Security Advisories

Please see Security Advisories for the week ending June 12, 2020 WordPress Security Update IC3 Releases Alert on Mobile Banking Apps VMware Horizon Client for Windows Security Update Adobe Security Updates for Flash Player, Experience Manager, and FrameMaker Microsoft June 2020 Security Updates CallStranger Vulnerability in Universal Plug and Play Protocol ________________________________ WordPress Security Update Situation The WordPress Foundation has discovered and patched several security vulnerabilities in WordPress. Problem The WordPress Foundation… Read More

Please see Security Advisories for the week ending June 5, 2020 MacOS Catalina & Mojave & High Sierra Security Updates Hurricane Related Scams Apple Security Update for Mac, iOS, iPadOS, watchOS, tvOS Cisco Security Updates for NX-OS Software Mozilla Releases Security Updates for Firefox and Firefox ESR Google Releases Security Updates for Chrome Cisco IOx and IOS XE Software Security Updates ________________________________ MacOS Catalina, Mojave and High Sierra Security Updates Situation Apple has… Read More

Please see Security Advisories for the week ending May 15, 2020 New Variant of Dark Crystal RAT Discovered Microsoft Releases May 2020 Security Updates Increase in North Korean Malicious Cyber Activity Adobe Releases Security Updates for Adobe DNG Software Development Kit, Acrobat, and Reader Vulnerabilities Discovered in VMware vRealize Operations Manager (vROps) ________________________________ New Variant of Dark Crystal RAT Discovered Situation FireEye has discovered a new variant of Dark Crystal RAT (DCRat)… Read More

Security Advisory:  NSA, ASD Release Information for Mitigating Web Shell Malware Situation The NSA (U.S National Security Agency) and ASD (Australian Signals Directorate) have released a Cyber Security information sheet to help detect and mitigate web shell malware attacks. Cybercriminals are increasingly using web shell malware on webservers to access and compromise networks and their data. Problem There is a large increase in Web shell malware attacks on web servers… Read More

Cisco Security seeing Uptick in WebEx Phishing Situation Cisco Security is seeing a uptick in reported phishing emails requesting users to update their Cisco WebEx client immediately to secure a vulnerability. Problem Cyber threat actors are using new and targeted attempts, even obfuscating their intent with reporting real vulnerabilities in their phishing emails, attempting to steal user credentials by making them believe they are vulnerable and need to login to… Read More

Situation VMware has found a vulnerability in its Directory Service (VMDIR) where an attacker could exploit this vulnerability and take control of an affected system. VMware has listed this as article VMSA-2020-0006 and has been listed it as CVE-2020-3952. This vulnerability impacts VMware vCenter Server platforms. Problem VMware has found that under certain conditions VMDIR that ships with VMware vCenter Server does not correctly implement access controls. Implication  This vulnerability could allow an… Read More

Mozilla Releases Security Updates for  Firefox Situation Mozilla has released a security advisory about two security vulnerabilities fixed in Firefox 75 and Firefox ESR 68.7 running on the Windows, macOS and Linux operating system. Problem Two use-after-free security vulnerabilities (CVE-2020-6819 and CVE-2020-6820) have been found affecting Firefox and Firefox ESR. Both of these vulnerabilities have been seen currently being exploited in the wild. The first vulnerability CVE-2020-6819 is caused by the running… Read More

Google Releases Security Update for Chrome browser  Situation Google has recently released a security update for their Chrome browser version 80.0.3987.162 for Windows, Mac, and Linux systems. This version addresses vulnerabilities that could allow an attacker to take control of an affected system. Problem There was a total of eight security vulnerabilities fixed on the Google Chrome browser. With the most severe of these being two use after free vulnerabilities found in the… Read More

Situation PhishLabs has seen an increase in threat actors impersonating key public health organizations and agencies to phish victims for-profit and malware exploitation. Problem PhishLabs has seen four separate phishing campaigns using the World Health Organization (WHO) and the Center for Disease Control (CDC) name. In the first campaign, the sender uses SendGrid to distribute a fake national health center email address. The link in the message claims to provide… Read More

COVID-19 Used To Hide Distribution of Cerberus Situation Hackers are using the COVID-19 Pandemic to spread malware and trojans, specifically using a trojan called Cerberus to public phone and tablet devices. This type of attack could potentially infect and compromise thousands of machines. This trojan is used to steal Credit Card numbers and personal user data from these devices. Problem This type of trojan will attempt to install itself from a webpage, link, or by opening… Read More