Security Advisories

Please see Security Advisories for the week ending February 5, 2021 Critical – Three More Potential Vulnerabilities Found in SolarWinds Software Critical – SonicWall Zero-Day Vulnerability Is Being Exploited in the Wild Sudo Heap-Based Buffer Overflow Vulnerability Allows Root Privileges Apple Releases Security Updates for MacOS Cisco Releases Security Updates for Several Products Google Releases Security Updates for Chrome ________________________________ Three More Potential Vulnerabilities Found in SolarWinds Software Situation SpiderLabs at Trustwave… Read More

Please see Security Advisories for the week ending January 22, 2021 Oracle Releases January 2021 Security Bulletin Drupal Releases Security Updates for Multiple Products Google Releases Security Updates for Chrome Cisco Releases Advisories for Multiple Products ________________________________ Oracle Releases January 2021 Security Bulletin Situation Oracle has released security updates for their products. These updates address 329 vulnerabilities across multiple products. Problem Oracle has patched a large number of severe vulnerabilities in… Read More

Please see Security Advisories for the week ending January 22, 2021 Oracle Releases January 2021 Security Bulletin Drupal Releases Security Updates for Multiple Products Google Releases Security Updates for Chrome Cisco Releases Advisories for Multiple Products ________________________________ Oracle Releases January 2021 Security Bulletin Situation Oracle has released security updates for their products. These updates address 329 vulnerabilities across multiple products. Problem Oracle has patched a large number of severe vulnerabilities in… Read More

Please see Security Advisories for the week ending January 15, 2021 Microsoft Releases January 2021 Security Updates Cisco Releases Security Updates for Multiple Products Apache Releases Security Advisory for Tomcat Juniper Networks Releases Security Updates for Multiple Products Adobe Releases Security Updates for Multiple Products Mozilla Releases Security Update for Thunderbird SAP Releases January 2021 Security Updates ________________________________ Microsoft Releases January 2021 Security Updates Situation Microsoft has released its monthly security… Read More

Please see Security Advisories for the week ending January 8, 2021 Mozilla Releases Security Updates for Firefox, Firefox for Android, and Firefox ESR Google Releases Security Updates for Chrome CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise ________________________________ Mozilla Releases Security Updates for Firefox, Firefox for Android, and Firefox ESR Situation Mozilla has found vulnerabilities and released security updates for Firefox, Firefox for Android, and… Read More

Please see Security Advisories for the week ending January 1, 2021 Zyxel releases firmware update for hardcoded credential vulnerability Google Revealed Sickly Patched Windows Zero-Day Vulnerability ________________________________ Zyxel releases firmware update for hardcoded credential vulnerability Situation Over 100,000 Zyxel firewalls, VPN gateways, and access point controllers are vulnerable due to a secret hardcoded administrative backdoor account used to update the devices firmware. Problem This vulnerability is due to a hardcoded credential for an… Read More

Please note: This vulnerability affects NetBackup customers on Windows Only Veritas OpenSSL Vulnerability in NetBackup and OpsCenter for Windows Situation Veritas has found a vulnerability in NetBackup and OpsCenter that could allow attackers to remotely run code as administrator Problem Veritas has found 2 potential vulnerabilities in NetBackup and OpsCenter that could allow remote attackers to exploit the vulnerabilities, and remotely compromise the system by running programs as administrator. The first… Read More

Please see Security Advisories for the week ending December 18, 2020 Critical Advisory: Zero-Day Vulnerability in HPE Systems Insight Manager Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird Apple Releases Security Updates for Multiple Products ________________________________ Critical Advisory: Zero-Day Vulnerability in HPE Systems Insight Manager Situation A zero-day exploit was found in HPE System Insight Manager software from Hewlett Packard a advisory was written and released detailing the exploit… Read More

CRITICAL Advisory: Active Exploitation of SolarWinds Orion Software Observed in the Wild Situation SolarWinds has found highly sophisticated, manual exploitations for versions 2019.4 to 2020.2.1 of SolarWinds Orion products. This attack is extremely targeted and manually executed and is likely performed by a nation state. Problem The threat actor primarily leverages a malware commonly known as SUNBURST to conduct a global supply-chain attack against the SolarWinds Orion platform. Implication The… Read More

Please see Security Advisories for the week ending December 11, 2020 Active Exploitation of SolarWinds Software Observed in the Wild Cisco Releases Security Updates for Jabber Desktop and Mobile Client Software Adobe has releases security updates for multiple products Palo Alto Networks has published 3 new Security Advisories CERT/CC Releases Information on Vulnerabilities Affecting Open-Source TCP/IP Stacks OpenSSL Releases Security Update Microsoft Releases December 2020 Security Updates SAP Releases December 2020… Read More