From april at onenet.net Fri Jan 10 09:15:16 2020 From: april at onenet.net (Goode, April) Date: Fri, 10 Jan 2020 15:15:16 +0000 Subject: [CoIT-Security] Message from MS-ISAC and EI-ISAC: List of Common Vulnerabilities and Exposures (CVE) Associated with Malicious Iranian Actors - TLP: AMBER In-Reply-To: <6d83bb6cdfca420e81212a492fb55e8a@osrhe.edu> References: <48cc398a97be4180ac1539e14872e15c@cisecurity.org> <6d83bb6cdfca420e81212a492fb55e8a@osrhe.edu> Message-ID: <0cd35ef59012421ab07cb87f379116c7@onenet.net> Attn: CoIT Members & Cybersecurity Group (TLP: AMBER) *Do not forward outside of OSRHE/Higher Ed Forwarding an email from MS-ISAC covering Common Vulnerabilities and Exposures (CVE) associated with Malicious Iranian actors. Recommendation is to review and determine if you are vulnerable to CVE's listed below an prioritize remediation. Chris Kosciuk ckosciuk at osrhe.edu 405.225.9440 ------------------------------------------------------------------------------------------ TO: All MS-ISAC and EI-ISAC Members DATE: January 10, 2020 SUBJECT: List of Common Vulnerabilities and Exposures (CVE) Associated with Malicious Iranian Actors - TLP: AMBER Message from CISA below: TLP: AMBER The Cybersecurity and Infrastructure Security Agency (CISA) would like to provide the below list of Common Vulnerabilities and Exposures (CVE) Associated with Malicious Iranian Actors to our state and local partners: * CVE-2018-20250 * CVE-2017-11882 * CVE-2017-11774 * CVE-2017-0199 * CVE-2012-0158 These CVEs are known to have been used in cyber attacks by malicious actors affiliated with the Iranian state, based on analysis by a trusted third party. CISA encourages our SLTT partners to review the list, determine if they are vulnerable to any CVEs, and prioritize the mitigation of those vulnerabilities. Due to the sensitive nature of this information, please do not distribute outside of your organization. As always, to report an intrusion and request resources for incident response or technical assistance, contact CISA (CISAservicedesk at cisa.dhs.gov or 888-282-0870). Respectfully, The CISA SLTT Partnerships Team [CISA Wordmark CMYK 20181115_4 color seal with dk blue text] TLP: AMBER Limited Disclosure, restricted to participants' organizations. Recipients may only share TLP: AMBER information with members of their own organization, and with clients or customers who need to know the information to protect themselves or prevent further harm. https://www.us-cert.gov/tlp/ 24×7 Security Operations Center Multi-State Information Sharing and Analysis Center (MS-ISAC) Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) 31 Tech Valley Drive East Greenbush, NY 12061 SOC at cisecurity.org - 1-866-787-4722 [MS+EI emailsig at 2x] [cid:image002.png at 01D291DE.F838E090] [cid:image003.png at 01D291DE.F838E090] [cid:image004.png at 01D291DE.F838E090] [cid:image005.png at 01D291DE.F838E090] This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments. . . . . . -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 17601 bytes Desc: image001.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 15093 bytes Desc: image002.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.png Type: image/png Size: 1891 bytes Desc: image003.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image004.png Type: image/png Size: 2175 bytes Desc: image004.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image005.png Type: image/png Size: 1888 bytes Desc: image005.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image006.png Type: image/png Size: 2057 bytes Desc: image006.png URL: