Security Advisories

Please see Security Advisories for the week ending April 9, 2021 Critical Zoom vulnerability triggers remote code execution without user input Cisco Releases Security Updates for Multiple Products Malicious Cyber Activity Targeting Critical SAP Applications ________________________________ Critical Zoom vulnerability triggers remote code execution without user input Situation A zero-day vulnerability in Zoom was found during a Pwn2Own contest for white-hat professionals. Problem The researchers from Computest have found a three-bug attack… Read More

Please see Security Advisories for the week ending April 2, 2021 VMware Releases Security Update for VMware Carbon Black Cloud Workload VMware Releases Security Updates for Several Products FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities Google Releases Security Updates for Chrome Citrix Releases Security Updates for Hypervisor ________________________________ VMware Releases Security Update for VMware Carbon Black Cloud Workload Situation VMware has released security updates to address a vulnerability— CVE-2021-21982— in… Read More

Please see Security Advisories for the week ending March 26, 2021 OpenSSL Releases Security Update Samba Releases Security Updates Cisco Releases Security Updates for Cisco Small Business Routers Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird Adobe Releases Security Updates for ColdFusion ________________________________ OpenSSL Releases Security Update Situation OpenSSL has released a security update that affects all versions of 1.02 and 1.1.1 released before 1.1.1J. Problem A vulnerability was… Read More

Please see Security Advisories for the week ending March 19, 2021 Zero-Day in Google Chrome Browser Actively Exploited in the Wild Microsoft Releases Exchange On-premises Mitigation Tool Cisco Releases Security Updates for Several Products ________________________________ Zero-Day in Google Chrome Browser Actively Exploited in the Wild Situation On March 12, 2021 Google has released Chrome version 89.0.4389.90 for Windows, Mac, and Linux operating systems. Google is now aware of reports that one… Read More

Please see Security Advisories for the week ending March 12, 2021 Microsoft Releases March 2021 Security Updates Palo Alto Networks Security Advisories – March 2021 F5 Security Advisory for RCE Vulnerabilities in BIG-IP, BIG-IQ Apple Releases Security Updates for WebKit Updates on Microsoft Exchange Server Vulnerabilities SAP Releases March 2021 Security Updates ________________________________ Microsoft Releases March 2021 Security Updates Situation Microsoft has released its monthly security updates for March 2021. These… Read More

CRITICAL Advisory: At least 30,000 US Organizations Hacked via Microsoft Exchange Bug Situation An unusually aggressive Chinese cyber espionage unit is targeting Microsoft Exchange Server to grab email and corporate data from Internet facing systems. Problem Microsoft identified four zero-day vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) that allows hackers to gain access to Microsoft Exchange servers, steal email, and plant further malware for increased access to the network. For the attack to work,… Read More

CRITICAL Advisory: Microsoft Releases Out-of-Band Security Updates for Actively Exploited Exchange Server Zero-Day Bugs Situation Microsoft has released out-of-band security updates to address four zero-day vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) affecting Microsoft Exchange Server 2013, 2016, and 2019. These vulnerabilities have been seen being exploited in the wild. Problem These four zero-day vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) have been seen chained together to gain access to Microsoft Exchange… Read More

Please see Security Advisories for the week ending February 26, 2021 Critical: SolarWinds New Digital Code-Signing Certificate Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox SonicWall Releases Additional Patches for SMA 100 Series ________________________________ Critical: SolarWinds New Digital Code-Signing Certificate Situation SolarWinds is re-signing digital code-signing certificate for multiple products. SolarWinds uses a digital code-signing certificate to digitally sign each software build, to help end users authenticate the code…. Read More

Please see Security Advisories for the week ending February 19, 2021 Microsoft Releases February 2021 Security Updates Google Releases Security Updates for Chrome North Korean Malicious Cyber Activity – AppleJeus ________________________________ Microsoft Releases February 2021 Security Updates Situation Microsoft has released its monthly security updates for February 2021. These updates address vulnerabilities in the following Microsoft software: Windows Console Driver Windows Defender Role: DNS Server Role: Hyper-V .NET Core .NET Framework… Read More

Please see Security Advisories for the week ending February 12, 2021 Microsoft Releases February 2021 Security Updates Windows Win32k privilege escalation currently being exploited in the wild Adobe Releases Security Updates in Several Products Mozilla Releases Security Updates for Firefox and Firefox ESR in Windows Microsoft Launches Phase 2 Mitigation for Netlogon Remote Code Execution Vulnerability (CVE-2020-1472) ________________________________ Microsoft Releases February 2021 Security Updates Situation Microsoft has released multiple patches to… Read More