Security Advisories

CRITICAL Advisory: At least 30,000 US Organizations Hacked via Microsoft Exchange Bug Situation An unusually aggressive Chinese cyber espionage unit is targeting Microsoft Exchange Server to grab email and corporate data from Internet facing systems. Problem Microsoft identified four zero-day vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) that allows hackers to gain access to Microsoft Exchange servers, steal email, and plant further malware for increased access to the network. For the attack to work,… Read More

CRITICAL Advisory: Microsoft Releases Out-of-Band Security Updates for Actively Exploited Exchange Server Zero-Day Bugs Situation Microsoft has released out-of-band security updates to address four zero-day vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) affecting Microsoft Exchange Server 2013, 2016, and 2019. These vulnerabilities have been seen being exploited in the wild. Problem These four zero-day vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) have been seen chained together to gain access to Microsoft Exchange… Read More

Please see Security Advisories for the week ending February 26, 2021 Critical: SolarWinds New Digital Code-Signing Certificate Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox SonicWall Releases Additional Patches for SMA 100 Series ________________________________ Critical: SolarWinds New Digital Code-Signing Certificate Situation SolarWinds is re-signing digital code-signing certificate for multiple products. SolarWinds uses a digital code-signing certificate to digitally sign each software build, to help end users authenticate the code…. Read More

Please see Security Advisories for the week ending February 19, 2021 Microsoft Releases February 2021 Security Updates Google Releases Security Updates for Chrome North Korean Malicious Cyber Activity – AppleJeus ________________________________ Microsoft Releases February 2021 Security Updates Situation Microsoft has released its monthly security updates for February 2021. These updates address vulnerabilities in the following Microsoft software: Windows Console Driver Windows Defender Role: DNS Server Role: Hyper-V .NET Core .NET Framework… Read More

Please see Security Advisories for the week ending February 12, 2021 Microsoft Releases February 2021 Security Updates Windows Win32k privilege escalation currently being exploited in the wild Adobe Releases Security Updates in Several Products Mozilla Releases Security Updates for Firefox and Firefox ESR in Windows Microsoft Launches Phase 2 Mitigation for Netlogon Remote Code Execution Vulnerability (CVE-2020-1472) ________________________________ Microsoft Releases February 2021 Security Updates Situation Microsoft has released multiple patches to… Read More

Please see Security Advisories for the week ending February 5, 2021 Critical – Three More Potential Vulnerabilities Found in SolarWinds Software Critical – SonicWall Zero-Day Vulnerability Is Being Exploited in the Wild Sudo Heap-Based Buffer Overflow Vulnerability Allows Root Privileges Apple Releases Security Updates for MacOS Cisco Releases Security Updates for Several Products Google Releases Security Updates for Chrome ________________________________ Three More Potential Vulnerabilities Found in SolarWinds Software Situation SpiderLabs at Trustwave… Read More

Please see Security Advisories for the week ending January 22, 2021 Oracle Releases January 2021 Security Bulletin Drupal Releases Security Updates for Multiple Products Google Releases Security Updates for Chrome Cisco Releases Advisories for Multiple Products ________________________________ Oracle Releases January 2021 Security Bulletin Situation Oracle has released security updates for their products. These updates address 329 vulnerabilities across multiple products. Problem Oracle has patched a large number of severe vulnerabilities in… Read More

Please see Security Advisories for the week ending January 22, 2021 Oracle Releases January 2021 Security Bulletin Drupal Releases Security Updates for Multiple Products Google Releases Security Updates for Chrome Cisco Releases Advisories for Multiple Products ________________________________ Oracle Releases January 2021 Security Bulletin Situation Oracle has released security updates for their products. These updates address 329 vulnerabilities across multiple products. Problem Oracle has patched a large number of severe vulnerabilities in… Read More

Please see Security Advisories for the week ending January 15, 2021 Microsoft Releases January 2021 Security Updates Cisco Releases Security Updates for Multiple Products Apache Releases Security Advisory for Tomcat Juniper Networks Releases Security Updates for Multiple Products Adobe Releases Security Updates for Multiple Products Mozilla Releases Security Update for Thunderbird SAP Releases January 2021 Security Updates ________________________________ Microsoft Releases January 2021 Security Updates Situation Microsoft has released its monthly security… Read More

Please see Security Advisories for the week ending January 8, 2021 Mozilla Releases Security Updates for Firefox, Firefox for Android, and Firefox ESR Google Releases Security Updates for Chrome CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise ________________________________ Mozilla Releases Security Updates for Firefox, Firefox for Android, and Firefox ESR Situation Mozilla has found vulnerabilities and released security updates for Firefox, Firefox for Android, and… Read More