Security Advisories

Please see Security Advisories for the week ending January 8, 2021 Mozilla Releases Security Updates for Firefox, Firefox for Android, and Firefox ESR Google Releases Security Updates for Chrome CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise ________________________________ Mozilla Releases Security Updates for Firefox, Firefox for Android, and Firefox ESR Situation Mozilla has found vulnerabilities and released security updates for Firefox, Firefox for Android, and… Read More

Please see Security Advisories for the week ending January 1, 2021 Zyxel releases firmware update for hardcoded credential vulnerability Google Revealed Sickly Patched Windows Zero-Day Vulnerability ________________________________ Zyxel releases firmware update for hardcoded credential vulnerability Situation Over 100,000 Zyxel firewalls, VPN gateways, and access point controllers are vulnerable due to a secret hardcoded administrative backdoor account used to update the devices firmware. Problem This vulnerability is due to a hardcoded credential for an… Read More

Please note: This vulnerability affects NetBackup customers on Windows Only Veritas OpenSSL Vulnerability in NetBackup and OpsCenter for Windows Situation Veritas has found a vulnerability in NetBackup and OpsCenter that could allow attackers to remotely run code as administrator Problem Veritas has found 2 potential vulnerabilities in NetBackup and OpsCenter that could allow remote attackers to exploit the vulnerabilities, and remotely compromise the system by running programs as administrator. The first… Read More

Please see Security Advisories for the week ending December 18, 2020 Critical Advisory: Zero-Day Vulnerability in HPE Systems Insight Manager Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird Apple Releases Security Updates for Multiple Products ________________________________ Critical Advisory: Zero-Day Vulnerability in HPE Systems Insight Manager Situation A zero-day exploit was found in HPE System Insight Manager software from Hewlett Packard a advisory was written and released detailing the exploit… Read More

CRITICAL Advisory: Active Exploitation of SolarWinds Orion Software Observed in the Wild Situation SolarWinds has found highly sophisticated, manual exploitations for versions 2019.4 to 2020.2.1 of SolarWinds Orion products. This attack is extremely targeted and manually executed and is likely performed by a nation state. Problem The threat actor primarily leverages a malware commonly known as SUNBURST to conduct a global supply-chain attack against the SolarWinds Orion platform. Implication The… Read More

Please see Security Advisories for the week ending December 11, 2020 Active Exploitation of SolarWinds Software Observed in the Wild Cisco Releases Security Updates for Jabber Desktop and Mobile Client Software Adobe has releases security updates for multiple products Palo Alto Networks has published 3 new Security Advisories CERT/CC Releases Information on Vulnerabilities Affecting Open-Source TCP/IP Stacks OpenSSL Releases Security Update Microsoft Releases December 2020 Security Updates SAP Releases December 2020… Read More

Security Advisory: FireEye Hacked: what have we done We have been investigating the impact and implications of the recent FireEye Hack, which resulted in the bad actors absconding with the FireEye Red Team Tools. Our product team has combed through the findings from FireEye and have implemented appropriate countermeasures. I would like to S.P.I.N. * the situation for you. Situation There’s a lot of press about this event which outlines the… Read More

CRITICAL: Fortinet VPN Vulnerability Actively Being Exploited Situation A Fortinet VPN vulnerability (CVE-2018-13379) has been seen actively being exploited to steal VPN credentials. Problem The vulnerability (CVE-2018-13379) is a path traversal flaw impacting a large number of unpatched Fortinet FortiOS SSL VPN devices. This vulnerability can allow unauthenticated remote attackers access to system files via specially crafted HTTP requests. An exploit has been posted by a hacker that lets an attacker access… Read More

Please see Security Advisories for the week ending December 4, 2020 Apache Releases Security Advisory for Apache Tomcat Mozilla Releases Security Update for Thunderbird VMware Releases Security Updates for several products Apple Releases Security Updates for iCloud for Windows Xerox Releases Security Updates for DocuShare ________________________________ Apache Releases Security Advisory for Apache Tomcat Situation Apache has released a security advisory addressing a bug in Apache Tomcat. Affected versions: Apache Tomcat 10.0.0-M1… Read More