Security Advisories

Please see Security Advisories for the week ending October 16, 2020 NCSC Releases Alert on Microsoft SharePoint Vulnerability Adobe Releases Security Updates for Magento Microsoft Addresses Windows TCP/IP RCE/DoS Vulnerability Juniper Networks Releases Security Updates for Multiple Products Apache Releases Security Updates for Apache Tomcat SAP Releases October 2020 Security Updates Microsoft Releases October 2020 Security Updates QNAP Releases Security Updates for QNAP Helpdesk ________________________________ NCSC Releases Alert on Microsoft SharePoint Vulnerability… Read More

AgeLocker Ransomware Targeting QNAP NAS Devices Situation The AgeLocker ransomware has been reported to target QNAP NAS, Linux, and macOS devices. Problem Researchers found that no unpatched vulnerability has been exploited in the use of AgeLocker ransomware attack, whereas all the known affected QNAP NAS Devices, where running older versions of QNAP QTS, needs to be updated. Additionally QNAP Product Security Incident Response Team (PSIRT) has also found evidence that the ransomware may… Read More

Please see Security Advisories for the week ending September 25, 2020 Apple Releases Security Updates Cisco Releases Security Updates for Multiple Products Mozilla Releases Security Updates for Firefox and Firefox ESR LokiBot Malware on The Rise ________________________________ Apple Releases Security Updates Situation Apple has released security updates to address vulnerabilities in multiple products including:  macOS Catalina, Mojave, and High Sierra. Problem Apple has identified several security vulnerabilities for its products that a… Read More

Please see Security Advisories for the week ending September 18, 2020 Please note CRITICAL advisories below: Exploit for Netlogon Remote Protocol Vulnerability, Zerologon (CVE-2020-1472) Samba Releases Security Update for CVE-2020-1472 (ZeroLogon) Drupal Releases Security Updates for Multiple Products Adobe Releases Security Update for Adobe Media Encoder Iran-Based Threat Actor Exploits VPN Vulnerabilities ________________________________ Exploit for Netlogon Remote Protocol Vulnerability, Zerologon (CVE-2020-1472) Situation Microsoft has patched a severe bug in August 2020 patch release… Read More

CRITICAL: Vulnerability in Microsoft Windows Netlogon Remote Protocol Situation Microsoft has discovered and patched vulnerabilities for its Microsoft Windows Netlogon Remote Protocol (MS-NRPC). Problem Microsoft Windows Netlogon Remote Protocol (MS-NRPC) reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and potentially obtain domain administrator privileges. Implication  An unauthenticated attacker with network access to a domain… Read More

Please see Security Advisories for the week ending September 11, 2020 Palo Alto Networks Security Advisories – September 2020 Adobe Releases Security Updates for Several Products Google Releases Security Updates for Chrome version 85.0.4183.102 Microsoft Releases September 2020 Security Updates ________________________________ Palo Alto Networks Security Advisories – September 2020 Situation Palo Alto Networks has discovered and patched several vulnerabilities for its PAN-OS, from one Critical to several Highs. Problem A critical… Read More

Please see Security Advisories for the week ending September 4, 2020 Cisco Releases Security Updates for Multiple Products WordPress File Manager Plugin Under Active Exploitation ________________________________ Cisco Releases Security Updates for Multiple Products Situation Cisco has released multiple security patches in several of their products where they found vulnerabilities where attackers could remotely attack and take control of the product or devices. Problem Cisco has found vulnerabilities in the following products… Read More

Cisco IOS XR Zero-Day Vulnerability Being Exploited in the Wild Situation Cisco has found multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. The vulnerability can allow a remote attacker to perform a denial of service (DoS) attack. This vulnerability has been seen currently being exploited in the wild. Problem The vulnerabilities exist due to insufficient queue management for the Internet Group Management Protocol… Read More

Please see Security Advisories for the week ending August 28, 2020 Cisco Releases Security Updates for Multiple Products Security Updates Released for Firefox, Firefox ESR, and Thunderbird Security Update for Chrome version 85.0.4183.83 ________________________________ Cisco Releases Security Updates for Multiple Products Situation Cisco has identified multiple vulnerabilities in their product environments which could be exploited if not patched. Problem Cisco has identified several vulnerabilities that if exploited may allow attackers to remotely… Read More

Please see Security Advisories for the week ending August 21, 2020 Security Advisories Released for BIND Cisco Releases Security Updates for Multiple Products Security Update for Chrome North Korean Malicious Cyber Activity Actifio Connector Vulnerability ________________________________ Security Advisories Released for BIND Situation The Internet Systems Consortium (ISC) has discovered and patched vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). Problem The ISC has identified and patched vulnerabilities affecting multiple… Read More