting systems and networks against malware.

 

Ransomware Protection Strategies

September 6, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has observed an increase in ransomware attacks across the Nation. Helping organizations protect themselves from ransomware is a chief priority for CISA. Organizations are encouraged to review the following resources to help prevent, mitigate, and recover against ransomware:

Victims of ransomware should report it immediately to CISA, a local FBI Field Office, or a Secret Service Field Office.

 

Exim Releases Security Patches

September 6, 2019

Exim has released patches to address vulnerabilities affecting Exim 4.92.1 and prior versions. A remote attacker could exploit this vulnerability to take control of an affected email server.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Exim CVE-2019-15846 page and upgrade to Exim 4.92.2 or apply the necessary patches.

 

WordPress Releases Security Update

September 6, 2019

WordPress 5.2.2 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.2.3.

 

FBI Releases Article on Think Before You Post Campaign

September 5, 2019

The Federal Bureau of Investigation (FBI) has released an article on their Think Before You Post campaign, designed to educate students on the use of social media and how to avoid making poor choices when posting, texting, or emailing thoughts or grievances that could lead to disruptive behavior, including threats. The FBI article stresses that this type of online behavior could result in serious consequences to the individual as well as the community.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the FBI article for information about the Think Before You Post campaign. CISA also recommends users review the CISA Tip Identifying Hoaxes and Urban Legends for information on the potential dangers of viral emails. CISA encourages users to report suspicious activity to their local FBI field office and to FBI CyWatch at cywatch@fbi.gov

 

MS-ISAC Releases Advisory on PHP Vulnerabilities

September 5, 2019

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC Advisory 2019-087 and the PHP Downloads page and apply the necessary updates.

 

Cisco Releases Security Updates

September 5, 2019

Cisco has released security updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

 

NCSC Releases UK Cyber Incident Trends Report

September 4, 2019

The United Kingdom (UK) National Cyber Security Centre (NCSC) has released a report detailing cyber incident trends in the UK from October 2018 to April 2019. The report provides technical guidance on how to defend against, and recover from, the following cyber threats: ransomware, phishing, vulnerability scanning, and attacks targeting supply chain and Office 365 cloud services.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC report and the following CISA resources for more information on improving cybersecurity posture:

 

Samba Releases Security Updates

September 4, 2019

The Samba Team has released security updates to address a vulnerability in all versions of Samba from 4.9.0 onward. An attacker could exploit this vulnerability to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcement for CVE-2019-10197 and apply the necessary updates and workarounds.

 

Mozilla Releases Security Updates for Firefox and Firefox ESR

September 4, 2019

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9.

 

Supermicro Releases Security Updates

September 4, 2019

Supermicro has released security updates to address vulnerabilities affecting the Baseboard Management Controller (BMC) component of Supermicro X9, X10, and X11 platforms. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review Supermicro’s Security Advisory and Security Vulnerabilities Table and apply the necessary updates and recommended mitigations.

 

Potential Hurricane Dorian Cyber Scams

September 4, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) warns users to remain vigilant for malicious cyber activity targeting Hurricane Dorian disaster victims and potential donors. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites. Users should exercise caution in handling any email with a hurricane-related subject line, attachment, or hyperlink. In addition, users should be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.

To avoid becoming victims of malicious activity, users and administrators should review the following resources and take preventative measures:

If you believe you have been a victim of cybercrime, file a complaint with the Federal Bureau of Investigation Internet Crime Complaint Center at www.ic3.gov.