Page 20 - Threat Intelligence 11-15-2019
P. 20

Cisco Releases Security Updates
             Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker
             could exploit some of these vulnerabilities to take control of an affected system. For updates
             addressing lower severity vulnerabilities see the Cisco Security Advisories webpage.
             The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to
             review the following Cisco advisories and apply the necessary updates:
                    • Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code
                       Execution Vulnerability
                    • Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325
                       Command Injection Vulnerability
                    • Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service
                       Vulnerabilities
                    • Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software
                       Privilege Escalation Vulnerability
                    • Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution
                       Vulnerabilities
                    • Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability
                    • Cisco Web Security Appliance Unauthorized Device Reset Vulnerability


             Holiday Shopping, Phishing, and Malware Scams
             As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency (CISA)
             encourages users to be aware of potential holiday scams and malicious cyber campaigns,
             particularly when browsing or shopping online. Cyber actors may send emails and ecards containing
             malicious links or attachments infected with malware or may send spoofed emails requesting
             support for fraudulent charities or causes. CISA encourages users to remain vigilant and take the
             following precautions:
                    •    Avoid clicking on links in unsolicited emails and be wary of email attachments (see
                         Using Caution with Email Attachments and Avoiding Social Engineering and Phishing
                         Scams).
                    •    Use caution when shopping online (see Shopping Safely Online).
                    •    Verify a charity’s authenticity before making donations. Review the Federal Trade
                         Commission's page on Charity Scams for more information.


             Vulnerabilities and Indicators of Compromise



                    ➢ Weekly Vulnerability Summary from US-CERT
                    ➢ Talos weekly alerts
                    ➢ Due to the high amounts of new vulnerabilities in the past 60 days, please request IOCs
                       from us if you need them.










                                              “Email-based threats are among the oldest, most pervasive, and widespread

                                             cybersecurity threats hitting organizations worldwide,” Chris Dawson, Threat
                                                                                           Intelligence Lead at Proofpoint,
   15   16   17   18   19   20   21   22   23