The month of June was truly what the VLCM Cybersecurity team calls "Cybersecurity Theatre"! Act one included continued urgency to patch the BlueKeep vulnerability identified the previous month in CVE-2019-0708, critical updates for multiple Cisco products and a warning from the IRS concerning tax-related phone and email scams. Act two included a warning from the IC3 on HTTPS phishing, Microsoft and Adobe monthly patch advisories affecting multiple products and an urgent alert from the FTC regarding a serious vulnerability identified with the Exim email server. Act three included a warning from the Cybersecurity and Infrastructure Security Agency (CISA) involving phishing campaigns with malicious email attachments that appear to come from the Department of Homeland Security (DHS), more Cisco updates, a critical advisory from Oracle affecting WebLogic, updates for Samba, updates for Firefox that address critical vulnerabilities, updates for BIND and a critical advisory from Dell regarding vulnerable versions of Dell SupportAssist. Act four included disclosure of serious vulnerabilities for Linux and FreeBSD kernels, an advisory from Apache affecting Tomcat, more Cisco advisories and a warning from the Cybersecurity and Infrastructure Security Agency (CISA) regarding malicious cyber activity coming from Iran. VLCM urges customers to stay vigilant and stay patched so criminals don't steal your show!
Cisco Releases Security Updates for Data Center Network Manager
June 26, 2019
Cisco has released security updates to address vulnerabilities in Cisco Data Center Network Manager (DCNM). A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary updates:
- DCNM Arbitrary File Upload and Remote Code Execution Vulnerability cisco-sa-20190626-dcnm-codex
- DCNM Authentication Bypass Vulnerability cisco-sa-20190626-dcnm-bypass
- DCNM Arbitrary File Download Vulnerability cisco-sa-20190626-dcnm-file-dwnld
- DCNM Information Disclosure Vulnerability cisco-sa-20190626-dcnm-infodiscl
CISA Statement on Iranian Cybersecurity Threats
June 24, 2019
Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher C. Krebs has released a statement in response to the recent rise in malicious cyber activity—including spear phishing and brute force attacks—by Iranian regime actors and proxies.
CISA encourages users and administrators to review the CISA Statement on Iranian Cybersecurity Threats and tips and best practices for staying safe online, including the following:
• Avoiding Social Engineering and Phishing Attacks
• Password Spraying — Brute Force Attacks
• Choosing and Protecting Passwords
• Supplementing Passwords
Multiple Vulnerabilities Affecting Linux, FreeBSD Kernels
June 20, 2019
The CERT Coordination Center (CERT/CC) has released information on TCP networking vulnerabilities affecting Linux and FreeBSD kernels. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC Vulnerability Note VU#905115 for more information and refer to vendors for updates.
Apache Releases Security Advisory for Apache Tomcat
June 20, 2019
Apache has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache security advisory for CVE-2019-10072 and upgrade to the appropriate version.
Dell Releases Security Advisory for Dell SupportAssist
June 21, 2019
Dell has released a security advisory to address a vulnerability in Dell SupportAssist software. An attacker could exploit this vulnerability to access sensitive information.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Dell Security Advisory DSA-2019-084 and apply the necessary update.
ISC Releases BIND Security Updates
June 19, 2019
The Internet Systems Consortium (ISC) has released updates that address a vulnerability in versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisory for CVE-2019-6471 and apply the necessary updates.
Mozilla Releases Security Updates for Firefox and Firefox ESR
June 20, 2019
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 67.0.4 and Firefox ESR 60.7.2 and apply the necessary updates.
Samba Releases Security Updates
June 19, 2019
The Samba Team has released security updates to address vulnerabilities in Samba 4.9 and all versions of Samba from 4.10 onward. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-12435 and CVE-2019-12436 and apply the necessary updates.
Oracle Releases Security Advisory for WebLogic
June 19, 2019
Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle Security Alert and apply the necessary updates.
Cisco Releases Security Updates for Multiple Products
June 19, 2019
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary updates:
- SD-WAN Solution Privilege Escalation Vulnerability cisco-sa-20190619-sdwan-privesca
- DNA Center Authentication Bypass Vulnerability cisco-sa-20190619-dnac-bypass
- TelePresence Endpoint Command Shell Injection Vulnerability cisco-sa-20190619-tele-shell-inj
- StarOS Denial-of-Service Vulnerability cisco-sa-20190619-staros-asr-dos
- SD-WAN Solution Privilege Escalation Vulnerability cisco-sa-20190619-sdwan-privilescal
- SD-WAN Solution Command Injection Vulnerability cisco-sa-20190619-sdwan-cmdinj
- RV110W, RV130W, and RV215W Routers Management Interface Denial-of-Service Vulnerability cisco-sa-20190619-rvrouters-dos
- Prime Service Catalog Cross-Site Request Forgery Vulnerability cisco-sa-20190619-psc-csrf
- Meeting Server CLI Command Injection Vulnerability cisco-sa-20190619-cms-codex
Mozilla Releases Security Updates for Firefox and Firefox ESR
June 18, 2019
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 67.0.3 and Firefox ESR 60.7.1 and apply the necessary updates.
DHS Email Phishing Scam
June 18, 2019
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications. The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment.
CISA encourages users and administrators take the following actions to avoid becoming a victim of social engineering and phishing attacks:
- Be wary of unsolicited emails, even if the sender appears to be known; attempt to verify web addresses independently (e.g., contact your organization's helpdesk or search the internet for the main website of the organization or topic mentioned in the email).
- Use caution with email links and attachments without authenticating the sender. CISA will never send NCAS notifications that contain email attachments.
- Immediately report any suspicious emails to your information technology helpdesk, security office, or email provider.
FTC Releases Alert
June 13, 2019
The Federal Trade Commission (FTC) has released an alert on keeping software up to date to help protect sensitive information such as financial and tax information.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the FTC article and FTC’s OnGuardOnline for additional information.
Exim Releases Security Patches
June 13, 2019
Exim has released patches to address a vulnerability affecting Exim versions 4.87–4.91. A remote attacker could exploit this vulnerability to take control of an affected email server. This vulnerability was detected in exploits in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Exim CVE-2019-10149 page and either upgrade to Exim 4.92 or apply the necessary patches.
Microsoft Releases June 2019 Security Updates
June 11, 2019
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s June 2019 Security Update Summary and Deployment Information and apply the necessary updates.
Adobe Releases Security Updates
June 11, 2019
Adobe has released security updates to address vulnerabilities affecting ColdFusion, Adobe Campaign, and Adobe Flash Player. An attacker could exploit some these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-27, APSB19-28, and APSB19-30 and apply the necessary updates.
IC3 Issues Alert on HTTPS Phishing
June 10, 2019
The Internet Crime Complaint Center (IC3) has released an alert on Hypertext Transfer Protocol Secure (HTTPS) phishing—a scheme which lures email recipients into visiting malicious websites that look legitimate and secure.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the IC3 Alert and the CISA Tip on Avoiding Social Engineering and Phishing Attacks. If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov.
IRS Warns of New Tax Scams
June 7, 2019
The Internal Revenue Service (IRS) has issued a reminder urging consumers to look out for two new variations of tax-related phone and email scams. The phone scam involves pre-recorded messages threatening to suspend or cancel a victim’s Social Security number, and the email phishing scam involves a fake agency—the “Bureau of Tax Enforcement”—claiming that the victim owes past due taxes.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers to review the IRS Alert and CISA’s Tip on Avoiding Social Engineering and Phishing Attacks for more information on avoiding tax scams year round. If you believe you have been a victim of a tax-related scam, visit the IRS webpage on Tax Scams - How to Report Them.
Cisco Releases Security Updates for Multiple Products
June 5, 2019
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:
- Industrial Network Director Remote Code Execution Vulnerability cisco-sa-20190605-ind-rce
- Unified Communications Manager IM&P Service, Cisco TelePresence VCS, and Cisco Expressway Series Denial of Service Vulnerability cisco-sa-20190605-cucm-imp-dos
- Webex Meetings Server Information Disclosure Vulnerability cisco-sa-20190605-webexmeetings-id
- TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability cisco-sa-20190605-vcs
- Unified Computing System BIOS Signature Bypass Vulnerability cisco-sa-20190605-ucs-biossig-bypass
- IOS XR Software Secure Shell Authentication Vulnerability cisco-sa-20190605-iosxr-ssh
- Industrial Network Director Stored Cross-Site Scripting Vulnerability cisco-sa-20190605-ind-xss
- Industrial Network Director Cross-Site Request Forgery Vulnerability cisco-sa-20190605-ind-csrf
- Enterprise Chat and Email Cross-Site Scripting Vulnerability cisco-sa-20190605-ece-xss
Google Releases Security Update for Chrome
June 4, 2019
Google has released Chrome version 75.0.3770.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary update.
NSA Releases Advisory on BlueKeep Vulnerability
June 4, 2019
The National Security Agency (NSA) has released a cybersecurity advisory for CVE-2019-0708—a vulnerability dubbed BlueKeep. Although Microsoft has issued a patch, potentially millions of machines are still unpatched and remain vulnerable.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review NSA’s news release and advisory, Microsoft Security Response Center’s "A Reminder to Update Your Systems to Prevent a Worm", and Microsoft Customer Guidance for CVE-2019-0708.
CISA recommends patching the affected operating systems:
