Cisco has released security updates to address a vulnerability affecting Cisco Webex Meetings Suite and Cisco Webex Meetings Online. A remote attacker could exploit this vulnerability to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Cisco Security Advisory cisco-sa-20200124-webex-unauthjoin for more information.

The National Security Agency (NSA) has released an information sheet with guidance on mitigating cloud vulnerabilities. NSA identifies cloud security components and discusses threat actors, cloud vulnerabilities, and potential mitigation measures.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to review NSA's guidance on Mitigating Cloud Vulnerabilities and CISA’s page on APTs Targeting IT Service Provider Customers and Analysis Report on Microsoft Office 365 and other Cloud Security Observations for information on implementing a defense-in-depth strategy to protect infrastructure assets.

Citrix has released security updates to address the CVE-2019-19781 vulnerability in Citrix SD-WAN WANOP. An attacker could exploit this vulnerability to take control of an affected system. Citrix has also released an Indicators of Compromise Scanner that aims to identify evidence of successful exploitation of CVE-2019-19781.

The Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends users and administrators review the Citrix Security Bulletin CTX267027 and apply the necessary updates. CISA also recommends users and administrators:

• Run the Indicators of Compromise Scanner;
• Review the Citrix article on CVE-2019-19781: Fixes now available for Citrix SD-WAN WANOP, published January 23, 2020; and
• Review CISA’s Activity Alert on Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP.

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

• Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass Vulnerability cisco-sa-20200122-fmc-auth
• TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability cisco-sa-telepresence-path-tr-wdrnYEZZ
• IOS XE SD-WAN Software Default Credentials Vulnerability cisco-sa-sd-wan-cred-EVGSF259
• SD-WAN Solution Local Privilege Escalation Vulnerability cisco-sa-20200122-sdwan-priv-esc
• Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability cisco-sa-20200122-on-prem-dos
• IOS XR Software EVPN Operational Routes Denial of Service Vulnerability cisco-sa-20200122-ios-xr-routes
• IOS XR Software BGP EVPN Denial of Service Vulnerabilities cisco-sa-20200122-ios-xr-evpn
• IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability cisco-sa-20200122-ios-xr-dos
  

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet primarily spreads via malicious email attachments and attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. If successful, an attacker could use an Emotet infection to obtain sensitive information. Such an attack could result in proprietary information and financial loss as well as disruption to operations and harm to reputation.

CISA recommends users and administrator adhere to the following best practices to defend against Emotet. See CISA’s Alert on Emotet Malware for detailed guidance.

• Block email attachments commonly associated with malware (e.g.,.dll and .exe).
• Block email attachments that cannot be scanned by antivirus software (e.g., .zip files).
• Implement Group Policy Object and firewall rules.
• Implement an antivirus program and a formalized patch management process.
• Implement filters at the email gateway, and block suspicious IP addresses at the firewall.
• Adhere to the principle of least privilege.
• Implement a Domain-Based Message Authentication, Reporting & Conformance (DMARC) validation system.
• Segment and segregate networks and functions. 
• Limit unnecessary lateral communications.

CISA encourages users and administrators to review the following resources for information about defending against Emotet and other malware.

• CISA Alert Emotet Malware
• Australian Cyber Security Centre (ACSC) Advisory Emotet Malware Campaign
• CISA Tip Protecting Against Malicious Code

The Internet Crime Complaint Center (IC3) has issued an alert warning consumers of fake jobs and hiring scams targeting applicants’ personally identifiable information (PII). Cyber criminals posing as legitimate employers spoof company websites and post fake job openings to lure victims. Cyber criminals will conduct fake interviews and even offer positions to victims before requesting PII such as Social Security numbers and bank account information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the IC3 Alert and CISA’s Tips on Avoiding Social Engineering and Phishing Attacks and Website Security for more information. If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov.

Protect personal and organizational public-facing websites from defacement, data breaches, and other types of cyberattacks by following cybersecurity best practices. The Cybersecurity and Information Security Agency (CISA) encourages users and administrators to review CISA’s updated Tip on Website Security and take the necessary steps to protect against website attacks.   

For more information, review:

• CISA Insight: Enhance Email and Web Security,  
• National Institute of Standards and Technology (NIST) Special Publication (SP) 800-44: Guidelines on Securing Public Web Servers, and  
• NIST SP 800-95: Guide to Secure Web Services.

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-14902, CVE-2019-14907, and CVE-2019-19344 and apply the necessary updates and workarounds.

Citrix has released an article with updates on CVE-2019-19781, a vulnerability affecting Citrix Application Delivery Controller (ADC) and Citrix Gateway. This vulnerability also affects Citrix SD-WAN WANOP product versions 10.2.6 and version 11.0.3. The article includes updated mitigations for Citrix ADC and Citrix Gateway Release 12.1 build 50.28. An attacker could exploit CVE-2019-19781 to take control of an affected system. Citrix plans to begin releasing security updates for affected software starting January 20, 2020.

The Cybersecurity and Infrastructure Security Agency (CISA) recommends users and administrators:

• Review the Citrix article on updates on Citrix ADC, Citrix Gateway vulnerability, published January 17, 2020;
• See Citrix Security Bulletin CTX267027 – Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance;
• Apply the recommended mitigations in CTX267679 – Mitigation Steps for CVE-2019-19781; and
• Verify the successful application of the above mitigations by using the tool in CTX269180 – CVE-2019-19781 – Verification ToolTest.

Microsoft has released a security advisory to address a critical vulnerability in Internet Explorer. A remote attacker could exploit this vulnerability to take control of an affected system. According to the advisory, “Microsoft is aware of limited targeted attacks.”

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Advisory ADV20001 and CERT/CC's Vulnerability Note VU#338824 for more information, implement workarounds, and apply updates when available. Consider using Microsoft Edge or an alternate browser until patches are made available.