In the dog days of August, there were continued ransomware attacks targeting US cities, this time in Texas with 23 confirmed attacks reported. Later, active attacks against earlier-reported vulnerabilities in Pulse Secure and Fortinet VPNs were reported, some being serious remote code execution (RCE) and directory traversal vulnerabilities. 80 suspects, mostly from Nigeria, were arrested for being part of a massive business email compromise (BEC) scam. At the end of the month news disclosing a ransomware attack that affected hundreds of dental practices was reported. Continued ransomware attacks, business email compromise (BEC), vulnerable hardware and software exploitation, the list goes on and on. These attacks will continue as long as they remain lucrative for criminals preying on victims they know are unprepared. VLCM continues to urge customers, partners and local state and private organizations to stay informed, remain vigilant and let us help you stay prepared and protected!
Cisco Releases Security Updates for Multiple Products
August 29, 2019
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:
- REST API Container for IOS XE Software Authentication Bypass Vulnerability cisco-sa-20190828-iosxe-rest-auth-bypass
- Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability cisco-sa-20190828-ucs-privescalation
- NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability cisco-sa-20190828-nxos-memleak-dos
- NX-OS Software IPv6 Denial of Service Vulnerability cisco-sa-20190828-nxos-ipv6-dos
- NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability cisco-sa-20190828-nxos-fsip-dos
- FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability cisco-sa-20190828-fxnxos-snmp-dos
- NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability cisco-sa-20190828-nxos-snmp-bypass
- NX-OS Software Network Time Protocol Denial of Service Vulnerability cisco-sa-20190828-nxos-ntp-dos
- NX-OS Software NX-API Denial of Service Vulnerability cisco-sa-20190828-nxos-api-dos
- Nexus 9000 Series Fabric Switches ACI Mode Border Leaf Endpoint Learning Vulnerability cisco-sa-20190828-nexus-aci-dos
September is National Preparedness Month: Be Prepared, Not Scared
August 28, 2019
National Preparedness Month (NPM) promotes family and community disaster and emergency planning. This year’s theme is “Prepared, Not Scared.”
Although most people understand that being prepared is essential to getting through an emergency such as a natural disaster, there is less awareness about the necessity of cybersecurity preparedness. Cybersecurity preparedness is often a deciding factor on how much an impact a cyber-related event—such as a ransomware infection, identify theft, or data breach—has on an individual or an organization.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages individuals and organizations to develop their own cyber emergency response plans that include guidance on protections and controls such as keeping software and operating systems updated, regularly backing up files, keeping encrypted copies of important documents offline, and routinely running anti-virus scans.
Learn more about National Preparedness Month at Ready.gov/September and see Ready.gov/Cybersecurity and the following CISA Tips for resources on preparing for, and responding to, unexpected cyber-related events:
• Protecting Against Ransomware
• Preventing and Responding to Identity Theft
• Handling Destructive Malware
• Protecting Against Malicious Code
Protect Against Romance Scams
August 27, 2019
The Federal Trade Commission (FTC) has released a short video to help users spot and defend against romance scams. In this type of fraud, cyber criminals gain the confidence of their victims and trick them into sending money. The video includes stories that romance scammers tell to online daters to get them to send money and offers tips for avoiding these scams. Use caution when online dating, and never send money or gifts to someone you have not met in person.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review FTC’s article on Romance Scams and NCCIC’s tip on Staying Safe on Social Networking Sites. If you think you have been a target of a romance scam, file a report with
- The online dating site,
- The Federal Trade Commission, and
- The Federal Bureau of Investigation's Internet Crime Complaint Center.
Apple Releases Multiple Security Updates
August 27, 2019
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:
Google Releases Security Updates for Chrome
August 27, 2019
Google has released Chrome version 76.0.3809.132 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release page and apply the necessary updates.
IRS Warns of New Email Scam
August 23, 2019
The Internal Revenue Service (IRS) has issued a warning about a new email scam in which malicious cyber actors send unsolicited emails to taxpayers from fake (i.e., spoofed) IRS email addresses. The emails contain a link to a spoofed IRS.gov website that displays fake details about the targeted recipient’s tax refund, return, or account. The emails instruct the recipient to access their refund information by entering a provided password on the spoofed website. By entering the password, the victim unintentionally downloads malware that could enable the malicious cyber actors to take control of the affected system or obtain sensitive information.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the IRS news release and the CISA Tip on Avoiding Social Engineering and Phishing Attacks for more information.
FISMA Annual Report to Congress
August 23, 2019
The Office of Management and Budget (OMB) has published its Fiscal Year (FY) 2018 Annual Report to Congress on the implementation of the Federal Information Security Modernization Act of 2014 (FISMA). The document includes data reported by agencies to OMB and the Cybersecurity and Infrastructure Security Agency (CISA). The report highlights government-wide cybersecurity programs and initiatives, and agencies’ progress to enhance federal cybersecurity over the past year and into the future. Notably, in FY 2018, agencies reported 31,107 incidents, a 12 percent decrease from FY 2017.
CISA encourages organizations to review the Fiscal Year 2018 Annual Report for more information.
CISA Strategic Intent: Defend Today, Secure Tomorrow
August 22, 2019
The Cybersecurity and Infrastructure Security Agency (CISA) has released the CISA Strategic Intent document, framing the new agency’s mission to protect the Nation’s critical infrastructure from physical and cyber threats. The document details CISA Director Christopher Krebs’ strategic vision and operational priorities and will serve as the interim strategy as the agency develops a longer-term strategic plan.
CISA encourages organizations to review the CISA Strategic Intent and the CISA website for more information.
Cisco Releases Security Updates
August 22, 2019
Cisco has released security updates to address vulnerabilities in Cisco Integrated Management Controller (IMC) Supervisor, Unified Computing System (UCS) Director, and UCS Director Express for Big Data. A remote attacker could exploit these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:
- Authentication Bypass Vulnerability in IMC Supervisor, UCS Director, and UCS Director Express for Big Data releases cisco-sa-20190821-imcs-ucs-authby
- Authentication Bypass Vulnerability in IMC Supervisor, UCS Director, and UCS Director Express for Big Data releases cisco-sa-20190821-imcs-ucs-authbypass
- Secure Copy (SCP) User Default Credentials Vulnerability in IMC Supervisor, UCS Director, and UCS Director Express for Big Data releases cisco-sa-20190821-imcs-usercred
- Application Programming Interface (API) Authentication Bypass Vulnerability in UCS Director and UCS Director Express for Big Data releases cisco-sa-20190821-ucsd-authbypass
CISA Insights: Ransomware Outbreak
August 21, 2019
The Cybersecurity and Infrastructure Security Agency (CISA) has released its first CISA Insights product, which discusses the rapid emergence of ransomware across our Nation’s networks. CISA Insights – Ransomware Outbreak includes steps in the following key areas to help organizations protect themselves from ransomware attacks—a top priority for CISA:
- Actions for Today – Make Sure You’re Not Tomorrow’s Headline
- Actions to Recover If Impacted – Don’t Let a Bad Day Get Worse
- Actions to Secure Your Environment Going Forward – Don’t Let Yourself be an Easy Mark
CISA urges organizations to review CISA Insights – Ransomware Outbreak, implement the recommendations, and visit the CISA resource page on ransomware for more information.
Cyber Safety for Students
August 20, 2019
As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students complete schoolwork and stay in touch with family and friends, there are risks associated with using them. However, there are simple steps that can help students stay safe while using their internet-connected devices.
The Cybersecurity and Infrastructure Security Agency (CISA) recommends reviewing the following resources for more information on cyber safety for students:
- Stop.Think.Connect. Toolkit
- Stay Safe Online
- Before You Connect a New Computer to the Internet
- Keeping Children Safe Online
- Rethink Cyber Safety Rules and the “Tech Talk” with Your Teens
- Concerned Parent’s Internet Safety Toolbox
Microsoft Releases Security Update for Windows Elevation of Privilege Vulnerability
August 15, 2019
Microsoft has released a security update to address an elevation of privilege vulnerability (CVE-2019-1162) in Windows. An attacker could exploit this vulnerability to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update.
IRS Security Summit Series for Tax Professionals: Create a Data Theft Recovery Plan
August 14, 2019
The fifth and final step in the Internal Revenue Service (IRS) Security Summit series for tax professionals is creating a data theft recovery plan. IRS issued a news release highlighting the importance of understanding the risks posed by national and international cybersecurity criminal syndicates, working with cybersecurity experts to help prevent and stop data theft, and reporting data theft as soon as possible. Creating a data theft recovery plan is part of the Taxes. Security. Together. Checklist, which IRS created to help tax professionals protect sensitive taxpayer data.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages tax professionals to review the IRS news release and the following Security Summit series topics for more information:
- Deploying “Security Six” basic safeguards
- Creating a data security plan
- Educating yourself on phishing scams
- Recognizing the signs of client data theft
Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities
August 14, 2019
Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems:
- Windows 7 SP1
- Windows Server 2008 R2 SP1
- Windows Server 2012
- Windows 8.1
- Windows Server 2012 R2
- Windows 10
An attacker could exploit these vulnerabilities to take control of an affected system. Similar to CVE-2019-0708—dubbed BlueKeep—these vulnerabilities are considered “wormable” because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and users and administrators to review the following resources and apply the necessary updates:
- Microsoft Security Blog Post: Patch New Wormable Vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)
- Microsoft Security Vulnerability Information for CVE-2019-1181
- Microsoft Security Vulnerability Information for CVE-2019-1182
- Microsoft Security Blog Post: Protect Against BlueKeep
- Microsoft Customer Guidance for CVE-2019-0708
Multiple HTTP/2 Implementation Vulnerabilities
August 14, 2019
The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting HTTP/2 implementations. An attacker could exploit these vulnerabilities to cause a denial-of-service (DoS) condition. Attacks can consume excessive system resources and lead to distributed DoS (DDoS) attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#605641 for more information and refer to vendors for updates.
Adobe Releases Security Updates for Multiple Products
August 13, 2019
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:
- After Effects CC APSB19-31
- Character Animator CC APSB19-32
- Premiere Pro CC APSB19-33
- Prelude CC APSB19-35
- Creative Cloud Desktop Application APSB19-39
- Acrobat and Reader APSB19-41
- Experience Manager APSB19-42
- Photoshop CC APSB19-44
Intel Releases Security Updates
August 13, 2019
Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:
- RAID Web Console 2 Advisory INTEL-SA-00246
- NUC Advisory INTEL-SA-00272
- Authenticate Advisory INTEL-SA-00275
- Driver and Support Assistant Advisory INTEL-SA-00276
- Remote Displays SDK Advisory INTEL-SA-00277
- Processor Identification Utility for Windows Advisory INTEL-SA-00281
- Computing Improvement Program Advisory INTEL-SA-00283
ACSC Releases Advisory on Password Spraying Attacks
August 8, 2019
The Australian Cyber Security Centre (ACSC) has released an advisory on password spraying attacks. Password spraying is a type of brute-force attack in which a malicious actor uses a single password against targeted user accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts.
The ACSC provides recommendations for organizations to detect and mitigate these types of attacks against their external services, such as webmail, remote desktop access, or cloud-based services.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ACSC advisory on password spraying attacks and the following CISA tips:
• Choosing and Protecting Passwords
• Supplementing Passwords
Google Releases Security Updates for Chrome
August 8, 2019
Google has released Chrome version 76.0.3809.100 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.
Cisco Releases Security Updates for Multiple Products
August 8, 2019
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:
- Webex Network Recording Player and Webex Player Arbitrary Code Execution Vulnerabilities cisco-sa-20190807-webex-player
- Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability cisco-sa-20190807-nfvis-vnc-authbypass
- IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability cisco-sa-20190807-iosxr-isis-dos-1918
- IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability cisco-sa-20190807-iosxr-isis-dos-1910
- Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability cisco-sa-20190807-asa-privescala
- Small Business 220 Series Smart Switches Remote Code Execution Vulnerabilities cisco-sa-20190806-sb220-rce
- Small Business 220 Series Smart Switches Authentication Bypass Vulnerability cisco-sa-20190806-sb220-auth_bypass
SWAPGS Spectre Side-Channel Vulnerability
August 6, 2019
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a vulnerability (CVE-2019-1125) known as SWAPGS, which is a variant of Spectre Variant 1—that affects modern computer processors. This vulnerability can be exploited to steal sensitive data present in a computer systems' memory.
Spectre is a flaw an attacker can exploit to force a program to reveal its data. The name derives from "speculative execution"—an optimization method a computer system performs to check whether it will work to prevent a delay when actually executed. Spectre affects almost all devices including desktops, laptops, and cloud servers.
CISA encourages users and administrators to review the following guidance, refer to their hardware and software vendors for additional details, and apply an appropriate patch when available:
- Microsoft: Windows Kernel Information Disclosure Vulnerability
- Red Hat: Spectre SWAPGS gadget vulnerability
- Google: Spectre Side Channels
El Paso and Dayton Tragedy-Related Scams and Malware Campaigns
August 6, 2019
In the wake of the recent shootings in El Paso, TX, and Dayton, OH, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on these tragic events. Users should exercise caution in handling emails related to the shootings, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events. Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to these events.
To avoid becoming a victim of malicious activity, users and administrators should consider taking the following preventive measures:
- Use caution when opening email attachments, and do not click on links in unsolicited email messages. Refer to CISA’s Tip on Using Caution with Email Attachments.
- Review CISA’s Tip on Staying Safe on Social Networking Sites.
- Refer to CISA’s Tip on Avoiding Social Engineering and Phishing Attacks.
- Review the information from the Federal Trade Commission on Before Giving to a Charity.
VMware Releases Security Updates for Multiple Products
August 3, 2019
VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0012 and apply the necessary updates and workarounds.
Cylance Antivirus Vulnerability
August 2, 2019
The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Cylance Antivirus products. A remote attacker could exploit this vulnerability to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC Vulnerability Note VU#489481 and the Cylance Resolution for BlackBerry Cylance Bypass webpage for patch information and additional recommended workarounds.
IRS Reminds Tax Professionals: Beware Phishing Emails
August 1, 2019
The Internal Revenue Service (IRS) has issued a news release warning tax professionals of the continued threat of phishing emails. Phishing emails are one of the most common ways cyber criminals steal sensitive data. Educating personnel on the risks posed by phishing emails is part of the Taxes. Security. Together. Checklist, which IRS created to help tax professionals protect sensitive taxpayer data.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages tax professionals to review the IRS news release and the CISA Tip on Avoiding Social Engineering and Phishing Attacks for more information.
NIST Publishes Multifactor Authentication Practice Guide
August 1, 2019
The National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) has published NIST Cybersecurity Practice Guide: Multifactor Authentication for E-Commerce. The guide provides e-commerce organizations multifactor authentication (MFA) protection methods they can implement to reduce fraudulent purchases.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages e-commerce organizations to download the guide to learn how to prevent e-commerce fraud using MFA solutions.
FTC Releases Alert on the Capital One Data Breach
August 1, 2019
The Federal Trade Commission (FTC) has released an alert on the Capital One data breach that exposed the personal information of 106 million Capital One credit card customers and applicants. FTC reminds users to check and monitor their credit report to protect against identify theft and to be aware of potential phishing scams related to the breach.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to refer to the FTC alert on the Capital One data breach and the CISA Tips on Preventing and Responding to Identity Theft and Avoiding Social Engineering and Phishing Attacks for more information.
Cisco Releases Security Updates
August 1, 2019
Cisco has released security updates to address a vulnerability in Cisco Nexus 9000 Series Fabric Switches. An attacker could exploit this vulnerability to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.
