Securing the Nation's Digital Infrastructure

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. TTCSIRT strongly encourages users and administrators to review the following releases from Adobe and implement the necessary remediation actions: APSB19-55: Adobe Acrobat and Reader https://helpx.adobe.com/security/products/acrobat/apsb19-55.html   APSB19-56: Adobe …

Sophos has released technical details and indicators of compromise for the ransomware variant known as Snatch. Researchers have been investigating an ongoing series of ransomware attacks in which the ransomware executable forces the Windows machine to reboot into Safe Mode before beginning the encryption process. The attackers may be using this technique to circumvent endpoint …

VMware has released security updates to address a critical vulnerability in ESXi and Horizon DaaS. An attacker could exploit this vulnerability to take control of an affected system. TTCSIRT encourages users and administrators to review the following release from VMware and apply the necessary solutions: https://www.vmware.com/security/advisories/VMSA-2019-0022.html

Zscaler has reported a phishing campaign that is abusing Appspot.com and Web.app; both legitimate domains associated with Google Cloud. The campaign deploys well-executed landing pages that spoof the two widely used sites. TTCSIRT strongly encourages administrators to review the following report from Zscaler and blacklist the listed domains and URLs: https://www.zscaler.com/blogs/research/phishing-attacks-abusing-appspotcom-and-webapp-domains-google-cloud

Please be advised that VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. TTCSIRT encourages users and administrators to review the following releases from VMware and apply the necessary solutions: VMSA-2019-0020 – VMware ESXi, Workstation, and …

Intel has released security updates to address 68 vulnerabilities across multiple products. TTCSIRT encourages users and administrators to review the following releases from Intel and apply the necessary security updates: INTEL-SA-00313 – BMC – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html INTEL-SA-00280 – UEFI – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00280.html INTEL-SA-00220 – SGX and TXT – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html INTEL-SA-00240 – Processor Security – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html INTEL-SA-00241 – …

Today Microsoft’s Patch Tuesday! Microsoft has released their monthly security updates for all supported Windows systems. TTCSIRT encourages users and administrators to update their systems. Visit the following link or more details on the vulnerabilities and issues addressed in this month’s Patch Tuesday: https://portal.msrc.microsoft.com/en-us/security-guidance   As a reminder, there are now 69 days until 20/1/20, …

In light of the ongoing Emotet malware campaign and the reports of threat actors exploiting the BlueKeep vulnerability, TTCSIRT has developed the following response plan in the event your organization becomes infected with ransomware: Isolate the infected computer(s) immediately – Infected systems should be removed from the network as soon as possible to prevent the …

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. TTCSIRT encourages users and administrators to review the following releases from Cisco and apply the necessary solutions. Issues addressed include the following high level vulnerabilities: CVE-2019-15958 – …