Security Advisories

Security Advisory: FireEye Hacked: what have we done We have been investigating the impact and implications of the recent FireEye Hack, which resulted in the bad actors absconding with the FireEye Red Team Tools. Our product team has combed through the findings from FireEye and have implemented appropriate countermeasures. I would like to S.P.I.N. * the situation for you. Situation There’s a lot of press about this event which outlines the… Read More

CRITICAL: Fortinet VPN Vulnerability Actively Being Exploited Situation A Fortinet VPN vulnerability (CVE-2018-13379) has been seen actively being exploited to steal VPN credentials. Problem The vulnerability (CVE-2018-13379) is a path traversal flaw impacting a large number of unpatched Fortinet FortiOS SSL VPN devices. This vulnerability can allow unauthenticated remote attackers access to system files via specially crafted HTTP requests. An exploit has been posted by a hacker that lets an attacker access… Read More

Please see Security Advisories for the week ending December 4, 2020 Apache Releases Security Advisory for Apache Tomcat Mozilla Releases Security Update for Thunderbird VMware Releases Security Updates for several products Apple Releases Security Updates for iCloud for Windows Xerox Releases Security Updates for DocuShare ________________________________ Apache Releases Security Advisory for Apache Tomcat Situation Apache has released a security advisory addressing a bug in Apache Tomcat. Affected versions: Apache Tomcat 10.0.0-M1… Read More

Please see Security Advisories for the week ending November 20, 2020 VMware Releases Security Updates for VMware SD-WAN Orchestrator Mozilla Patches One Zero-Day and 15+ High-Severity Vulnerabilities Cisco Releases Security Updates for Cisco’s Security Manage ________________________________ VMware Releases Security Updates for VMware SD-WAN Orchestrator Situation VMware has released multiple updates to its SD-Wan Orchestrator to patch vulnerabilities that could lead to an attacker taking control over the vulnerable system. Problem VMware has found… Read More

Please see Security Advisories for the week ending November 13, 2020 Google Releases Security Updates for Chrome Apple Releases Security Updates for Multiple Products Palo Alto Networks Releases Security Updates For PAN-OS Cisco Releases Security Update for IOS XR Software Microsoft Releases November 2020 Security Updates SAP Releases November 2020 Security Updates Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird ________________________________ Google Releases Security Updates for Chrome Situation Google… Read More

Please see Security Advisories for the week ending November 6, 2020 Zero-Day Vulnerability in Oracle Solaris Under Active Exploitation Apple Releases Security Updates for Multiple Products Cisco Releases Security Updates for Multiple Products Adobe Releases Security Updates for Acrobat and Reader Google Releases Security Updates for Desktop Chrome Browser, including a Zero-Day Vulnerability Being Exploited in the Wild ________________________________ Zero-Day Vulnerability in Oracle Solaris Under Active Exploitation Situation Oracle has found… Read More

Please see Security Advisories for the week ending October 30, 2020 Oracle WebLogic Server Under Active Exploitation New Malware, ZEBROCY Backdoor, spotted in the wild Microsoft Releases Security Update for Edge Browser New Kimsuky KGH Spyware Suite Discovered ________________________________ Oracle WebLogic Server Under Active Exploitation Situation A vulnerability (CVE-2020-14882, CVE-2020-14750) has been found in Oracle WebLogic Server. Affected versions: 14.1.1.0.0 12.2.1.4.0 12.2.1.3.0 12.1.3.0.0 10.3.6.0.0 Problem This vulnerability allows unauthenticated, remote attackers… Read More

Please see Security Advisories for the week ending October 23, 2020 Adobe Releases Security Updates for Multiple Products Cisco Releases Security Updates for Multiple Products Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird Google Releases Security Updates for Chrome Oracle releases major security updates for October VMware Releases Security Updates for Multiple Products ________________________________ Adobe Releases Security Updates for Multiple Products Situation Adobe is releasing security updates across multiple… Read More

Please see Security Advisories for the week ending October 16, 2020 NCSC Releases Alert on Microsoft SharePoint Vulnerability Adobe Releases Security Updates for Magento Microsoft Addresses Windows TCP/IP RCE/DoS Vulnerability Juniper Networks Releases Security Updates for Multiple Products Apache Releases Security Updates for Apache Tomcat SAP Releases October 2020 Security Updates Microsoft Releases October 2020 Security Updates QNAP Releases Security Updates for QNAP Helpdesk ________________________________ NCSC Releases Alert on Microsoft SharePoint Vulnerability… Read More