Page 16 - Threat Intelligence 9-24-2019
P. 16

Threat Alerts




           And Advisories








           2019 CWE Top 25 Most Dangerous Software Errors
           MITRE has released the 2019 Common Weakness Enumeration (CWE) Top 25 Most
           Dangerous Software Errors list. The Top 25 is a compilation of the most frequent and critical
           errors that can lead to serious vulnerabilities in software. An attacker can often exploit
           these vulnerabilities to take control of an affected system, obtain sensitive information, or
           cause a denial-of-service condition.
           The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and
           administrators to review the Top 25 list and evaluate recommended mitigations to
           determine those most suitable to adopt.


           VMware Releases Security Updates for Multiple Products
           VMware has released security updates to address vulnerabilities in ESXi and vCenter. An
           attacker could exploit some of these vulnerabilities to take control of an affected system.
           The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and
           administrators to review VMware Security Advisory VMSA-2019-0013 and apply the
           necessary updates and workarounds.

           Google Releases Security Updates for Chrome
           Google has released Chrome 77.0.3865.90 for Windows, Mac, and Linux. This version
           addresses a vulnerability that an attacker can exploit to take control of an affected system.
           The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and
           administrators to review the Chrome Release and apply the necessary updates.

           CISA Releases Four New Insights Products
           The Cybersecurity and Infrastructure Security Agency (CISA) has released four new CISA
           Insights products informed by U.S. intelligence and real-world events. Each of the following
           products provides a description of the threat, lessons learned, recommendations, and
           additional relevant resources:
           • Mitigate DNS Infrastructure Tampering
           • Remediate Vulnerabilities for Internet-Accessible Systems
           • Secure High Value Assets
           • Enhance Email and Web Security
           CISA urges organizations to review the updated CISA Insights page and implement the
           recommendations.















                                                    www.accumepartners.com
                                                                                                                    16
   11   12   13   14   15   16   17   18   19   20