VLCM Cybersecurity Alerts - July, 2019

Things really started heating up in July, especially regarding ransomware attacks targeting cities across the US. Some of the first attacks started in Baltimore, Atlanta, then cities in Florida and recently Georgia. The Governor of Louisiana recently declared a state of emergency after ransomware attacks were reported by public schools in several Parishes. This activity prompted a recent joint statement by the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), the National Governors Association (NGA), and the National Association of State Chief Information Officers (NASCIO), urging government and private organizations to reinforce their ransomware defenses. Key recommendations are to ensure critical systems are backed up to offline sites, ensure employee security awareness training is being conducted, with a focus on email phishing-awareness, and to create and/or update incident response plans to include steps to report attacks immediately to the FBI and request assistance from cyber first responders like CISA and the MS-ISAC. VLCM urges customers to stay informed, implement the recommended protections and let us help you stay secure!

CIS Releases Newsletter on Cleaning Up Data and Devices

July 31, 2019

The Center for Internet Security (CIS) July Newsletter reminds users to properly dispose of old or unused data and devices. Without careful management of online accounts, cloud storage, physical storage, and electronic devices, users could inadvertently disclose sensitive information that can be exploited by cyber criminals. CIS is home to the Multi-State Information Sharing & Analysis Center (MS-ISAC), a Cybersecurity and Infrastructure Security Agency (CISA) partner focused on cyber threat prevention, protection, response, and recovery for U.S. state, local, tribal, and territorial government entities.

CISA encourages users and administrators to review the CIS Newsletter on Cleaning Out Your Old Data and Devices and the CISA Tip on Proper Disposal of Electronic Devices for more information.

Google Releases Security Updates for Chrome

July 31, 2019

Google has released Chrome version 76.0.3809.87 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

CISA Releases Advisory on Wind River VxWorks Platform

July 30, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) Advisory on multiple vulnerabilities in the Wind River VxWorks Platform. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following products, apply the recommended mitigations, and refer to vendors for appropriate patches, when available.

• ICS Advisory ICSA-19-211-01
• Canadian Centre for Cyber Security Alert AL19-015
• Wind River Security Bulletin TCP/IP Network Stack

Steps to Safeguard Against Ransomware Attacks

July 30, 2019

The Cybersecurity and Infrastructure Security Agency (CISA), Multi-State Information Sharing & Analysis Center (MS-ISAC), National Governors Association (NGA), and the National Association of State Chief Information Officers (NASCIO) have released a Joint Ransomware Statement with recommendations for state and local governments to build resilience against ransomware:

1. Back up systems—now (and daily). Immediately and regularly back up all critical agency and system configuration information on a separate device and store the backups offline, verifying their integrity and restoration process. If recovering after an attack, restore a stronger system than the one lost, fully patched and updated to the latest version.
2. Reinforce basic cybersecurity awareness and education. Ransomware attacks often require the human element to succeed. Refresh employee training on recognizing cyber threats, phishing, and suspicious links—the most common vectors for ransomware attacks. Remind employees of how to report incidents to appropriate IT staff in a timely manner, which should include out-of-band communication paths.
3. Revisit and refine cyber incident response plans. Have a clear plan to address attacks when they occur, including when internal capabilities are overwhelmed. Make sure response plans include how to request assistance from external cyber first responders, such as state agencies, CISA, and MS-ISAC, in the event of an attack.

CISA encourages organizations to review the Joint Ransomware Statement and the following ransomware guidance:

• MS-ISAC Security Primer on Ransomware
• CISA Tip Sheet on Ransomware
• NGA Disruption Response Planning Memo
• NASCIO Cyber Disruption Planning Guide

Vulnerabilities in Multiple VPN Applications

July 26, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of vulnerabilities affecting multiple Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages administrators to review the following security advisories and apply the necessary updates:

• Palo Alto Security Advisory PAN-SA-2019-00200
• FortiGuard Security Advisory FG-IR-18-384
• Pulse Secure Security Advisory SA44101

IRS Reminds Tax Professionals: Create a Data Security Plan

July 24, 2019

The Internal Revenue Service (IRS) has issued a news release reminding professional tax preparers that they are required by law to have a written data security plan. Creating and maintaining a data security plan ensures that tax professionals are reviewing their data security protections and implementing appropriate safeguards. Creating a data security plan is part of the Taxes. Security. Together. checklist, which the IRS created to help tax professionals protect sensitive taxpayer data.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages tax professionals to review the IRS news release and CISA's Tip on Safeguarding Your Data for more information.

Building Resilience to Foreign Interference, Misinformation Activities

July 22, 2019

As part of the effort to #Protect2020, the Cybersecurity and Infrastructure Security Agency (CISA) is working with national partners to build resilience to foreign interferences, particularly information activities (e.g., disinformation, misinformation). The Department of Homeland Security (DHS) views foreign interference as malign actions taken by foreign governments or actors designed to sow discord, manipulate public discourse, discredit the electoral system, bias the development of policy, or disrupt markets for the purpose of undermining the interests of the United States and its allies.

Responding to foreign interference requires a whole of society approach—CISA has made available the following foreign interference resources to #Protect2020:

• The War on Pineapple: Understanding Foreign Interference in 5 Steps
• Foreign Interference Taxonomy
• Social Media Bots Overview

Apple Releases Multiple Security Updates

July 22, 2019

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

• iOS 12.4
• tvOS 12.4
• Safari 12.1.2
• macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra
• watchOS 5.3

5G Wireless Network Risk Factors

July 22, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has released an infographic on 5G wireless network risk factors. Although 5G technology will bring capacity, reliability, and security improvements, it may also introduce supply chain, deployment, network security, and competition and choice vulnerabilities. These vulnerabilities may affect the security and resilience of 5G networks.

CISA encourages users and administrators to review the CISA 5G infographic to better understand the risks associated with 5G wireless networks.

Canadian Centre for Cyber Security Releases Advisory on Fileless Malware

July 18, 2019

The Canadian Centre for Cyber Security (CCCS) has released an advisory on an Astaroth fileless malware campaign affecting Microsoft Windows. Astaroth resides solely in memory, and an attacker can use it and other fileless malware to steal information, such as credentials and keystrokes, and obtain other sensitive data.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review CCCS’s Fileless Malware Advisory for potential infection vectors and recommended mitigations and refer to CISA’s Tip on Protecting Against Malicious Code.

Cisco Releases Security Updates for Multiple Products

July 17, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary updates:

• Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability cisco-sa-20190717-cvdsd-wmauth
• FindIT Network Management Software Static Credentials Vulnerability cisco-sa-20190717-cfnm-statcred
• IOS Access Points Software 802.11r Fast Transition Denial-of-Service Vulnerability cisco-sa-20190717-aironet-dos

Drupal Releases Security Update

July 17, 2019

Drupal has released a security update to address a vulnerability in Drupal Core. An attacker could exploit this vulnerability to take control of an affected website.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal’s security advisory SA-CORE-2019-008 and apply the necessary update.

NCSC Releases 2019 Active Cyber Defence Report

July 16, 2019

The United Kingdom’s National Cyber Security Centre (NCSC) has released their 2019 Active Cyber Defence (ACD) report, which provides an analysis of program outcomes throughout 2018. NCSC’s ACD program—stood up in 2016—seeks to reduce harm from commodity cyberattacks against the United Kingdom.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review NCSC’s report for more information.

Oracle Releases July 2019 Security Bulletin

July 16, 2019

Oracle has released its Critical Patch Update for July 2019 to address 319 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle July 2019 Critical Patch Update and apply the necessary updates.

Microsoft Releases Security Updates for PowerShell Core

July 16, 2019

Microsoft has released updates to address a vulnerability in PowerShell Core versions 6.1 and 6.2. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary updates.

IRS Releases Six Cybersecurity Safeguards

July 16, 2019

The Internal Revenue Service (IRS) has issued a news release outlining six cybersecurity safeguards to protect computers, email, and sensitive data. The recommendations are part of the Taxes. Security. Together. Checklist, which the IRS created to help tax professionals protect sensitive taxpayer data.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages tax professionals and taxpayers to review the IRS news release and CISA’s Tip on Safeguarding Your Data for more information.

Google Releases Security Updates for Chrome

July 15, 2019

Google has released Chrome 75.0.3770.142 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

NCSC Releases Advisory on Ongoing DNS Hijacking Campaign

July 12, 2019

The United Kingdom’s National Cyber Security Centre (NCSC) has released an advisory about an ongoing Domain Name System (DNS) hijacking campaign. The advisory details risks and mitigations for organizations to defend against this campaign, in which attackers use compromised credentials to modify the location to which an organization’s domain name resources resolve to redirect users, obtain sensitive information, and cause man-in-the-middle attacks.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC Advisory, apply the recommended mitigations, and refer to CISA’s Alert AA19-024A – DNS Infrastructure Hijacking Campaign for more information.

Atlassian Releases Security Updates for Jira

July 11, 2019

Atlassian has released security updates to address a vulnerability affecting Jira Server and Jira Data Center. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Atlassian Security Advisory 2019-07-10 and Canadian Centre for Cyber Security Advisory AV19-143 and apply the necessary updates or mitigations.

Cisco Releases Security Updates for Multiple Products

July 10, 2019

Cisco has released security updates to address a vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

Juniper Networks Releases Multiple Security Updates

July 10, 2019

Juniper Networks has released security updates to address multiple vulnerabilities in various products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Juniper Security Advisories webpage and apply the necessary updates.

Microsoft Releases July 2019 Security Updates

July 9, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s July 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Intel Releases Security Updates

July 9, 2019

Intel has released security updates to address vulnerabilities in Intel Solid State Drives for Data Centers and Intel Processor Diagnostic Tool. An attacker could exploit these vulnerabilities to gain an escalation of privileges on a previously infected machine.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Intel Security Advisories INTEL-SA-00267 and INTEL-SA-00268 and apply the necessary updates.

Mozilla Releases Security Updates for Firefox and Firefox ESR

July 9, 2019

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 68 and Firefox ESR 60.8 and apply the necessary updates.

Adobe Releases Security Updates

July 9, 2019

Adobe has released security updates to address vulnerabilities affecting Bridge CC, Experience Manager, and Dreamweaver. An attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-37, APSB19-38, and APSB19-40 and apply the necessary updates.

U.S. Coast Guard Releases Cybersecurity Measures for Commercial Vessels

July 8, 2019

The U.S. Coast Guard has released a Safety Alert with recommended cybersecurity best practices for commercial vessels. With a dynamic cybersecurity threat landscape and growing reliance on technology to support vessels, the maritime community can help strengthen their defenses by implementing the following basic cybersecurity measures:

• Implement network segmentation.
• Create network profiles for each employee, require unique login credentials, and limit privileges to only those necessary.
• Be wary of external media.
• Install anti-virus software.
• Keep software updated.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages vessel and facility owners and operators to review the U.S. Coast Guard’s Safety Alert 06-19 for additional information, see CISA’s Tip on Securing Network Infrastructure Devices, and implement the recommended cybersecurity measures.

Cisco Releases Security Updates for Multiple Products

July 3, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary updates:

• Web Security Appliance HTTPS Certificate Denial-of-Service Vulnerability cisco-sa-20190703-wsa-dos
• Small Business Series Switches Memory Corruption Vulnerability cisco-sa-20190703-sbss-memcorrup
• Small Business Series Switches HTTP Denial-of-Service Vulnerability cisco-sa-20190703-sbss-dos
• Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability cisco-sa-20190703-nfvis-file-readwrite
• Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability cisco-sa-20190703-n9kaci-bypass
• Jabber for Windows DLL Preloading Vulnerability cisco-sa-20190703-jabber-dll
• Unified Communications Manager Session Initiation Protocol Denial-of-Service Vulnerability cisco-sa-20190703-cucm-dos
• Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability cisco-sa-20190703-ccapic-restapi
• Web Security Appliance Web Proxy Denial-of-Service Vulnerability cisco-sa-20190703-asyncos-wsa

VMware Releases Security Advisory for Multiple Products

July 2, 2019

VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory VMSA-2019-0009 and apply mitigations or patches, when available.