Page 17 - Threat Intelligence 7-29-2019
P. 17

Cisco Releases Security Updates for Multiple Products
            Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote
            attacker could exploit some of these vulnerabilities to take control of an affected system. The
            Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review
            the following advisories and apply the necessary updates:
                   • Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability cisco-sa-
                      20190717-cvdsd-wmauth
                   • FindIT Network Management Software Static Credentials Vulnerability cisco-sa-20190717-
                      cfnm-statcred
                   • IOS Access Points Software 802.11r Fast Transition Denial-of-Service Vulnerability cisco-sa-
                      20190717-aironet-dos

            Oracle Releases July 2019 Security Bulletin
            Oracle has released its Critical Patch Update for July 2019 to address 319 vulnerabilities across multiple
            products. A remote attacker could exploit some of these vulnerabilities to take control of an affected
            system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and
            administrators to review the Oracle July 2019 Critical Patch Update and apply the necessary updates.


            Microsoft Releases Security Updates for PowerShell Core
            Microsoft has released updates to address a vulnerability in PowerShell Core versions 6.1 and 6.2. An
            attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and
            Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft
            Security Advisory and apply the necessary updates.




            Google Releases Security Updates for Chrome
            Google has released Chrome 75.0.3770.142 for Windows, Mac, and Linux. This version addresses a
            vulnerability that an attacker can exploit to take control of an affected system. The Cybersecurity and
            Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome
            Release and apply the necessary updates.


            Vulnerabilities and Indicators of Compromise



                   ➢ Weekly Vulnerability Summary from US-CERT
                   ➢ Talos weekly alerts
                   ➢ Trinity Miner using open ADB port to target IoT devices
                   ➢ Johannesburg Electricity Provider Falls Victim to Ransomware Attack
                   ➢ Chinese APT “Operation LagTime IT” Targets Government Information
                   ➢ Streaming Service Suffers 13-Day DDoS Siege by IoT Botnet
                   ➢ A new ProFTPD vulnerability exposes servers to hack





                                                                      “If you spend more on coffee than on IT

                                                              security, you will be hacked. What's more, you
                                                                                            deserve to be hacked”
                                                                                                  ― Richard Clarke
   12   13   14   15   16   17   18   19   20