Page 16 - Threat Intelligence 9-3-2019
P. 16

Threat Alerts




           And Advisories








            Cisco Releases Security Updates
            Cisco has released security updates to address vulnerabilities in Cisco Integrated
            Management Controller (IMC) Supervisor, Unified Computing System (UCS) Director, and
            UCS Director Express for Big Data. A remote attacker could exploit these vulnerabilities to
            take control of an affected system. The Cybersecurity and Infrastructure Security Agency
            (CISA) encourages users and administrators to review the following Cisco Security
            Advisories and apply the necessary updates:
                   • Authentication Bypass Vulnerability in IMC Supervisor, UCS Director, and UCS
                     Director Express for Big Data releases cisco-sa-20190821-imcs-ucs-authby
                   • Authentication Bypass Vulnerability in IMC Supervisor, UCS Director, and UCS
                     Director Express for Big Data releases cisco-sa-20190821-imcs-ucs-authbypass
                   • Secure Copy (SCP) User Default Credentials Vulnerability in IMC Supervisor, UCS
                     Director, and UCS Director Express for Big Data releases cisco-sa-20190821-imcs-
                     usercred
                   • Application Programming Interface (API) Authentication Bypass Vulnerability in
                     UCS Director and UCS Director Express for Big Data releases cisco-sa-20190821-
                     ucsd-authbypass

            IRS Warns of New Email Scam
            The Internal Revenue Service (IRS) has issued a warning about a new email scam in which
            malicious cyber actors send unsolicited emails to taxpayers from fake (i.e., spoofed) IRS
            email addresses. The emails contain a link to a spoofed IRS.gov website that displays fake
            details about the targeted recipient’s tax refund, return, or account. The emails instruct the
            recipient to access their refund information by entering a provided password on the
            spoofed website. By entering the password, the victim unintentionally downloads malware
            that could enable the malicious cyber actors to take control of the affected system or
            obtain sensitive information.  The Cybersecurity and Infrastructure Security Agency (CISA)
            encourages users and administrators to review the IRS news release and the CISA Tip on
            Avoiding Social Engineering and Phishing Attacks for more information.


            Google Releases Security Updates for Chrome
            Google has released Chrome version 76.0.3809.132 for Windows, Mac, and Linux. This
            version addresses a vulnerability that an attacker could exploit to take control of an
            affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages
            users and administrators to review the Chrome Release page and apply the necessary
            updates.











                                                    www.accumepartners.com
                                                                                                                    16
   11   12   13   14   15   16   17   18   19   20