Security

Please see Security Advisories for the week ending September 18, 2020 Please note CRITICAL advisories below: Exploit for Netlogon Remote Protocol Vulnerability, Zerologon (CVE-2020-1472) Samba Releases Security Update for CVE-2020-1472 (ZeroLogon) Drupal Releases Security Updates for Multiple Products Adobe Releases Security Update for Adobe Media Encoder Iran-Based Threat Actor Exploits VPN Vulnerabilities ________________________________ Exploit for Netlogon Remote Protocol Vulnerability, Zerologon (CVE-2020-1472) Situation Microsoft has patched a severe bug in August 2020 patch release… Read More

CRITICAL: Vulnerability in Microsoft Windows Netlogon Remote Protocol Situation Microsoft has discovered and patched vulnerabilities for its Microsoft Windows Netlogon Remote Protocol (MS-NRPC). Problem Microsoft Windows Netlogon Remote Protocol (MS-NRPC) reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and potentially obtain domain administrator privileges. Implication  An unauthenticated attacker with network access to a domain… Read More

Please see Security Advisories for the week ending September 11, 2020 Palo Alto Networks Security Advisories – September 2020 Adobe Releases Security Updates for Several Products Google Releases Security Updates for Chrome version 85.0.4183.102 Microsoft Releases September 2020 Security Updates ________________________________ Palo Alto Networks Security Advisories – September 2020 Situation Palo Alto Networks has discovered and patched several vulnerabilities for its PAN-OS, from one Critical to several Highs. Problem A critical… Read More

Please see Security Advisories for the week ending September 4, 2020 Cisco Releases Security Updates for Multiple Products WordPress File Manager Plugin Under Active Exploitation ________________________________ Cisco Releases Security Updates for Multiple Products Situation Cisco has released multiple security patches in several of their products where they found vulnerabilities where attackers could remotely attack and take control of the product or devices. Problem Cisco has found vulnerabilities in the following products… Read More

Cisco IOS XR Zero-Day Vulnerability Being Exploited in the Wild Situation Cisco has found multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. The vulnerability can allow a remote attacker to perform a denial of service (DoS) attack. This vulnerability has been seen currently being exploited in the wild. Problem The vulnerabilities exist due to insufficient queue management for the Internet Group Management Protocol… Read More

Please see Security Advisories for the week ending August 28, 2020 Cisco Releases Security Updates for Multiple Products Security Updates Released for Firefox, Firefox ESR, and Thunderbird Security Update for Chrome version 85.0.4183.83 ________________________________ Cisco Releases Security Updates for Multiple Products Situation Cisco has identified multiple vulnerabilities in their product environments which could be exploited if not patched. Problem Cisco has identified several vulnerabilities that if exploited may allow attackers to remotely… Read More

Please see Security Advisories for the week ending August 21, 2020 Security Advisories Released for BIND Cisco Releases Security Updates for Multiple Products Security Update for Chrome North Korean Malicious Cyber Activity Actifio Connector Vulnerability ________________________________ Security Advisories Released for BIND Situation The Internet Systems Consortium (ISC) has discovered and patched vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). Problem The ISC has identified and patched vulnerabilities affecting multiple… Read More

Please see Security Advisories for the week ending August 14, 2020 Adobe Releases Security Updates Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails Google Chrome releases security update for version 84.0.4147.125 SAP releases August 2020 security updates for multiple products Increase of Zoom based phishing attacks over Spring and Summer 2020 Microsoft Releases August 2020 Security Updates Apple Releases Security Updates for iCloud for Windows Versions 7.20 and… Read More

Please see Security Advisories for the week ending August 7, 2020 Security Advisory – Emotet Botnet Resurfaces Cisco Releases Security Updates for Multiple Products FBI Reports Increase in Online Shopping Scams Chinese Malicious Cyber Activity ________________________________ Security Advisory – Emotet Botnet Resurfaces Situation Emotet Botnet has resurfaced on the internet with new tricks and attack vectors to spread Problem Emotet Botnet  is being used in links and email attachments and now… Read More

Please see Security Advisories for the week ending July 31, 2020 Cisco Releases Security Updates for Multiple Products Adobe Releases Security Updated for Magento Mozilla Releases Security Updates for Multiple Products Google Releases Security Updates for Chrome browser ________________________________ Cisco Releases Security Updates for Multiple Products Situation Cisco has released multiple updates to patch found vulnerabilities in multiple Cisco products including Vmanage, and Cisco Network Manager platforms. Problem Cisco has identified… Read More