<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.cs2654ae3a, li.cs2654ae3a, div.cs2654ae3a
{mso-style-name:cs2654ae3a;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.csce7b0ced1
{mso-style-name:csce7b0ced1;
font-family:"Arial",sans-serif;
color:black;
font-weight:normal;
font-style:normal;}
span.cs9ffcf3441
{mso-style-name:cs9ffcf3441;
font-family:"Arial",sans-serif;
color:blue;
font-weight:normal;
font-style:normal;
text-decoration:underline;}
span.cs7088c2d41
{mso-style-name:cs7088c2d41;
font-family:"Calibri",sans-serif;
color:#1F497D;
font-weight:normal;
font-style:normal;
text-decoration:underline;}
span.cs23fb06641
{mso-style-name:cs23fb06641;
font-family:"Times New Roman",serif;
color:black;
font-weight:normal;
font-style:normal;}
span.csb31e3c811
{mso-style-name:csb31e3c811;
font-family:"Times New Roman",serif;
color:#1F497D;
font-weight:normal;
font-style:normal;}
span.cs1befe4a51
{mso-style-name:cs1befe4a51;
font-family:"Times New Roman",serif;
color:blue;
font-weight:normal;
font-style:normal;
text-decoration:underline;}
span.cse8ac24f01
{mso-style-name:cse8ac24f01;
font-family:"Arial",sans-serif;
color:black;
font-weight:normal;
font-style:normal;}
span.EmailStyle27
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Additional mailing from CISA below:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:#1F497D">Thor Sage<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Executive Director<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Miami Valley Educational Computer Association<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">937-767-1468 x3101<o:p></o:p></span></p>
<p class="MsoNormal"><a href="http://www.mveca.org/"><span style="color:#1F497D;text-decoration:none"><img border="0" width="174" height="64" style="width:1.8125in;height:.6666in" id="Picture_x0020_1" src="cid:image002.jpg@01D83200.0F867B10" alt="http://www.mveca.org/images/logo.gif"></span></a><span style="color:#1F497D">
</span><a href="https://www.linkedin.com/company/mveca/"><span style="color:#1F497D;text-decoration:none"><img border="0" width="32" height="32" style="width:.3333in;height:.3333in" id="_x0000_i1027" src="cid:image003.jpg@01D83200.0F867B10" alt="i"></span></a><a href="https://twitter.com/mvecarcog"><span style="color:#1F497D;text-decoration:none"><img border="0" width="32" height="32" style="width:.3333in;height:.3333in" id="Picture_x0020_2" src="cid:image004.jpg@01D83200.0F867B10" alt="t"></span></a><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><i><span style="color:#1F497D">Not-for-profit Technology Services for Education and Local Governments<o:p></o:p></span></i></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
</div>
<div>
<p class="cs2654ae3a"><span class="csce7b0ced1"> </span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">News:</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-Some CONTI information has a stealthy backdoor to include that in github so be careful!</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-On March 3, CISA added a significant number of known exploited vulnerabilities (KEV) to its catalog, and, as directed in Binding Operational Directive (BOD) 22-01, federal agencies are required to mitigate these
vulnerabilities within a specified time frame but we HIGHLY encourage all entities to rectify as soon as possible. As America’s cyber defense agency, this is a key part of our mission to help our critical infrastructure partners reduce their risk to exploitation
by threat actors. (see attachment) </span><span class="cs9ffcf3441"><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">https://www.cisa.gov/known-exploited-vulnerabilities-catalog</a></span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-If you are worried about visibility into your environment, CISA offers CYHY services (free of charge vulnerability scans and web app scans).</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-MFA is another way to protect yourself from many attacks</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-HIVE decryption key flaw discovered in order to recover 92% of master key with decryption success rate of 72% of files
</span><span class="cs9ffcf3441"><a href="https://blog.malwarebytes.com/ransomware/2022/02/hive-ransomware-researchers-figure-out-a-method-to-decrypt-files/">https://blog.malwarebytes.com/ransomware/2022/02/hive-ransomware-researchers-figure-out-a-method-to-decrypt-files/</a></span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-Security researchers warn of phishing attempts against officials helping refugees (
</span><span class="cs9ffcf3441"><a href="https://www.zdnet.com/article/security-researchers-warn-of-phishing-attempts-against-officials-helping-refugees/">https://www.zdnet.com/article/security-researchers-warn-of-phishing-attempts-against-officials-helping-refugees/</a></span><span class="csce7b0ced1">
) </span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1"> </span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">Resources:</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-<a href="%20https:/www.cisa.gov/known-exploited-vulnerabilities-catalog"> https://www.cisa.gov/known-exploited-vulnerabilities-catalog</a></span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-<a href="%20https:/www.cisa.gov/uscert/sites/default/files/publications/AA22-057A_Destructive_Malware_Targeting_Organizations_in_Ukraine.pdf"> https://www.cisa.gov/uscert/sites/default/files/publications/AA22-057A_Destructive_Malware_Targeting_Organizations_in_Ukraine.pdf</a></span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1"> </span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">Important Vulnerabilities to address:</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-Cisco Releases Security Updates for Multiple Products
</span><span class="cs9ffcf3441"><a href="https://us-cert.cisa.gov/ncas/current-activity/2022/03/03/cisco-releases-security-updates-multiple-products">https://us-cert.cisa.gov/ncas/current-activity/2022/03/03/cisco-releases-security-updates-multiple-products</a></span><span class="csce7b0ced1">
</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-NSA Releases Network Infrastructure Security Guidance
</span><span class="cs9ffcf3441"><a href="https://us-cert.cisa.gov/ncas/current-activity/2022/03/03/nsa-releases-network-infrastructure-security-guidance">https://us-cert.cisa.gov/ncas/current-activity/2022/03/03/nsa-releases-network-infrastructure-security-guidance</a></span><span class="csce7b0ced1">
</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-Google Releases Security Updates for Chrome (<a href="https://www.cisa.gov/uscert/ncas/current-activity/2022/03/02/google-releases-security-updates-chrome">https://www.cisa.gov/uscert/ncas/current-activity/2022/03/02/google-releases-security-updates-chrome</a>
) </span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-BD Viper LT </span><span class="cs9ffcf3441"><a href="https://us-cert.cisa.gov/ics/advisories/icsma-22-062-02">https://us-cert.cisa.gov/ics/advisories/icsma-22-062-02</a></span><span class="csce7b0ced1">
</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-BD Pyxis </span><span class="cs9ffcf3441"><a href="https://us-cert.cisa.gov/ics/advisories/icsma-22-062-01">https://us-cert.cisa.gov/ics/advisories/icsma-22-062-01</a></span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1"> </span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">ALERTS & REPORTING: </span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-AGAIN don’t download the Conti info (some are at risk for stealthy backdoor)</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1"> </span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">CISA/MS-ISAC ALERTS: </span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-New Sandworm Malware Cyclops Blink Replaces VPNFilter
</span><span class="cs9ffcf3441"><a href="https://us-cert.cisa.gov/ncas/current-activity/2022/02/23/new-sandworm-malware-cyclops-blink-replaces-vpnfilter">https://us-cert.cisa.gov/ncas/current-activity/2022/02/23/new-sandworm-malware-cyclops-blink-replaces-vpnfilter</a></span><span class="csce7b0ced1">
</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1"> </span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">FBI-DHS-DOJ-OTHER ALERTS: </span>
<o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-Joint Advisory: AA22-057A_Destructive_Malware_Targeting_Organizations_in_Ukraine.pdf</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1"> </span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">Now to the good or interesting news:
</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">-AMERICAN CYBERSECURITY COMPANY EXPERIENCES IT’S INSIDER THREAT MOMENT
</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="cs9ffcf3441"><a href="https://securityboulevard.com/2022/01/teachable-moment-an-insider-threat-in-your-own-team/">https://securityboulevard.com/2022/01/teachable-moment-an-insider-threat-in-your-own-team/</a></span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1"> </span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">Currently the most actively exploited vulnerabilities:</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">CE-2017-11882 </span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">NO CHANGE (security updates available): Microsoft Office Memory
</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">Corruption Vulnerability </span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">CVE-2012-0158 MOVED TO 2ND (security update available): Windows Common Controls that allow Remote Code Execution</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">CVE-2018-11776 MOVED TO 3RD (mitigations listed at
</span><span class="cs9ffcf3441"><a href="http://cwe.mitre.org/data/definitions/20.html)">http://cwe.mitre.org/data/definitions/20.html)</a></span><span class="csce7b0ced1"> : Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from Remote Code Execution</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">CVE-2017-0199 NO CHANGE (The update addresses the vulnerability by correcting the way that Microsoft Office and WordPad parses specially crafted files, and by enabling API functionality in Windows that Microsoft
Office and WordPad will leverage to resolve the identified issue.) A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploited this vulnerability could take
control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">CVE-2017-8759 MOVED UP (The security update addresses the vulnerability by correcting how .NET validates untrusted input.) An unspecified vulnerability exists within the WSDL parser module in Microsoft .NET Framework
4.7 and earlier that, when exploited, allows an attacker to remotely execute arbitrary code.
</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">CVE-2014-1761 NEW! (security patch available: Microsoft MS14-017 Related Patches)
</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">An improper enforcement of a data structure vulnerability exists when handling RTF documents in Microsoft Word 2013 and earlier that, when exploited, allows an attacker to remotely execute arbitrary code. Exploit
code is publicly available. Further, Microsoft reports that the vulnerability is being exploited in the wild. Mitigation options include workarounds and a vendor fix.</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">CVE-2018-0802 NEW! (The security update addresses the vulnerability by removing Equation Editor functionality) A stack-based buffer overflow vulnerability exists in the font name component within the eqnedt32.exe
file in Microsoft Office 2016 and prior that, when exploited, allows an attacker to remotely execute arbitrary code. Proof-of-concept (PoC) code is publicly available and Microsoft reports there is exploitation in the wild. Mitigation options include a vendor
fix. Exploitation Rating: Confirmed</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">CVE-2010-3333 DROPPED (security update available – MS 10-087 patches and mitigation) Stack based buffer overflow in older versions of Microsoft Office
</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">Microsoft recommends the following workarounds as a technique to mitigate the possibility of exploitation:Read e-mails in plain text:Reading e-mail messages in plain text format can prevent the e-mail attack vector.For
complete details on how to implement this workaround, visit the following website: Microsoft Security AdvisoryUse Microsoft Office File Block policy:Use Microsoft Office File Block policy to block the opening of RTF documents from untrusted sources. For complete
details on how to implement this workaround, visit the following website: Microsoft Security Advisory</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1"> </span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1">*If you would like to be removed from this distro, please let me know. If you have candid feedback, I welcome that as well.
</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csce7b0ced1"> </span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="cs7088c2d41">________________________________________</span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="cs23fb06641"><span style="font-size:12.0pt">Very respectfully,</span></span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="csb31e3c811"><span style="font-size:12.0pt">Terin D. Williams</span></span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="cs23fb06641"><span style="font-size:12.0pt">Cybersecurity Advisor, Region 5 (OH)</span></span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="cs23fb06641"><span style="font-size:12.0pt">Cybersecurity and Infrastructure Security Agency </span></span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="cs23fb06641"><span style="font-size:12.0pt">614.314.7793 | </span></span><span class="cs1befe4a51"><span style="font-size:12.0pt"><a href="mailto:terin.williams@cisa.dhs.gov" target="_blank">terin.williams@cisa.dhs.gov</a></span></span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="cse8ac24f01"><span style="font-size:12.0pt"> </span></span><o:p></o:p></p>
<p class="cs2654ae3a"><span class="cse8ac24f01"><span style="font-size:12.0pt"><a href="https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisa.gov%2F&data=04%7C01%7Ced.weisenbach%40education.ohio.gov%7C4af489bb9342434d069508d8eee54c33%7C50f8fcc494d84f0784eb36ed57c7c8a2%7C0%7C0%7C637522015919357696%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lHyq1sZtgaST%2F6D6eTGtcofV6GA9pxLbASQzD1kNyVg%3D&reserved=0"><span style="color:black;text-decoration:none"><img border="0" width="98" height="98" style="width:1.0208in;height:1.0208in" id="_x0000_i1025" src="cid:image001.png@01D831F8.AAA12E90"></span></a></span></span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>