VLCM Cybersecurity Alerts - June, 2019

 

june

 

The month of June was truly what the VLCM Cybersecurity team calls "Cybersecurity Theatre"! Act one included continued urgency to patch the BlueKeep vulnerability identified the previous month in CVE-2019-0708, critical updates for multiple Cisco products and a warning from the IRS concerning tax-related phone and email scams. Act two included a warning from the IC3 on HTTPS phishing, Microsoft and Adobe monthly patch advisories affecting multiple products and an urgent alert from the FTC regarding a serious vulnerability identified with the Exim email server. Act three included a warning from the Cybersecurity and Infrastructure Security Agency (CISA) involving phishing campaigns with malicious email attachments that appear to come from the Department of Homeland Security (DHS), more Cisco updates, a critical advisory from Oracle affecting WebLogic, updates for Samba, updates for Firefox that address critical vulnerabilities, updates for BIND and a critical advisory from Dell regarding vulnerable versions of Dell SupportAssist. Act four included disclosure of serious vulnerabilities for Linux and FreeBSD kernels, an advisory from Apache affecting Tomcat, more Cisco advisories and a warning from the Cybersecurity and Infrastructure Security Agency (CISA) regarding malicious cyber activity coming from Iran. VLCM urges customers to stay vigilant and stay patched so criminals don't steal your show!

 

Cisco Releases Security Updates for Data Center Network Manager

June 26, 2019

Cisco has released security updates to address vulnerabilities in Cisco Data Center Network Manager (DCNM). A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary updates:

 

CISA Statement on Iranian Cybersecurity Threats

June 24, 2019

Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher C. Krebs has released a statement in response to the recent rise in malicious cyber activity—including spear phishing and brute force attacks—by Iranian regime actors and proxies.

CISA encourages users and administrators to review the CISA Statement on Iranian Cybersecurity Threats and tips and best practices for staying safe online, including the following:

Avoiding Social Engineering and Phishing Attacks
Password Spraying — Brute Force Attacks
Choosing and Protecting Passwords
Supplementing Passwords

 

Multiple Vulnerabilities Affecting Linux, FreeBSD Kernels

June 20, 2019

The CERT Coordination Center (CERT/CC) has released information on TCP networking vulnerabilities affecting Linux and FreeBSD kernels. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC Vulnerability Note VU#905115 for more information and refer to vendors for updates.

 

Apache Releases Security Advisory for Apache Tomcat

June 20, 2019

Apache has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache security advisory for CVE-2019-10072 and upgrade to the appropriate version.

 

Dell Releases Security Advisory for Dell SupportAssist

June 21, 2019

Dell has released a security advisory to address a vulnerability in Dell SupportAssist software. An attacker could exploit this vulnerability to access sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Dell Security Advisory DSA-2019-084 and apply the necessary update.

 

ISC Releases BIND Security Updates

June 19, 2019

The Internet Systems Consortium (ISC) has released updates that address a vulnerability in versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisory for CVE-2019-6471 and apply the necessary updates.

 

Mozilla Releases Security Updates for Firefox and Firefox ESR

June 20, 2019

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 67.0.4 and Firefox ESR 60.7.2 and apply the necessary updates.

 

Samba Releases Security Updates

June 19, 2019

The Samba Team has released security updates to address vulnerabilities in Samba 4.9 and all versions of Samba from 4.10 onward. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-12435 and CVE-2019-12436 and apply the necessary updates.

 

Oracle Releases Security Advisory for WebLogic

June 19, 2019

Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle Security Alert and apply the necessary updates.

 

Cisco Releases Security Updates for Multiple Products

June 19, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary updates:

 

Mozilla Releases Security Updates for Firefox and Firefox ESR

June 18, 2019

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 67.0.3 and Firefox ESR 60.7.1 and apply the necessary updates.

 

DHS Email Phishing Scam

June 18, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications. The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment.

CISA encourages users and administrators take the following actions to avoid becoming a victim of social engineering and phishing attacks:

  • Be wary of unsolicited emails, even if the sender appears to be known; attempt to verify web addresses independently (e.g., contact your organization's helpdesk or search the internet for the main website of the organization or topic mentioned in the email).
  • Use caution with email links and attachments without authenticating the sender. CISA will never send NCAS notifications that contain email attachments.
  • Immediately report any suspicious emails to your information technology helpdesk, security office, or email provider.

 

FTC Releases Alert

June 13, 2019

The Federal Trade Commission (FTC) has released an alert on keeping software up to date to help protect sensitive information such as financial and tax information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the FTC article and FTC’s OnGuardOnline for additional information.

 

Exim Releases Security Patches

June 13, 2019

Exim has released patches to address a vulnerability affecting Exim versions 4.87–4.91. A remote attacker could exploit this vulnerability to take control of an affected email server. This vulnerability was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Exim CVE-2019-10149 page and either upgrade to Exim 4.92 or apply the necessary patches.

 

Microsoft Releases June 2019 Security Updates

June 11, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s June 2019 Security Update Summary and Deployment Information and apply the necessary updates.

 

Adobe Releases Security Updates

June 11, 2019

Adobe has released security updates to address vulnerabilities affecting ColdFusion, Adobe Campaign, and Adobe Flash Player. An attacker could exploit some these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-27, APSB19-28, and APSB19-30 and apply the necessary updates.

 

IC3 Issues Alert on HTTPS Phishing

June 10, 2019

The Internet Crime Complaint Center (IC3) has released an alert on Hypertext Transfer Protocol Secure (HTTPS) phishing—a scheme which lures email recipients into visiting malicious websites that look legitimate and secure.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the IC3 Alert and the CISA Tip on Avoiding Social Engineering and Phishing Attacks. If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov.

 

IRS Warns of New Tax Scams

June 7, 2019

The Internal Revenue Service (IRS) has issued a reminder urging consumers to look out for two new variations of tax-related phone and email scams. The phone scam involves pre-recorded messages threatening to suspend or cancel a victim’s Social Security number, and the email phishing scam involves a fake agency—the “Bureau of Tax Enforcement”—claiming that the victim owes past due taxes.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers to review the IRS Alert and CISA’s Tip on Avoiding Social Engineering and Phishing Attacks for more information on avoiding tax scams year round. If you believe you have been a victim of a tax-related scam, visit the IRS webpage on Tax Scams - How to Report Them.

 

Cisco Releases Security Updates for Multiple Products

June 5, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

 

Google Releases Security Update for Chrome

June 4, 2019

Google has released Chrome version 75.0.3770.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary update.

 

NSA Releases Advisory on BlueKeep Vulnerability

June 4, 2019

The National Security Agency (NSA) has released a cybersecurity advisory for CVE-2019-0708—a vulnerability dubbed BlueKeep. Although Microsoft has issued a patch, potentially millions of machines are still unpatched and remain vulnerable.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review NSA’s news release and advisory, Microsoft Security Response Center’s "A Reminder to Update Your Systems to Prevent a Worm", and Microsoft Customer Guidance for CVE-2019-0708.

CISA recommends patching the affected operating systems: