June 1 marks the official start of the 2020 Atlantic hurricane season. The Cybersecurity and Infrastructure Security Agency (CISA) warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.

To avoid becoming victims of malicious activity, users and administrators should review the following resources and take preventative measures.

• Staying Alert to Disaster-related Scams
• Before Giving to a Charity
• Staying Safe on Social Networking Sites
• Avoiding Social Engineering and Phishing Attacks
• Using Caution with Email Attachments

If you believe you have been a victim of cybercrime, file a complaint with the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) at www.ic3.gov.

VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory VMSA-2020-0011 and apply the necessary updates.

Cisco has released security updates to address SaltStack FrameWork vulnerabilities in Cisco Modeling Labs Corporate Edition (CML) and Virtual Internet Routing Lab Personal Edition (VIRL-PE). A remote attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates or workaround.

The National Security Agency (NSA) has released a cybersecurity advisory on Russian advanced persistent threat (APT) group Sandworm exploiting a vulnerability—CVE-2019-10149—in Exim Mail Transfer Agent (MTA) software. An unauthenticated remote attacker can use this vulnerability to send a specially crafted email to execute commands with root privileges, allowing the attacker to install programs, modify data, and create new accounts.

Although Exim released a security update for the MTA vulnerability in June 2019, Sandworm cyber actors have been exploiting this vulnerability in unpatched Exim servers since at least August 2019 according NSA’s advisory, which provides indicators of compromise and mitigations to detect and block exploit attempts.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to upgrade to the latest version of Exim and review NSA’s Advisory: Exim Mail Transfer Agent Actively Exploited by Russian GRU Cyber Actors and Exim’s page on CVE-2019-10149 for more information.

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

• macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra
• Windows Migration Assistant 2.2.0.0
• Safari 13.1.1
• iCloud for Windows 11.2
• iCloud for Windows 7.19

Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). A remote attacker could exploit this vulnerability to write files to arbitrary locations and gain elevated privileges.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Security Advisory for CVE-2020-1195 and apply the necessary update.

Cisco has released security updates to address vulnerabilities in Unified CCX software and Prime Network Registrar. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

• Unified Contact Center Express Remote Code Execution Vulnerability cisco-sa-uccx-rce-GMSC6RKN
• Prime Network Registrar DHCP Denial-of-Service Vulnerability cisco-sa-cpnr-dhcp-dos-BkEZfhLP

For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page.

The Australian Cyber Security Centre (ACSC) has released a summary of trends for 2019-2020 outlining tactics, techniques, and procedures (TTPs) used by cyber criminals and advanced persistent threat (APT) groups to target Australian networks. ACSC uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework to identify notable adversary TTPs.  

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review ACSC’s Summary of Tradecraft Trends for 2019-20: Tactics, Techniques and Procedures Used to Target Australian Networks and MITRE’s ATT&CK for Enterprise framework for more information.

The Cybersecurity and Infrastructure Security Agency (CISA), the Department of Energy (DOE), and the UK's National Cyber Security Centre (NCSC) have released Cybersecurity Best Practices for Industrial Control Systems, an infographic providing recommended cybersecurity practices for industrial control systems (ICS). The two-page infographic summarizes common ICS risk considerations, short- and long-term cybersecurity event impacts, best practices to defend ICS processes, and highlights NCSC's product on Secure Design Principles and Operational Technology.

CISA, DOE, and NCSC encourage users to review Cybersecurity Best Practices for Industrial Control Systems. For more in-depth information, visit CISA’s ICS Recommended Practices webpage and DOE's Cybersecurity Capability Maturity Model (C2M2) Program webpage. For information on CISA Assessments, visit https://www.cisa.gov/cyber-resource-hub.

Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.7, and 8.8. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal Advisories SA-CORE-2020-002 and SA-CORE-2020-003 for more information and to apply the necessary updates.