NCCIC will conduct a series of webinars on Russian government cyber activity against critical infrastructure (as detailed in NCCIC Alert TA18-074A), which will feature NCCIC subject matter experts discussing recent cybersecurity incidents, mitigation techniques, and resources that are available to help protect critical assets.

The same webinar will be held from 1-2:30 p.m. ET on the dates listed below:

• Monday, July 23
• Wednesday, July 25
• Monday, July 30
• Wednesday, August 1

NCCIC encourages users and administrators to attend one of the webinar sessions by visiting https://share.dhs.gov/nccicbriefings or dialing 1-888-221-6227. Attendees may access the webinar as a guest on the day of each event; a registered account is not required for attendees to join.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts website and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Oracle has released its Critical Patch Update for July 2018 to address 334 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Oracle July 2018 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

The Federal Trade Commission has released an alert on tech support scams. Scammers use pop-up messages, websites, emails, and phone calls to entice users to pay for fraudulent tech support services to repair problems that don’t exist. Users should not pay or give control of their devices to any stranger offering to fix problems. 

NCCIC encourages users and administrators to refer to the FTC Alert and the NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you are a victim of a tech support scam, file a complaint at www.FTC.gov/complaint.

This product is provided subject to this Notification and this Privacy & Use policy.

The Internet Crime Complaint Center (IC3) has released an alert on business email compromise scams. This type of scam targets businesses and individuals by using social engineering or computer intrusion to compromise legitimate email accounts and conduct unauthorized fund transfers or obtain personally identifiable information.

NCCIC encourages businesses and individuals to refer to the IC3 Alert and the NCCIC Tip on Avoiding Social Engineering and Phishing Attacks.

This product is provided subject to this Notification and this Privacy & Use policy.

Juniper Networks has released security updates to address vulnerabilities affecting multiple Junos OS versions. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Juniper Security Advisories website and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

The Internet Systems Consortium (ISC) has released a security advisory that addresses a memory leak vulnerability in Kea DHCP 1.4.0. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

NCCIC encourages users and administrators to review ISC Knowledge Base Article AA-01626 and apply the necessary update or workaround.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

• IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Web UI Command Injection Vulnerability cisco-sa-20180711-phone-webui-inject
• StarOS IPv4 Fragmentation Denial-of-Service Vulnerability cisco-sa-20180711-staros-dos

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Microsoft’s July 2018 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader, Adobe Flash Player, Adobe Connect, and Adobe Experience Manager. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.   

NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-21, APSB18-24, APSB18-22, and APSB18-23 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.