Page 17 - Threat Intelligence 11-5-2019
P. 17

• Avoiding Social Engineering and Phishing Attacks
             • Brute Force Attacks Conducted by Cyber Actors
             • Protecting Against Malicious Code

             Apple Releases Security Updates
             Apple has released security updates to address vulnerabilities in multiple products. An attacker
             could exploit some of these vulnerabilities to take control of an affected system.
             The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to
             review the Apple security pages for the following products and apply the necessary updates:
             •iTunes 12.10.2 for Windows
             •iCloud for Windows 11.0
             •iCloud for Windows 7.15
             •macOS Catalina 10.15.1 for macOS Catalina 10.15, Security Update 2019-001, and Security Update
             2019-006
             •watchOS 6.1 for Apple Watch
             •watchOS 5.3.3
             •Safari 13.0.3
             •iOS 13.2 and iPadOS 13.2
             •iOS 12.4.3
             •tvOS 13.2


             MS-ISAC Releases Advisory on PHP Vulnerabilities
             The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on
             multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these
             vulnerabilities to take control of an affected system.
             The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to
             review MS-ISAC Advisory 2019-116 and the PHP Downloads page and apply the necessary updates.


             Vulnerabilities and Indicators of Compromise



                    ➢ Weekly Vulnerability Summary from US-CERT
                    ➢ Talos weekly alerts
                    ➢ New Adwind Variant Targets Windows, Chromium Credentials
                    ➢ Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users
                    ➢ Magecart Gang Targets Skin Care Site Visitors For 5+ Months
                    ➢ Georgia hit by massive cyber-attack
                    ➢ Hackers are using a bug in PHP7 to remotely hijack web servers
                    ➢ TrialWorks Ransomware Attack Disrupts Court Cases and Deadlines
                    ➢ Bed Bath & Beyond Discloses Customer Login Credentials Breach
                    ➢ Thousands of QNAP NAS devices have been infected with the QSnatch malware






                                                   “One person’s “paranoia” is another person’s engineering redundancy”

                                                                                                      - Marcus J, Ranum
                                                                                Computer and Network Security Innovator
   12   13   14   15   16   17   18   19   20