The Cyber Threat Intelligence Unit at BGD e-GOV CIRT has identified a surge in cyber-attacks targeting organizations through the compromise of third-party service providers. Recently, multiple organizations in Bangladesh have encountered data breaches. Some individuals employed by third-party service providers, tasked with offering technical support to various client organizations, have been targeted by information-stealing malware. Investigations revealed that the information-stealing malware covertly extracted sensitive data,…

Read More

প্রতিবেদন সম্পূর্ণ দেখতে এখানে ক্লিক করুন।  

বিস্তারিত প্রতিবেদন দেখতে এখানে ক্লিক করুন Watch Appendix

বাংলাদেশের সাইবার স্পেসের সুরক্ষা নিশ্চিত করার লক্ষ্যে বাংলাদেশ সরকারের কম্পিউটার ইনসিডেন্ট রেসপন্স টিম (BGD e-GOV CIRT) সক্রিয়ভাবে গুরুত্বপূর্ণ থ্রেট ইনটেলিজেন্স সংক্রান্ত তথ্যাদি প্রকাশ করে থাকে। এরই ধারাবাহিকতায় সার্ট সাম্প্রতিককালে তথ্য পরিকাঠামোর জন্য ঝুঁকিপূর্ণ কিছু দুর্বলতা (critical vulnerabilities) চিহ্নিত করেছে। এরূপ ঝুঁকিপূর্ণ দুর্বলতাসমূহ ডিজিটাল অবকাঠামো হতে দূরিকরণের মাধ্যমে সম্ভাব্য সাইবার আক্রমন প্রতিহত করা যেতে পারে। Click here to see full details in pdf    

The Cyber Threat Intelligence Unit of BGD e-GOV CIRT warns about the ongoing exploitation of two zero-day vulnerabilities in Cisco’s IOS XE Software web UI feature. BGD e-GOV CIRT has recently identified successful exploitation attempts against organizations in Bangladesh. This advisory is directed towards IT teams configuring and managing routers and network switches within their organizations. Download the attachment here

The Bangladesh Government’s Computer Incident Response Team (BGD e-GOV CIRT) carries out its primary mission of safeguarding the nation’s cyberspace through proactive management of computer security incidents and related activities. This mission involves close collaboration with international organizations and entities to effectively mitigate risks. Our goal is to maintain a continuous state of vigilance and preparedness, both in anticipation of potential incidents and in response…

Read More

August 8, 2023 This report serves as an update to the ‘SITUATIONAL ALERT ON CYBER THREATS’ issued on 4th August. It provides an Indicator of Compromise (IOC) list which organizations may use for their preventive security measures. For the full document click here

Get the full PDF Here Get the full PDF Here

Here is the press release. Please click on the document below for full view.

In the advent of EID holidays, Bangladesh Government’s Computer Incident Response Team (BGD e–Gov CIRT) would like to assure the security of the critical information infrastructures (CII), banks andfinancial institutions, health care and all sorts of government and private organizations by sharing alist of top threats to be vigilant for any suspicious activities in their infrastructure to prevent any sortof intrusion or disruption to their…

Read More

Password Policy best practices Create a strong, complex and long password. Use multi-factor authentication for login where possible. Avoid save password in browser. Generic best practices Do not install additional software or server roles on DCs Implement patch management. Use secure DNS services to block malicious domains Ensure business continuity plan (BCP). Use security baselines and benchmarks. Inform and educate users about cyber threats and…

Read More

Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack. The company discovered the attackers breached the account on October 14 when GitHub notified it of suspicious activity that started one day before the alert was sent. “To date, our investigation has found that the code…

Read More

Attack infoFirst seen 2022-09-24 • Last seen 2022-10-19On October 19, 2022, Socradar announced a vulnerability they discovered in several misconfiguredMicrosoft AWS servers. They also announced the launch of the BlueBleed service, which contains datadownloaded from several misconfigured Microsoft AWS servers.Link to the Socradar announcement – hxxps://socradar[.]io/sensitive-data-of-65000-entities-in-111-countries-leaked-due-to-a-single-misconfigured-data-bucket/ The exposed files in the misconfigured bucket include; POE documents,SOW documents,Invoices,Product orders,Product offers,Project details,Signed customer documents,POC (Proof of Concept)…

Read More

A new Ducktail phishing campaign is spreading a never-before-seen Windows information-stealing malware written in PHP used to steal Facebook accounts, browser data, and cryptocurrency wallets. Ducktail phishing campaigns were first revealed by researchers from WithSecure in July 2022, who linked the attacks to Vietnamese hackers. Those campaigns relied on social engineering attacks through LinkedIn, pushing .NET Core malware masquerading as a PDF document supposedly containing details about a marketing…

Read More

A recent malicious campaign delivering Magniber ransomware has been targeting Windows home users with fake security updates. Threat actors created in September websites that promoted fake antivirus and security updates for Windows 10. The downloaded malicious files (ZIP archives) contained JavaScript that initiated an intricate infection with the file-encrypting malware. A report from HP’s threat intelligence team notes that Magniber ransomware operators demanded payment of up to $2,500…

Read More

Vulnerability DescriptionAn issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation…

Read More

licious cyber actors continue to exploit known vulnerabilities and use publicly available tools to target networks of interest. Remote code execution (RCE) attacks allow an attacker to remotely execute malicious code on a computer. The impact of an RCE vulnerability can range from malware execution to an attacker gaining full control over a compromised machine. RCE vulnerabilities are some of the most risky and high-impact…

Read More

A new cyber espionage threat group that has been previously unknown named Worok and has been observed using undocumented tools targeting private and local government entities mostly in Asia. Based on the report by ESET, the group has been active for at least 2020 and observed a significant break in operation from 2021-05 to 2022-01, but in 2022-02, their operation resumed, targeting an energy company, and a public…

Read More

An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. Exploitation Status: Fortinet recommends immediately validating systems against the following indicator of compromise in the device’s logs:user=”Local_Process_Access” Affected ProductsFortiOS version 7.2.0 through 7.2.1FortiOS version 7.0.0 through 7.0.6FortiProxy version 7.2.0FortiProxy version…

Read More

The tech giant has uncovered more than 400 malicious Android and iOS apps this year which steal usernames and passwords. 45 out of the 400 apps it found were on iOS, while the rest were on Android. They masquerade themselves as popular services like photo editors, games and VPNs to trick people into downloading them. How do these malicious apps work? Apart from displaying fun…

Read More

Microsoft has confirmed that two reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019. The first one, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker. From the note Microsoft added, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. It should…

Read More

Hackers backed by the North Korean government are weaponizing well-known pieces of open source software in an ongoing campaign that has already succeeded in compromising “numerous” organizations in the media, defense and aerospace, and IT services industries, Microsoft said on Thursday. ZINC—Microsoft’s name for a threat actor group also called Lazarus, which is best known for conducting the devastating 2014 compromise of Sony Pictures Entertainment—has been…

Read More

Microsoft confirmed it is investigating two zero days affecting its Exchange Server software late Thursday following a report from Vietnamese cybersecurity firm GTSC that the vulnerabilities are being exploited in the wild. GTSC said it discovered the issues in August while doing security incident monitoring and response, then reported the issue to Microsoft’s Zero Day Initiative, which confirmed the bugs. The attacks GTSC reported chain together the two vulnerabilities. …

Read More

Sophos warned today that a critical code injection security vulnerability in the company’s Firewall product is being exploited in the wild. “Sophos has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region,” the security software and hardware vendor warned. “We have informed each of these organizations directly. Sophos will provide further details as we continue…

Read More

Executive Summary SentinelLabs researchers uncovered a never-before-seen advanced threat actor we’ve dubbed ‘Metador’. Metador primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa. The operators are highly aware of operations security, managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security solutions. Metador’s attack chains are designed to bypass native security…

Read More

A number of firmware security flaws uncovered in HP’s business-oriented high-end notebooks continue to be left unpatched in some devices even months after public disclosure. Binarly, which first revealed details of the issues at the Black Hat USA conference in mid-August 2022, said the vulnerabilities “can’t be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement.” Firmware flaws can have serious implications…

Read More

Cybercrime Activities At A Glance  Introduction  The Aviation industry is a critical, strategic, and economically important sector for any nation. The pandemic-struck industry has started showing signs of gradual recovery after two years of volatility, however, attaining the pre-COVID global travel figures seems still farfetched until mid-2023. Amidst epidemic chaos, the Aviation industry steered itself towards embracing technology to reduce human dependence and make a…

Read More

Global Critical Infrastructure Potentially Vulnerable To Reflected Amplification-Based Denial-Of-Service (RDoS) Attacks Introduction Over the past few weeks, Cyble Research & Intelligence Labs has observed the active exploitation of a recently discovered vulnerability found in the Palo Alto Networks’ PAN-OS operating system that runs the firewalls and could allows a remote Threat Actor (TA) to conduct reflected and amplified TCP denial-of-service (RDoS) attacks against the their…

Read More

Cyble Research and Intelligence Labs (CRIL) has been tracking the activities of various Android Banking Trojans such as Hydra, Ermac, and Amextroll, amongst several others. During a routine threat-hunting exercise, we came across a Twitter post where a researcher mentioned a malware sample. After an in-depth analysis, the malware was identified as a new Android Banking Trojan variant targeting over 40 applications from Peru. The Threat Actor (TA) uses the…

Read More

Technical Details Note: this advisory uses the MITRE ATT&CK® for Enterprise framework, version 11. See MITRE ATT&CK for Enterprise for all referenced tactics and techniques. Zeppelin ransomware is a derivative of the Delphi-based Vega malware family and functions as a Ransomware as a Service (RaaS). From 2019 through at least June 2022, actors have used this malware to target a wide range of businesses and critical infrastructure…

Read More

An authentication bypass Zimbra security vulnerability is actively exploited to compromise Zimbra Collaboration Suite (ZCS) email servers worldwide.According to threat intelligence firm Volexity, attackers have been abusing a ZCS remote code execution flaw tracked as CVE-2022-27925 requiring authentication with the help of an auth bypass bug (tracked as CVE-2022-37042). Description: CVE-2022-27925: Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP…

Read More

Description:kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Impact: A local attacker may exploit this issue to gain elevated root privileges on the affected system. Mitigation: Updates…

Read More

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CVE-2022-30190, also known as “Follina” — the RCE vulnerability in the Microsoft Windows Support Diagnostic Tool that was disclosed in late May and exploited in the wild — has now received patches for affected Windows systems. While Microsoft had…

Read More

Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute maliciously PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document. Workarounds: In Microsoft Defender’s Attack Surface Reduction (ASR) activating the rule “Block all Office applications from creating child processes” in Block mode will prevent this from being exploited.[https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-all-office-applications-from-creating-child-processes] Disable the MSDT URL Protocol….

Read More

CVE-2022-1388: On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Impact: This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands,…

Read More

DESCRIPTION: Multiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution. SYSTEM AFFECTED: * Agile Product Lifecycle Management Integration Pack for Oracle E-Business Suite, version 3.6 * Application Performance Management, versions 13.4.1.0, 13.5.1.0 * Big Data Spatial and Graph, versions prior to 23.1 * Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0 * Enterprise Manager Ops Center, version 12.4.0.0 * Fujitsu…

Read More

DESCRIPTION: Multiple vulnerabilities have been discovered in Mozilla Firefox, Firefox Extended Support Release (ESR), and Thunderbird, the most severe of which could allow for arbitrary code execution. * Mozilla Firefox is a web browser used to access the Internet. * Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. * Mozilla Thunderbird is an email client. Successful…

Read More

DESCRIPTION: Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for escalation of privilege. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for escalation of privilege. Depending on the privileges associated with…

Read More

DESCRIPTION: Multiple vulnerabilities have been discovered in Cisco Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the targeted user, an attacker could then install programs; view, change, or delete data; or create new…

Read More

DESCRIPTION: A vulnerability has been discovered in Zoho Desktop Central and Desktop Central MSP that could allow for authentication bypass. Zoho Desktop Central and Desktop Central MSP are unified endpoint management (UEM) solution that helps in managing servers, laptops, desktops, smartphones, and tablets from a central location. It allows admins to deploy patches and software over the network and troubleshoot them remotely. Successful exploitation of...

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), the most severe of which could allow for arbitrary code execution. * Mozilla Firefox is a web browser used to access the Internet.* Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these vulnerabilities could allow...

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Adobe products, themost severe of which could allow for Arbitrary Code Execution. * Premiere Rush is a video editor.* Illustrator is a vector graphics editor and design program.* Photoshop is a graphics editor.* Adobe After Effects is a digital visual effects, motion graphics, andcompositing application.* Creative Cloud is a cloud service provided by Adobe where its softwarecan be accessed…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for remote code execution in thecontext of the logged on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted…

Read More

DESCRIPTION:A vulnerability has been discovered in Samba which could allow forarbitrary code execution. Samba is the standard Windows interoperabilitysuite of programs for Linux and Unix. Successful exploitation of thisvulnerability could result in arbitrary code execution as root onaffected Samba installations that use the VFS module vfs_fruit.Depending on the permission associated with the application running theexploit, an attacker could then install programs; view, change, ordelete data….

Read More

DESCRIPTION:A backdoor has been discovered in WordPress AccessPress plugins andthemes, which could allow an attacker access to a targeted website.AccessPress plugins and themes are used to provide website functionalityand design options to website administrators. Successful exploitation ofthis backdoor could allow an attacker to redirect users to malicioussites as well as access to the vulnerable website. SYSTEM AFFECTED:* accesspress-anonymous-post 2.8.0* accesspress-custom-css 2.0.1* ** accesspress-custom-post-type 1.0.8* accesspress-facebook-auto-post…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Cisco Products, themost severe of which could allow for arbitrary code execution.Successful exploitation of the most severe of these vulnerabilitiescould allow an unauthenticated, remote attacker to execute code on theaffected systems. Depending on the privileges associated with thetargeted user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Usersconfigured to…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. * iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.* iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.* macOS Monterey is the 18th and current major release of macOS.* macOS Big Sur…

Read More

DESCRIPTION:Multiple vulnerabilities in SonicWall SMA 100 Series could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution. The SonicWall SMA 100 Series is a unified secure access gateway that enables organizations to provide access to any application, anytime, from anywhere, and any devices, including managed and unmanaged. Depending on the privileges associated with the application, an attacker could…

Read More

DESCRIPTION:A vulnerability in Polkit’s pkexec component could allow for localprivilege escalation. Polkit (formerly PolicyKit) is a component forcontrolling system-wide privileges in Unix-like operating systems. Itprovides an organized way for non-privileged processes to communicatewith privileged ones. Polkit is installed by default on all major Linuxdistributions. Successful exploitation of this vulnerability couldresult in privilege escalation to root privileges. IMPACT:A vulnerability in Polkit ‘s pkexec component could allow…

Read More

DESCRIPTION:A vulnerability has been discovered in F5Networks BIG-IP, which couldresult in a denial-of-service (DoS). BIG-IP is a family of productscovering software and hardware designed around application availability,access control, and security solutions. Successful exploitation of thisvulnerability could allow an attacker to cause a denial of service toall servers sitting behind the BIG-IP system. IMPACT:A vulnerability has been discovered in F5Networks BIG-IP, which couldresult in a denial-of-service…

Read More

CVE SummaryCVE Base Score: 9.8 CRITICAL (CVSS:3.1)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and MetricsBase Score: 9.8 CRITICALVector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HImpact Score: 5.9Exploitability Score: 3.9Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope(S): UnchangedConfidentiality(C): HighIntegrity (I): HighAvailability (A): High CVE Released: Jan 11, 2022, Last updated: Jan 12, 2022 Description:This vulnerability concerns the HTTP stack (http.sys) used in listening to process HTTP requests on…

Read More

DESCRIPTION:A vulnerability has been discovered in Citrix Workspace App for Linux, avirtual desktop application. Successful exploitation of thisvulnerability could allow for local privilege escalation. A privilegeescalation enables the attacker to obtain root privileges within thesystem which will enable them to install programs; view, change, ordelete data; or create new accounts with full user rights. IMPACT:A vulnerability has been discovered in Citrix Workspace App for Linux,…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Adobe products, themost severe of which could allow for Arbitrary Code Execution. * Acrobat and Reader is a family of application software and Webservices mainly used to create, view, and edit PDF documents.* Illustrator is a vector graphics editor and design program.* Bridge is a digital asset management application.* Adobe InCopy is a professional word processor.* InDesign is an…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for remote code execution in thecontext of the logged on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Distributed DataSystems WebHMI, the most severe of which could allow for arbitrary codeexecution. Distributed Data Systems WebHMI is a SCADA system with abuilt-in web server that allows you to monitor and control anyautomation system on the local network and via the Internet from yourcomputer and mobile devices. Successful exploitation of the most severeof these vulnerabilities could allow an administrator…

Read More

DESCRIPTION:A vulnerability has been discovered in HP FutureSmart that could allowfor arbitrary code execution. HP FutureSmart is a piece of systemfirmware that is used on all HP Enterprise devices. Successfulexploitation of this vulnerability could allow for arbitrary codeexecution within the context of the affected application. Depending onthe privileges associated with this application, an attacker could theninstall programs; view, change, or delete data; or create new…

Read More

DESCRIPTION:A vulnerability has been discovered in multiple NETGEAR products, whichcould allow for arbitrary code execution. Successful exploitation ofthis vulnerability could allow for arbitrary code execution in thecontext of the root user. An attacker could then install programs; view,change, or delete data; or create new accounts with full user rights. IMPACT:  RIMM researchers are reported to have an exploit capable ofcompromising fully patched devices that are running…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Mozilla Firefox, Firefox Extended Support Release (ESR), and Thunderbird, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in largeorganizations. Mozilla Thunderbird is an email client. Successful exploitation of the most severe…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in the Google Androidoperating system (OS), the most severe of which could allow for remotecode execution. Android is an operating system developed by Google formobile devices, including, but not limited to, smartphones, tablets, andwatches. Successful exploitation of the most severe of thesevulnerabilities could allow for remote code execution within the contextof a privileged process. Depending on the privileges associated withthis…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Apple Products, themost severe of which could allow for arbitrary code execution. * iOS is a mobile operating system for mobile devices, including theiPhone, iPad, and iPod touch.* iPadOS is the successor to iOS 12 and is a mobile operating system foriPads.* macOS Monterey is the 18th and current major release of macOS.* macOS Big Sur is the 17th…

Read More

DESCRIPTION:Multiple vulnerabilities in SonicWall SMA 100 Series could allow forarbitrary code execution. Successful exploitation of thesevulnerabilities could allow for arbitrary code execution. The SonicWallSMA 100 Series is a unified secure access gateway that enablesorganizations to provide access to any application, anytime, fromanywhere and any devices, including managed and unmanaged. Depending onthe privileges associated with the application, an attacker could theninstall programs; view, change, or delete…

Read More

CVE-2021-44832 (CVSS score: 6.6 MEDIUM) – Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE)attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URIwhich can execute remote code. This issue is fixed by limiting…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in SiemensSolid Edge, themost severe of which could allow an attacker to cause an arbitrary codeexecution. Siemens Edge is a portfolio of software tools that addressesvarious product development processes: 3D design, simulation,manufacturing and design management. Successful exploitation of the mostsevere of these vulnerabilities could allow for arbitrary codeexecution. Depending on the privileges associated with the user, anattacker could then view…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for remote code execution in thecontext of the logged on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in iCloud for WindowsCould Allow for Arbitrary Code Execution. iCloud for Windows is a cloudstorage and cloud computing service. Successful exploitation of thesevulnerabilities could result in arbitrary code execution within thecontext of the application, an attacker gaining the same privileges asthe logged-on user, or the bypassing of security restrictions. Dependingon the permission associated with the application running the exploit,an attacker…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Apple Products, themost severe of which could allow for arbitrary code execution. * iOS is a mobile operating system for mobile devices, including theiPhone, iPad, and iPod touch.* iPadOS is the successor to iOS 12 and is a mobile operating system foriPads.* macOS Monterey is the 18th and current major release of macOS.* macOS Big Sur is the 17th…

Read More

DESCRIPTION:The Apache Software Foundation has released Apache HTTP Server 2.4.52.Reference:https://downloads.apache.org/httpd/Announcement2.4.html CVE-2021-44790 (CVSS score: 9.8- CRITICAL) -A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. CVE-2021-44224…

Read More

DESCRIPTION:A vulnerability has been discovered in Fortinet FortiWeb that couldallow for arbitrary code execution. Fortinet FortiWeb is a firewall forweb applications, which provides threat protection for medium and largeenterprises. Successful exploitation of this vulnerability could allowfor arbitrary code execution within the context of the affectedapplication. Depending on the privileges associated with thisapplication, an attacker could then install programs; view, change, ordelete data; or create new…

Read More

DESCRIPTION:A vulnerability has been discovered in Mozilla’s Network SecurityServices (NSS), a set of cryptography libraries used to handlesignatures and certification validation. Successful exploitation of thisthe vulnerability could allow for arbitrary code execution within thecontext of the affected application, which could be either a client likeThunderbird or server like Apache webserver. Depending on the privilegesassociated with this application, an attacker could then installprograms; view, change, or…

Read More

Log4j is an open-source logging framework developed by the Apache Foundation which is incorporated into many Java-based applications on both servers and end-user systems.A series of vulnerabilities in the popular Java-based logging library Log4j is under active exploitation by multiple threat actors. The current list of vulnerabilities and recommended fixes are listed here: CVE-2021-44228 (CVSS score: 10.0- CRITICAL) – Apache Log4j2 JNDI features do not…

Read More

DESCRIPTION:Multiple vulnerabilities have been identified in Mozilla Thunderbird,the most severe of which could allow for arbitrary code execution.Mozilla Thunderbird is an email client. Successful exploitation of themost severe of these vulnerabilities could allow for arbitrary codeexecution. Depending on the privileges associated with the user, anattacker could then install programs; view, change, or delete data; orcreate new accounts with full user rights. Users whose accounts areconfigured…

Read More

DESCRIPTION:A vulnerability has been discovered in SonicWall SMA100 Series thatcould allow for arbitrary file deletion. The SonicWall SMA 100 Series isa unified secure access gateway that enables organizations to provideaccess to any application, anytime, from anywhere, and any devices,including managed and unmanaged. Successful exploitation of thisvulnerability could result in arbitrary file deletion which enables anattacker to reboot the device to factory default settings. Afterward,this could…

Read More

Description: Apache Log4j2 <=2.14.1 JNDI features used in the configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10)…

Read More

CYBER THREAT ALERT Cyber Threat Intelligence unit of BGD e-GOV CIRT recently observed a series of malicious and suspicious activities, organized by an unknown APT group named APT-C-61, which was being observed starting in mid-2021. In primary observation, till now the target was important organizations such as national institutions, military industry, and scientific research institutions of Pakistan and Bangladesh to steal classified information. Details are…

Read More

Description: A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. The CVE-2020-0951 vulnerability affects both PowerShell 7 and PowerShell 7.1 versions.To check the PowerShell version you are running and determine if you are vulnerable to attacks…

Read More

Description: An Information Disclosure vulnerability exists in .NET where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on non-Windows Operating systems. CVE-2021-41355 impacts users of PowerShell 7.1.To check the PowerShell version you are running and determine if you are vulnerable to attacks exploiting these two bugs, you can execute the pwsh -v command from a Command Prompt. Mitigations: Admins are advised to install the updated PowerShell…

Read More

DESCRIPTION:A vulnerability has been discovered in Microsoft MSHTML, which couldallow for remote code execution. MSHTML (also known as Trident) is theengine used for Internet Explorer. It is also used by Microsoft Officeapplications for rendering web based content. Successful exploitation ofthis vulnerability could result in remote code execution in the contextof the affected user. Depending on the privileges associated with theuser, an attacker could view, change,…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Mozilla Firefox,Firefox Extended Support Release (ESR), and Thunderbird, the most severeof which could allow for arbitrary code execution. Mozilla Firefox is aweb browser used to access the Internet. Mozilla Firefox ESR is aversion of the web browser intended to be deployed in largeorganizations. Successful exploitation of these vulnerabilities couldallow for arbitrary code execution. Depending on the privilegesassociated with the…

Read More

DESCRIPTION:A vulnerability has been discovered in Confluence Server and DataCenter, which could allow for arbitrary code execution. Confluence is awiki tool used to help teams collaborate and share knowledgeefficiently. Successful exploitation of this vulnerability could allowan unauthenticated user to execute arbitrary code on a Confluence Serveror Data Center instance. Depending on the privileges associated with theinstance, an attacker could view, change, or delete data. IMPACT:US…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in the Google Androidoperating system (OS), the most severe of which could allow for remotecode execution. Android is an operating system developed by Google formobile devices, including, but not limited to, smartphones, tablets, andwatches. Successful exploitation of the most severe of thesevulnerabilities could allow for remote code execution within the contextof a privileged process. Depending on the privileges associated withthis…

Read More

Apple has released security updates to address vulnerabilities—CVE-2021-30858 and CVE-2021-30860—in multiple products.  An attacker could exploit these vulnerabilities to take control of an affected device. CISA is aware of public reporting that these vulnerabilities may have been exploited in the wild. CISA encourages users and administrators to review the security update pages for the following products and apply the necessary updates. macOS Big Sur 11.6…

Read More

DESCRIPTION:A vulnerability has been discovered in Confluence Server and DataCenter, which could allow for arbitrary code execution. Confluence is awiki tool used to help teams collaborate and share knowledgeefficiently. Successful exploitation of this vulnerability could allowan unauthenticated user to execute arbitrary code on a Confluence Serveror Data Center instance. Depending on the privileges associated with theinstance, an attacker could view, change, or delete data. IMPACT:A…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Adobe Media Encoder,Adobe Bridge, Adobe Photoshop, Adobe XMP Toolkit SDK, and AdobeCaptivate, the most severe of which could allow for arbitrary codeexecution. * Adobe Media Encoder is software that provides media content over theinternet* Adobe Bridge is a digital asset management application* Adobe Photoshop is a graphics editor* Adobe XMP Toolkit SDK is a development kit for Adobe’s ExtensibleMetadata…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in the Google Androidoperating system (OS), the most severe of which could allow for remotecode execution. Android is an operating system developed by Google formobile devices, including, but not limited to, smartphones, tablets, andwatches. Successful exploitation of the most severe of thesevulnerabilities could allow for remote code execution within the contextof a privileged process. Depending on the privileges associated withthis…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Rockwell AutomationISaGRAF5 Runtime, the most severe of which could allow for remote codeexecution. These affected Industrial Control System (ICS) products areused across several sectors, including chemical, critical manufacturing,food and agriculture, water and wastewater systems and others.Successful exploitation of the most severe of these vulnerabilitiescould allow an attacker to perform remote code execution on the affecteddevice. IMPACT:Multiple vulnerabilities have been…

Read More

DESCRIPTION:A vulnerability has been discovered in macOS Big Sur, iOS and iPadOS,which could allow for arbitrary code execution. * iOS is a mobile operating system for mobile devices, including theiPhone, iPad, and iPod touch.* iPadOS is the successor to iOS 12 and is a mobile operating system foriPads.* macOS Big Sur is the 17th and current major release of macOS. Successful exploitation of this vulnerability…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Oracle products, whichcould allow for remote code execution. SYSTEM AFFECTED:* Oracle Database Server, versions 12.1.0.2, 19c* Big Data Spatial and Graph, versions prior to 2.0, prior to 23.1* Essbase, version 21.2* Essbase Analytic Provider Services, versions 11.1.2.4, 21.2* Hyperion Essbase Administration Services, versions 11.1.2.4, 21.2* Oracle Commerce Guided Search / Oracle Commerce Experience Manager,version 11.3.1.5* Oracle Communications Billing and…

Read More

DESCRIPTION:A vulnerability has been discovered HP, Xerox, and Samsung printerdrivers, which could result in local privilege escalation. A printerdriver is a piece of system software that allows your computer tointeract with your printer. This vulnerability specifically deals withan old printer driver from 2005 called SSPORT.SYS which affects hundredsof millions of devices and millions of users worldwide. Successfullyexploitation of this vulnerability might allow attackers to potentiallyinstall…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this…

Read More

DESCRIPTION:A vulnerability has been discovered in Schneider Electric Modicon PLCs,which could result in remote code execution. A Programmable LogicController, or PLC, is a ruggedized computer used for industrialautomation. These controllers can automate a specific process, machinefunction, or even an entire production line. Successful exploitation ofthis vulnerability could allow for remote code execution within thecontext of a privileged process. Depending on the privileges associatedwith this application,…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for arbitrary code execution in thecontext of the logged on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Adobe Products, themost severe of which could allow for arbitrary code execution. * Dimension is a 3D rendering and design software.* Illustrator is a vector graphics editor and design program.* Adobe Framemaker is a document processing software used to write andedit large or complex documents.* Acrobat and Reader is a family of application software and Webservices mainly used to…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Mozilla Firefox andFirefox Extended Support Release (ESR), the most severe of which couldallow for arbitrary code execution. Mozilla Firefox is a web browserused to access the Internet. Mozilla Firefox ESR is a version of the webbrowser intended to be deployed in large organizations. Successfulexploitation of these vulnerabilities could allow for arbitrary codeexecution. Depending on the privileges associated with the…

Read More

Description:A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain.Many organizations utilize Microsoft Active Directory Certificate Services, which is a public key infrastructure (PKI) server that can be used to authenticate users, services, and machines on a Windows domain.PetitPotam’ that performs an NTLM relay attack that does not rely…

Read More

Description:fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. Impact: Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Mitigation: Updates are available. Please see the references or vendor advisory for…

Read More

An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database.An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have the ability to execute…

Read More

DESCRIPTION:A vulnerability has been discovered in SolarWinds Serv-U, which couldresult in remote code execution. SolarWinds Serv-U is an FTP serversoftware for secure file transfer. Successful exploitation of thisvulnerability could allow for remote code execution within the contextof a privileged process. Depending on the privileges associated withthis application, an attacker could then install programs; view, change,or delete data; or create new accounts with full user rights….

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Kaseya VSA that couldallow for arbitrary code execution. Kaseya VSA is a software used byMSPs to remotely manage networks and endpoints. Successful exploitationof these vulnerabilities could result in arbitrary code execution withinthe context of the application, an attacker gaining the same privilegesas the logged-on user, or the bypassing of security restrictions.Depending on the permission associated with the application running…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in the Google Androidoperating system (OS), the most severe of which could allow forarbitrary code execution. Android is an operating system developed byGoogle for mobile devices, including, but not limited to, smartphones,tablets, and watches. Successful exploitation of the most severe ofthese vulnerabilities could allow for arbitrary code execution withinthe context of a privileged process. Depending on the privilegesassociated with this…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for arbitrary code execution in thecontext of the logged-on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted than…

Read More

Description:Eclypsium researchers have identified multiple vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS.This chain of vulnerabilities has a cumulative CVSS score of 8.3 (High) because it allows a privileged network adversary to impersonate Dell.com andgain arbitrary code execution at the BIOS/UEFI level of the affected device. Such an attack would enable adversaries to control the device’s boot process andsubvert the operating system and higher-layer…

Read More

Microsoft has released the KB5004945 emergency security update to fix the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions. However, the patch is incomplete and the vulnerability can still be locally exploited to gain SYSTEM privileges. The remote code execution bug (tracked as CVE-2021-34527) allows attackers to take over affected servers via remote code execution (RCE) with SYSTEM…

Read More

Description:It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user.This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to dataconfidentiality and integrity as well as system availability. Impact:The vulnerability enables an unprivileged local…

Read More

Description:A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change or delete data;or create new accounts with full user rights.An attack must involve an authenticated user calling RpcAddPrinterDriverEx(). Impact:This remote code execution (RCE) CVE-2021-34527 impacts all versions…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Apple iOS that couldallow for arbitrary code execution. iOS is a mobile operating system formobile devices, including the iPhone, iPad, and iPod touch. Successfulexploitation of these vulnerabilities could result in arbitrary codeexecution within the context of the application, an attacker gaining thesame privileges as the logged-on user, or the bypassing of securityrestrictions. Depending on the permission associated with theapplication…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Adobe Products, themost severe of which could allow for arbitrary code execution. * Connect is a suite of software for remote training, web conferencing,presentation, and desktop sharing.* Acrobat and Reader is a family of application software and Webservices mainly used to create, view, and edit PDF documents.* Experience Manager is a content management solution for buildingwebsites, mobile apps, and…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this…

Read More

DESCRIPTION:There are six zero-day vulnerabilities that Microsoft has tracked asbeing actively exploited which include CVE-2021-33742, CVE-2021-33739,CVE-2021-31199, CVE-2021-31201, CVE-2021-31955 and CVE-2021-31956. IMPACT:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for arbitrary code execution. A full list of all vulnerabilities can be found at the link below:https://msrc.microsoft.com/update-guide/en-us Successful exploitation of the most severe of these vulnerabilitiescould result in an attacker gaining…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in SAP products, the mostsevere of which could allow for remote code execution. SAP is a softwarecompany which creates software to manage business operations andcustomer relations. Successful exploitation of the most severe of thesevulnerabilities could allow an unauthenticated, remote attacker toexecute code on the affected systems. Depending on the privilegesassociated with the application, an attacker could then installprograms; view, change,…

Read More

DESCRIPTION:Threat intelligence firm Bad Packets has reported that hackers areactively scanning the Internet for VMware vCenter servers vulnerableagainst a critical RCE flaw recently fixed by VMware. IMPACT:Multiple vulnerabilities have been discovered in VMware vCenter Server,which could result in remote code execution. Details of thesevulnerabilities are as follows: * A remote code execution vulnerability in vCenter Server which enablesa malicious actor to execute commands with unrestricted…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for arbitrary code execution in thecontext of the logged on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Cisco Webex NetworkRecording Player and Cisco Webex Player that could allow for arbitrarycode execution. The Webex meeting service is a hosted multimediaconferencing solution that is managed and maintained by Cisco Webex. TheWebex Network Recording Player is an application that is used to convertWebex recording files to standard formats such as Windows Media Video,Flash or MP4. The Webex Player is…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Mozilla Firefox,Firefox Extended Support Release (ESR) and Mozilla Firefox for iOS, themost severe of which could allow for arbitrary code execution. MozillaFirefox is a web browser used to access the Internet. Mozilla FirefoxESR is a version of the web browser intended to be deployed in largeorganizations. Mozilla Firefox for iOS is a web browser used to accessthe Internet on…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in VMware vCenter Server,the most severe of which could allow for remote code execution. VMwarevCenter Server is a centralized management utility for VMware, and isused to manage virtual machines, multiple ESXi hosts, and all dependentcomponents from a single centralized location. Successful exploitationof these vulnerabilities could allow an attacker to execute remote codein context of the user running the application. IMPACT:Multiple…

Read More

Description: The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. Impacted Products:VMware vCenter Server (vCenter…

Read More

Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and tracked by Microsoft since January 2021, evolved over a series of waves demonstrating significant experimentation. On May 25, 2021, the campaign escalated as NOBELIUM leveraged the…

Read More

DESCRIPTION:A vulnerability has been discovered in Microsoft Windows JET DatabaseEngine that could allow for arbitrary code execution. Microsoft WindowsJET Database Engine provides data access to various applications such asMicrosoft Access, Microsoft Visual Basic, and third-party applications.Successful exploitation of this vulnerability could result in arbitrarycode execution within the context of the application, an attackergaining the same privileges as the logged-on user, or the bypassing ofsecurity restrictions….

Read More

Zeppelin ransomware is also referred to as Buran and has its origin in the Vega/VegaLocker family, a Delphi-based ransomware-as-a-service (RaaS).According to researcher Vitali Kremez, Zeppelin binaries are generated via a GUI wizard by affiliates who then distribute the malware in exchange for revenue sharing. Vega samples were first discovered in the beginning of 2019, being distributed alongside other widespread financial malware as part of a…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Adobe Products, themost severe of which could allow for arbitrary code execution. * Acrobat and Reader is a family of application software and Webservices mainly used to create, view, and edit PDF documents.* Animate is a multimedia authoring computer animation program.* Experience Manager is a content management solution for buildingwebsites, mobile apps, and forms.* InCopy is a professional word…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Wi-Fi enabled devices,the most severe of which could allow for data exfiltration. IEEE 802.11is part of the IEEE 802 set of local area network technical standards,and specifies the set of medium access control and physical layerprotocols for implementing wireless local area network communication.Successful exploitation of the most severe of these vulnerabilitiescould allow an attacker to exfiltrate user data. IMPACT:*…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for arbitrary code execution in thecontext of the logged on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Cisco SD-WAN vManageSoftware, the most severe of which could allow for arbitrary codeexecution. Cisco SD-WAN provides a centralized management interface ofan organization’s WAN including their cloud and data center environment.Successful exploitation of the most severe of these vulnerabilitiescould allow an unauthenticated, remote attacker to executeadministrative functions and obtain an admin account. An attacker couldthen view, change, or delete data;…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Exim, the most severeof which could allow for remote code execution. Exim is a mail transferagent used to deploy mail servers on Unix-like systems. Successfulexploitation of the most severe of these vulnerabilities will enable theattacker to perform command execution as root in the context of the mailserver. An attacker could then install programs; view, change, or deletedata; or create…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Cisco HyperFlex HXsoftware, the most severe of which could allow for arbitrary codeexecution. The Cisco HyperFlex HX Series is Cisco’s a convergedinfrastructure system that integrates computing, networking and storageresources to increase efficiency and enable centralized management. Thisproduct contains a web-based interface which allows user can access tomanage the device. Successful exploitation of the most severe of thesevulnerabilities within the…

Read More

DESCRIPTION:A vulnerability has been discovered in HPE Edgeline InfrastructureManager Software that could allow for remote code execution. HPEEdgeline Infrastructure Manager Software was made to aggregate themanagement of Edgeline ComputeDevices. It is delivered as a VirtualMachine image (OVA) targeted at running on VMware ESXi, workstation,orplayer. Edgeline Infrastructure Manager supports discovery, monitoring,and management of EdgelineConverged Edge Systems. Successful exploitation of this vulnerability could result in remotecode execution…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process….

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows: iOS 14.5.1 and iPadOS 14.5.1* A memory corruption issue was addressed with improved state management. (CVE-2021-30665)* An integer overflow was addressed with improved input validation. (CVE-2021-30663) iOS 12.5.3* A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30666)*…

Read More

The Qualys Research Team has discovered multiple critical vulnerabilities in the Exim mail server, some of the which can be chained together to obtain full remote unauthenticated code execution and gain root privileges. The 21Nails vulnerabilities, if left unpatched, could allow threat actors to take over these systems and then intercept or tamper with email communications passing through the Exim server. 11 issues are local…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Apple Products, themost severe of which could allow for arbitrary code execution. * iCloud for Windows is a cloud storage and cloud computing service.* Xcode is an integrated development environment (IDE) for macOS.* Safari is a graphical web browser developed by Apple, based on theWebKit engine.* macOS Big Sur is the 17th and current major release of macOS.* macOS…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this…

Read More

DESCRIPTION:Multiple vulnerabilities in SonicWall Email Security (ES) could allowfor arbitrary code execution. Successful exploitation of thesevulnerabilities could allow for arbitrary code execution. SonicWallEmail Security (ES) is an email security solution that providescomprehensive inbound and outbound protection, and defends againstadvanced email-borne threats such as ransomware, zero-day threats, spearphishing and business email compromise (BEC). The solution can bedeployed as a physical appliance, virtual appliance, softwareinstallation, or a…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Mozilla Firefox/FirefoxESR/Thunderbird, the most severe of which could allow for arbitrary codeexecution. Mozilla Firefox is a web browser that is used to access theInternet. Mozilla Firefox ESR is a version of the web browser intendedto be deployed in large organizations. Mozilla Thunderbird is an emailclient. Successful exploitation of these vulnerabilities could allow forarbitrary code execution. Depending on the privileges…

Read More

DESCRIPTION:A vulnerability has been discovered in Pulse Connect Secure VPN thatcould allow for remote code execution. Pulse Connect Secure VPN providesTLS and mobile VPN solutions. Successful exploitation of thisvulnerability could allow for remote code execution. Depending on theprivileges associated with the application, an attacker could theninstall programs; view, change, or delete data; or create new accountswith full user rights. Applications that are configured to have…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for arbitrary code execution in thecontext of the logged on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in ArubaNetwork’s ArubaOSand SD-WAN, which could result in arbitrary code execution. Aruba (aHewlett Packard Enterprise company) is the worldwide second-largestenterprise WLAN vendor after Cisco. ArubaOS is its WLAN controllersystem for automating WLAN management, and SD-WAN (software defined WAN)is its cloud-oriented WAN orchestration system. Successful exploitationof these vulnerabilities could allow an attacker to execute arbitrarycode in context of the user running…

Read More

DESCRIPTION:A vulnerability has been discovered in Juniper Junos OS that could allowfor remote code execution. Junos OS is a single network operating systemproviding a common language across Juniper’s routing, switching andsecurity devices. This vulnerability specifically affects the overlaydservice of Juniper Networks Junos OS. The overlayd daemon handlesOverlay OAM packets, such as ping and traceroute, sent to the overlay.The service runs as root by default and…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this…

Read More

Window Manager vulnerability Description:CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). Due to the lack of bounds checking, attackers are able to create a situation that allows them to write controlled data at a controlled offset using DirectComposition API. Impact:It is an escalation of privilege (EoP) exploit that is likely used together with other browser exploits…

Read More

Description:CVE-2021-25296Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.Mitigation:Upgrade the Windows WMI config wizard from Admin > Manage Config Wizards to version 2.2.3 or above. CVE-2021-25297Nagios XI version xi-5.7.5 is affected by…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for arbitrary code execution in thecontext of the logged on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Adobe Products, themost severe of which could allow for arbitrary code execution. * Photoshop is Adobe’s flagship image editing software.* Digital Editions is an e-book reader software program.* Bridge is a free digital asset management app. It is a mandatorycomponent of Adobe Creative Suite, Adobe eLearning Suite, AdobeTechnical Communication Suite and Adobe Photoshop CS2 through CS6.* RoboHelp is a…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Mozilla Firefox,Firefox Extended Support Release (ESR) and Mozilla Thunderbird, the mostsevere of which could allow for arbitrary code execution. MozillaFirefox is a web browser used to access the Internet. Mozilla FirefoxESR is a version of the web browser intended to be deployed in largeorganizations. Mozilla Thunderbird is an email client. Successfulexploitation of these vulnerabilities could allow for arbitrary codeexecution….

Read More

DESCRIPTION:A vulnerability has been discovered in WebKit GTK and WPE WebKit whichcould allow for arbitrary code execution. * WebKitGTK is a full-featured port of the WebKit rendering engine,suitable for projects requiring any kind of web integration, from hybridHTML/CSS applications to full-fledged web browsers.* WPE is the reference WebKit port for embedded and low-consumptioncomputer devices. Successful exploitation of this vulnerability could allow for arbitrarycode execution. Depending…

Read More

Security researchers have found over 500,000 Huawei smartphone users have downloaded applications tainted with the Joker malware that unwittingly subscribes users to premium mobile services. A report from antivirus maker Doctor Web notes that the malicious apps retained their advertised functionality but downloaded components that subscribed users to premium mobile services. To keep users in the dark the infected apps requested access to notifications, which…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft ExchangeServer (on premises version) , the most severe of which could allow forarbitrary code execution. Microsoft Exchange Server is a mail serverused to run and manage an organization’s email services. Successfulexploitation of the most severe of these vulnerabilities could allow anattacker to execute arbitrary code in the context of the mail server.Depending on the privileges associated with the…

Read More

DESCRIPTION:A vulnerability has been discovered in Adobe ColdFusion, which couldallow for arbitrary code execution. Adobe ColdFusion is a webapplication development platform. Successful exploitation of thisvulnerability could result in an attacker executing arbitrary code inthe context of the affected application. Depending on the privilegesassociated with the application, an attacker could then installprograms; view, change, or delete data; or create new accounts with fulluser rights. Applications that…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Cisco RV series smallbusiness routers, the most severe of which could allow for arbitrarycode execution. The Cisco RV series routers are recommended forconnecting your small business’ internal network devices to each other.Successful exploitation of the most severe of these vulnerabilitiescould allow an unauthenticated, remote attacker to execute arbitrarycode on the affected systems. IMPACT:Multiple vulnerabilities have been discovered in Cisco…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this…

Read More

Short Description: Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. The vulnerabilities recently being exploited were CVE-2021-26855, CVE-2021-26857,…

Read More

Short Description: Hangover threat group (aka Neon, Viceroy Tiger, MONSOON) carrying out targeted cyberattacks deploying BackConfig malware attacks against government and military organizations in South Asia including Bangladesh. Hangover Group is a cyberespionage group that was first observed in December 2013 carrying on a cyberattack against a telecom corporation in Norway. The Hangover Group’s initial vector of compromise is to carry out spear-phishing campaigns. The…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in the Google Androidoperating system (OS), the most severe of which could allow for remotecode execution. Android is an operating system developed by Google formobile devices, including, but not limited to, smartphones, tablets, andwatches. Successful exploitation of the most severe of thesevulnerabilities could allow for remote code execution within the contextof a privileged process. Depending on the privileges associated withthis…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Cisco SD-WAN vManageSoftware, the most severe of which could allow for arbitrary codeexecution. Cisco SD-WAN provides a centralized management interface ofan organization’s WAN including their cloud and data center environment.Successful exploitation of the most severe of these vulnerabilitiescould allow an unauthenticated, remote attacker to execute code on theaffected systems. Depending on the privileges associated with theapplication, an attacker could…

Read More

Transparent Tribe (also known as PROJECTM and MYTHIC LEOPARD) is a very prolific group that is well-known in the cybersecurity industry for its massive espionage campaigns. The APT group Transparent Tribe is mounting an ongoing cyberespionage campaign, researchers said, which is aimed at military and diplomatic targets around the world. Transparent Tribe mainly relies on both spear phishing and watering hole attacks to gain its…

Read More

Threat actor group “ALTDOS” operate by accessing and exfiltrating companies databases and have focus mainly on South-East Asia including Bangladesh.“ALTDOS” is known to extort companies for ransom for the data exfiltrated. Not much is known about this group, other than the breach reports. Target sectors: Financial-services,retail,communications,construction,energy,pharmaceuticals,telecommunications External Reference relared to “ALTDOS” threat actor:https://www.databreaches.net/thai-media-and-content-conglomerate-mono-next-public-company-hit-by-altdos-hackers/https://www.databreaches.net/thai-securities-trading-firm-goes-offline-after-cyberattack/

DESCRIPTION:Multiple vulnerabilities have been discovered in VMware vRealizeOperations Manager, which could result in remote code execution. VMwarevRealize Operations Manager is an IT management platform which enablesvisibility, optimization and management of an organization’s physical,virtual and cloud infrastructure. This software comes within an APIwhich enables developers to build vRealize Operations Manager clients tocommunicate with the server over HTTP. Successful exploitation of thesevulnerabilities could allow an attacker to…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Cisco Jabber the mostsevere of which could allow for arbitrary code execution. Cisco Jabberprovides instant messaging (IM), voice, video, voice messaging, desktopsharing, and conferencing on any device. Successful exploitation of themost severe of these vulnerabilities could allow an unauthenticated,remote attacker to execute code on the affected systems. Depending onthe privileges associated with the application, an attacker could theninstall programs;…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in F5 products, the mostsevere of which could allow for remote code execution. * BIG-IP and BIG-IP Advanced WAF/ASM are a family of products coveringsoftware and hardware designed around application availability, accesscontrol, and security solutions.* BIG-IQ enables administrators to centrally manage BIG-IPinfrastructure across the IT landscape. It discovers, tracks, manages,and monitors physical and virtual BIG-IP devices – in the cloud,…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in ArubaNetwork’s InstantAccess Point that could allow for arbitrary code execution. Aruba (aHewlett Packard Enterprise company) is the worldwide second-largestenterprise WLAN vendor. ArubaNetworks Instant Access Point is Wi-Fihardware which virtualizes Aruba Mobility Controller capabilities on802.11 access points (APs). Successful exploitation of thesevulnerabilities could allow an attacker to execute arbitrary code incontext of the user running the application. Depending on the…

Read More

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has identified extensive targeting, and has confirmed compromises, of Australian organisations with vulnerable Microsoft Exchange deployments.  The ACSC is assisting affected organisations with their incident response and remediation. The ACSC has identified a large number of Australian organisations are yet to patch vulnerable versions of Microsoft Exchange, leaving them vulnerable to compromise. The ACSC urges these…

Read More

Cybersecurity researchers have discovered a new malware dropper contained in as many as 9 Android apps distributed via Google Play Store that deploys a second stage malware capable of gaining intrusive access to the financial accounts of victims as well as full control of their devices. “This dropper, dubbed Clast82, utilizes a series of techniques to avoid detection by Google Play Protect detection, completes the…

Read More

A new research has yielded yet another means to pilfer sensitive data by exploiting what’s the first “on-chip, cross-core” side-channel in Intel Coffee Lake and Skylake processors. Published by a group of academics from the University of Illinois at Urbana-Champaign, the findings are expected to be presented at the USENIX Security Symposium coming this August. While information leakage attacks targeting the CPU microarchitecture have been previously demonstrated…

Read More

Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari web browser to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content. Tracked as CVE-2021-1844, the vulnerability was discovered and reported to the company by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research. According to the update notes posted…

Read More

Microsoft has released emergency out-of-band security updates thataddress four zero-day issues (CVE-2021-26855, CVE-2021-26857,CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchangeversions that are actively exploited in the wild. Researchers at the MS Exchange Server team have released a script thatcould be used by administrators to check if their installs arevulnerable to the recently disclosed vulnerabilities. Microsoft released the tool as open-source on GitHub, it can be…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in SolarWinds Orion andServU-FTP, the most severe of which could allow for remote code execution. * SolarWinds Orion provides centralized monitoring across anorganization’s entire IT stack.* ServU-FTP is a multi-protocol file server capable of sending andreceiving files from other networked computers through various means. Successful exploitation of the most severe of these vulnerabilitiescould result in remote code execution that allows…

Read More

DESCRIPTION:A vulnerability has been discovered in the SonicWall SMA 100 Series,which could allow for SQL injection. The SonicWall SMA 100 Series is aunified secure access gateway that enables organizations to provideaccess to any application, anytime, from anywhere and any devices,including managed and unmanaged. Successful exploitation of thisvulnerability could result in SQL injection, which enables the retrievalof admin credentials. Afterwards, this retrieval can pivot into aremote-code…

Read More

LodaRAT BD CAMPAIGN Threat Report_v2Download

I. Targeted Software Docker Kubernetes Amazon Web Services (AWS) Microsoft Azure Google Cloud II. Introduction A hacking group referred to as “TeamTNT” has been active within the previous 8 months. In the summer of 2020, security researches identified TeamTNT as the group behind a crypto-mining malware capable of stealing local credentials and Amazon Web Services (AWS) login details.[2] TeamTNT had been targeting Docker and Kubernetes.[2]…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Cisco VPN Routers, themost severe of which could allow for arbitrary code execution as theroot user of an affected device. These VPN routers are often used toconnect hosts via the router hardware as opposed to individualinstallations on each device. Successful exploitation of the most severe of these vulnerabilitiescould allow for arbitrary code execution in the context of the root…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Apple Products, themost severe of which could allow for arbitrary code execution. * tvOS is an operating system for the fourth-generation Apple TV digitalmedia player.* watchOS is the mobile operating system for the Apple Watch and isbased on the iOS operating system.* iPadOS is the successor to iOS 12 and is a mobile operating system foriPads.* iOS is a…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in the Google Androidoperating system (OS), the most severe of which could allow for remotecode execution. Android is an operating system developed by Google formobile devices, including, but not limited to, smartphones, tablets, andwatches. Successful exploitation of the most severe of thesevulnerabilities could allow for remote code execution within the contextof a privileged process. Depending on the privileges associated withthis…

Read More

DESCRIPTION:A vulnerability has been discovered in GNU Libgcrypt, which could allowfor arbitrary code execution. Libgcrypt is a generic cryptographiclibrary offered as part of GNU Privacy Guard (GnuPG) software suite toprovide building blocks for carrying out cryptographic tasks such asencrypting and signing data and communications. It is shipped with mostLinux distributions including Ubuntu and Fedora. Successful exploitationof this vulnerability could result in arbitrary code execution in…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Apple Products, themost severe of which could allow for arbitrary code execution. * tvOS is an operating system for the fourth-generation Apple TV digitalmedia player.* watchOS is the mobile operating system for the Apple Watch and isbased on the iOS operating system.* iPadOS is the successor to iOS 12 and is a mobile operating system foriPads.* iOS is a…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Cisco’s SD-WAN, DNACenter, and Smart Software Manager Satellite products, the most severeof which could allow for arbitrary code execution with system privileges. * SD-WAN is used for cloud-based network architecture* DNA Center is a management platform for the Digital NetworkArchitecture product* Smart Software Manager is an enterprise product activation key/licensemanager Successful exploitation of the most severe of these vulnerabilitiescould…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this…

Read More

IMPACT:Multiple vulnerabilities have been discovered in Oracle products, whichcould allow for remote code execution. SYSTEM AFFECTED:* Business Intelligence Enterprise Edition, versions 5.5.0.0.0,11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0* Enterprise Manager Base Platform, versions 13.2.1.0, 13.3.0.0, 13.4.0.0* Enterprise Manager for Fusion Applications, version 13.3.0.0* Enterprise Manager Ops Center, version 12.4.0.0* Hyperion Financial Reporting, version 11.1.2.4* Hyperion Infrastructure Technology, version 11.1.2.4* Instantis EnterpriseTrack, versions 17.1-17.3* JD Edwards EnterpriseOne Orchestrator, versions prior to…

Read More

DESCRIPTIONSudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character: IMPACTA heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user (users and system users, sudoers and non-sudoers), without authentication (i.e., the attacker does not need to…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Siemens’ Solid Edge,the most severe of which could allow for arbitrary code execution in thecontext of the system process. Solid Edge is used for designing andviewing 2D and 3D models. Depending on the privileges associated withthe application, an attacker could view, change, or delete data. If thisapplication has been configured to have fewer user rights on the system,exploitation of…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Siemens’ JT2Go andTeamcenter Visualization products, the most severe of which could allowfor arbitrary code execution in the context of the system process. JT2Goand Teamcenter Visualization are used for viewing 3D models. Dependingon the privileges associated with the application, an attacker couldview, change, or delete data. If this application has been configured tohave fewer user rights on the system, exploitation…

Read More

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for remote code execution. Successfulexploitation of the most severe of these vulnerabilities could result inan attacker gaining the same privileges as the logged-on user. Dependingon the privileges associated with the user, an attacker could theninstall programs; view, change, or delete data; or create new accountswith full user rights. Users whose accounts…

Read More

DESCRIPTION:A vulnerability has been discovered in Adobe Photoshop which could allowfor arbitrary code execution. Photoshop is Adobe’s flagship imageediting software. Successful exploitation of this vulnerability couldallow for arbitrary code execution. Depending on the privilegesassociated with the user an attacker could then install programs; view,change, or delete data; or create new accounts with full user rights.Users whose accounts are configured to have fewer user rights on…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for arbitrary code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in…

Read More

DESCRIPTION A vulnerability has been discovered in Mozilla Firefox, Firefox ExtendedSupport Release (ESR) and Firefox for Android, which could allow forarbitrary code execution. Mozilla Firefox is a web browser used toaccess the Internet. Mozilla Firefox ESR is a version of the web browserintended to be deployed in large organizations. Firefox for Android is aversion of the web browser used on Android based mobile devices.Successful exploitation…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view,…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution within the context of a privileged process. Details of these vulnerabilities are as follows: * Multiple vulnerabilities in Framework that could allow for Escalation of Privileges (CVE-2021-0303, CVE-2021-0306, CVE-2021-0307, CVE-2021-0310, CVE-2021-0315, CVE-2021-0317, CVE-2021-0318, CVE-2021-0319)* A vulnerability in Framework that could allow for Remote Code Execution…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in Fortinet FortiWeb, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details of these vulnerabilities are as follows: * A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or     commands by sending a request with a crafted…

Read More

DESCRIPTION Zyxel has released a patch for the hardcoded credential vulnerability of firewalls and AP controllers recently reported by researchers from Eye Control Netherlands. Users are advised to install the applicable firmware updates for optimal protection. A hardcoded credential vulnerability was identified in the “zyfwp” user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected…

Read More

SUBJECTMultiple Vulnerabilities in ArubaNetworks ArubaOS and SD-WAN Could Allow for Arbitrary Code Execution DESCRIPTIONMultiple vulnerabilities have been discovered in ArubaNetwork’s ArubaOS and SD-WAN, which could result in arbitrary code execution. Aruba (a Hewlett Packard Enterprise company) is the worldwide second-largest enterprise WLAN vendor after Cisco. ArubaOS is its WLAN controller system for automating WLAN management, and SD-WAN (software defined WAN) is its cloud-oriented WAN orchestration…

Read More

TroubleGrabber, a new credential stealer discovered by Netskope securityresearchers, spreads via Discord attachments and uses Discord webhooksto deliver stolen information to its operators.Several threat actors usethe new info stealer to target gamers on Discord servers and to stealtheir passwords and other sensitive information. This malware, which primarily arrives via drive-by download, steals theweb browser tokens, Discord webhook tokens, web browser passwords, andsystem information. This information…

Read More

The Department of Homeland Security Cybersecurity and InfrastructureSecurity Agency (CISA) issued an Emergency Directive on December 13,2020 in response to the compromise of the SolarWinds Orion product forall federal civilian agencies. The directive calls for all organizationsto assess their exposure to the compromise and secure their networksagainst exploitation. The following SolarWinds Orion versions are affected: Orion Platform 2019.4 HF5, version 2019.4.5200.9083Orion Platform 2020.2 RC1, version 2020.2.100.12219Orion Platform 2020.2…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process….

Read More

DESCRIPTIONA vulnerability has been discovered in Apache Struts, which could allow for remote code execution. Apache Struts is an open source framework used for building Java web applications. Successful exploitation of this vulnerability could allow for remote code execution. Depending on the privileges associated with the user, an attacker could then install programs; view; change, or delete data; or create new accounts with full user…

Read More

DESCRIPTIONA vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit…

Read More

DESCRIPTIONA vulnerability has been discovered in Mozilla Thunderbird, which could allow for arbitrary code execution. Mozilla Thunderbird is an email client. Successful exploitation of this vulnerability could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in VMware SD-WAN Orchestrator, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges given to the host machine. Depending on the privileges associated with VMware SD-WAN Orchestrator, an attacker could then install programs; view, change, or delete data; or create…

Read More

The GlobeImposter ransomware family first appeared around August of 2017.  In early 2019, GlobeImposter ransomware underwent extensive modifications, after which the authors re-released it, causing havoc around the world. Ransom.GlobeImposter is a ransomware application that will encrypt files on a victim machine and demand payment to retrieve the information.Ransom.GlobeImposter may be distributed through a malicious spam campaign, recognizable only with their lack of message content…

Read More

Stantinko, one of the oldest malware botnets still operating today, has rolled out updates to its class of Linux malware, upgrading its trojan to pose as the legitimate Apache web server process (httpd) in order to make detection harder on infected hosts. According to a new analysis published by Intezer,come to confirm that despite a period of inactivity in regards to code changes, the Stantinko…

Read More

A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies. The BlackBerry Research and Intelligence team have been monitoring a cyber-espionage campaign that is targeting disparate victims around the globe. The campaign, dubbed CostaRicto by BlackBerry, appears to be operated by “hackers-for-hire”, a group of APT mercenaries who possess bespoke malware tooling…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in Adobe Acrobat and Adobe Reader, the most severe of which could allow for arbitrary code execution. Adobe Acrobat is a family of software developed by Adobe Inc. to view, create, manipulate, print, and manage files in PDF format. Adobe Reader is the free version within the Adobe Acrobat family of software. Successful exploitation of the most severe of these…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process….

Read More

DESCRIPTIONOctober 23 – UPDATED: Multiple vulnerability has been discovered in Cisco Adaptive Security Appliance and Firepower Threat Defense, which could allow for a denial of service condition. Cisco Adaptive Security Appliance is the core operating system that delivers enterprise-class firewall capabilities and Cisco Firepower Threat Defense is an integrative software image. Successful exploitation of this vulnerability could allow an attacker to cause denial-of-service condition. IMPACTMultiple…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view,…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Firefox ESR, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in HP Intelligent Management Center (iMC), the most severe of which could allow for arbitrary code execution. HP Intelligent Management Center (iMC) is software platform used to manage enterprise network environments. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution within the context of a privileged process. Attackers can exploit these issues to execute…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution. SYSTEM AFFECTED    • Application Performance Management (APM), versions 13.3.0.0, 13.4.0.0    • Big Data Spatial and Graph, versions prior to 3.0    • Enterprise Manager Base Platform, versions 13.2.1.0, 13.3.0.0, 13.4.0.0    • Enterprise Manager for Peoplesoft, version 13.4.1.1    • Enterprise Manager for Storage Management, versions 13.3.0.0, 13.4.0.0    • Enterprise Manager Ops Center,…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in Magento CMS, the most severe of which could allow for arbitrary code execution. Magento is a web-based e-commerce application written in PHP. Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new…

Read More

DESCRIPTIONA vulnerability has been discovered in Juniper Junos OS, which could allow for denial of service. Junos OS is a FreeBSD-based operating system used in Juniper Networks routers. This vulnerability specifically affects MX Series routers and EX9200 series switches with Trio-based PFEs configured with IPv6 Distributed Denial of Service (DDoS) protection mechanism enabled. An attacker can exploit this issue to disrupt network protocol operations or…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in SonicWALL Sonic OS, the most severe of which could allow for arbitrary code execution. SonicWALL is a firewall and cybersecurity solution vendor. Successful exploitation of the most severe of these vulnerabilities could allow for buffer overflow within the context of the application. Attackers may exploit this issue to execute arbitrary code within the context of the affected application. Failed…

Read More

DESCRIPTIONA remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. IMPACTAn attacker who successfully exploited this vulnerability…

Read More

DESCRIPTIONA SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix. IMPACT9.8 CRITICAL SYSTEM AFFECTEDSophos XG Firewall v18.0 MR1 and…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with…

Read More

DESCRIPTIONA vulnerability has been discovered in Adobe Flash Player, which could allow for arbitrary code execution. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages. Successful exploitation of this vulnerability could result in an attacker executing arbitrary code in the context of the affected application. Depending on the privileges…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process….

Read More

DESCRIPTIONTreck IP network stack software is designed for and used in a variety of embedded systems. The software can be licensed and integrated in various ways, including compiled from source, licensed for modification and reuse and finally as a dynamic or static linked library. Treck IP software contains multiple vulnerabilities, most of which are caused by memory management bugs. For more details on the vulnerabilities…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in Microsoft Edge, the most severe of which could allow for arbitrary code execution. Microsoft Edge is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in iCloud for Windows and macOS. The most severe of these vulnerabilities could allow for arbitrary code execution. macOS is a desktop operating system for Macintosh computers. iCloud is a cloud storage service that can be used on Windows computers. Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of…

Read More

Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-September-24. The following PSIRT security advisories (29 High) were published at 16:00 UTC today. 1) Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability CVE-2020-3526 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-COPS-VLD-MpbTvGEW +——————————————————————– 2) Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability CVE-2020-3552 SIR:…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Firefox ESR, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary…

Read More

DESCRIPTION The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting. SYSTEM AFFECTED Following actions are recommended to be taken: Install the latest version: • If you are using Drupal 7.x, upgrade to Drupal 7.73. • If you are using Drupal 8.8.x, upgrade to Drupal 8.8.10. • If you are using Drupal 8.9.x, upgrade to Drupal 8.9.6. • If…

Read More

DESCRIPTIONMultiple vulnerabilities exist in various Video Over IP (Internet Protocol) encoder devices, also known as IPTV/H.264/H.265 video encoders. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code and perform other unauthorized actions on a vulnerable system. IMPACT     • Full administrative access via backdoor password (CVE-2020-24215)    • Administrative root access via backdoor password (CVE-2020-24218)    • Arbitrary file read via path traversal (CVE-2020-24219)    •…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in iOS, iPadOS, watchOS, tvOS, watchOS, Xcode, and Safari. The most severe of these vulnerabilities could allow for arbitrary code execution.     • iOS is a mobile operating system for Apple cellphones.    • iPadOS is a mobile operating system for Apple tablets.    • tvOS is an operating system for the Apple media streaming device Apple TV.    • WatchOS is an…

Read More

DESCRIPTIONA remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view,…

Read More

Description:An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’. The prime elements of this vulnerability are the weak encryption standards and the authentication process used in the Netlogon protocol. As new Windows Domain Controllers use standard AES-256 as encryption standards, incorrect use…

Read More

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner.According to security firm Tencent, the team of hackers has been active over the past few months by hacking into Microsoft SQL Servers (MSSQL) to install a crypto-miner.According to the researchers, for the spread of the botnet, it was done scan to…

Read More

DESCRIPTION Adobe has released an out-of-band security update for Adobe Media Encoder that fixes three ‘Important’ security vulnerabilities. The three vulnerabilities are classified as ‘Information Disclosure,’ which could allow sensitive information to be leaked in the security of the active user. Adobe advises customers to update the vulnerable apps to the latest versions as soon as possible to block attacks attempting to exploit unpatched installations….

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts…

Read More

DESCRIPTION AMT is part of the Intel vPro platform (Intel’s umbrella marketing term for its collection of computer hardware technologies) and is primarily used by enterprise IT shops for remote management of corporate systems. The flaw can be exploited by an unauthenticated attacker on the same network, in order to gain escalated privileges. The issue (CVE-2020-8758), found internally by Intel employees, ranks 9.8 out of…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in Palo Alto PAN-OS, the most severe of which could allow for arbitrary code execution. PAN-OS is an operating system for Palo Alto Network Appliances. An attacker can exploit this issue by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated remote attacker…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view,…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in Adobe InDesign, Adobe Framemaker, and Adobe Experience Manager, the most severe of which could allow for arbitrary code execution. Adobe InDesign is a desktop publishing and typesetting software that can be used to create works such as posters, flyers, brochures, magazines, newspapers, presentations, books and ebooks. Adobe FrameMaker is a document processor designed for writing and editing large or…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in SAP products, the most severe of which could allow for arbitrary code execution. SAP is a software company which creates software to manage business operations and customer relations. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the application,…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged…

Read More

DESCRIPTIONGRUB2 is a multiboot boot loader that replaced GRUB Legacy in 2012. A boot loader is the first program that runs upon boot and loads the operating system. Many vendors also use a shim, a signed software package that contains the vendor’s certificate and code that verifies and runs the boot loader. This means that firmware Certificate Authority providers can just sign the shim as…

Read More

Original release date: September 4, 2020 The Cybersecurity and Infrastructure Security Agency (CISA) is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against finance and business organizations worldwide. A DoS attack is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. In a DDoS attack, the…

Read More

Short Description: About Emotet Malware: Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious link. The spam emails contain either a URL or an attachment, and purport to be sending…

Read More

Short Description: About BeagleBoyz: “BeagleBoyz ” is a newly identified group that is a subset of activity by the threat actors known as HIDDEN COBRA/LAZARUS/APT 38. The primary modus operandi (not limited to) of the BeagleBoyz is social engineering, spearphishing, and watering hole tactics. Contained within the Malware Analysis Reports (MAR) cited above are unique malware samples that are a combination of remote access tools/trojans…

Read More

DESCRIPTIONA vulnerability has been discovered in the File Manager plugin that could allow for remote code execution. WordPress is a web-based publishing application implemented in PHP, and the File Manager Plugin allows site Admins to upload, edit, delete files and folders directly from the WordPress backend without having to use FTP. Successful exploitation of this vulnerability could allow for remote code execution in the context…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in Cisco Jabber for Windows the most severe of which could allow for arbitrary code execution. Cisco Jabber provides instant messaging (IM), voice, video, voice messaging, desktop sharing, and conferencing on any device. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated…

Read More

DESCRIPTIONCisco has released a security advisory on a vulnerability—CVE-2020-3566—in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR software. This vulnerability affects Cisco devices running IOS XR software that have an active interface configured under multicast routing. A remote attacker could exploit this vulnerability to exhaust process memory of an affected device. This vulnerability was detected in exploits in the wild. IMPACTAn…

Read More

DESCRIPTION Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. IMPACT These vulnerabilities are due to the incorrect…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Firefox ESR, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could…

Read More

North Korea’s BeagleBoyz are responsible for the sophisticated cyber-enabled ATM cash-out campaigns identified publicly as “FASTCash” in October 2018. Since 2016, the BeagleBoyz have perpetrated the FASTCash scheme, targeting banks’ retail payment system infrastructure (i.e., switch application servers processing International Standards Organization [ISO] 8583 messages, which is the standard for financial transaction messaging). The BeagleBoyz overlap to varying degrees with groups tracked by the cybersecurity…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in IBM Security Guardium Insights, the most severe of which could allow for the program to become compromised. IBM Security Guardium Insights is a program developed to monitor traffic traveling across the network to protect against data leakage and maintain data integrity. Successful exploitation of the most severe of these vulnerabilities could allow for a remote attacker to compromise…

Read More

DESCRIPTION A vulnerability has been discovered in Cisco Small Business, Smart, and Managed Switches which could allow for a denial-of-service condition when the switch processes a specially crafted IPv6 address. The vulnerability occurs due to insufficient validation of incoming IPv6 traffic. An unauthenticated remote attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. The vulnerability does not affect IPv4…

Read More

Description FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack. Impact Successful exploit could allow an authenticated attacker to launch a command injection attack. Mitigation Huawei has released software updates to fix this vulnerability. Product Name Affected Version Resolved Product and Version FusionCompute…

Read More

DESCRIPTION A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in Citrix XenMobile Server, the most severe of which could allow for reading of arbitrary files on the server. XenMobile is a software that provides mobile device management and mobile application management. Successful exploitation of the most severe of theses vulnerabilities could allow for arbitrary file read, resulting in access to configuration data and further attacks. IMPACT Multiple vulnerabilities…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in iOS, iPadOS, macOS, tvOS, watchOS, and Safari. The most severe of these vulnerabilities could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in SAP products, the most severe of which could allow for arbitrary code execution. SAP is a software company which creates software to manage business operations and customer relations. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the application,…

Read More

DESCRIPTION Multiple Vulnerabilities have been discovered in Apache Struts, the most severe of which could allow for remote code execution. Apache Struts is an open source framework used for building Java web applications. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker…

Read More

DESCRIPTION The Cybersecurity and Infrastructure Security Agency (CISA) has observed cyber actors using emails containing a Microsoft Word document with a malicious Visual Basic Application (VBA) macro code to deploy KONNI malware. KONNI is a remote administration tool (RAT) used by malicious cyber actors to steal files, capture keystrokes, take screenshots, and execute arbitrary code on infected hosts. RECOMMENDATIONS CISA recommends that users and administrators…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could...

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in Adobe Acrobat and Adobe Reader, the most severe of which could allow for arbitrary code execution. Adobe Acrobat is a family of software developed by Adobe Inc. to view, create, manipulate, print, and manage files in PDF format. Adobe Reader is the free version within the Adobe Acrobat family of software. Successful exploitation of the most severe of…

Read More

DESCRIPTION Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged…

Read More

DESCRIPTION Apache web server is a common application used as a web application server. Being a open source software, it is extremely common and used throughout almost all the organizations. A specially crafted packet can crash the service and user can gain access and perform Remote Code Execution (RCE) on the server. If the attacker can perform the attack successfully, depending on the access level…

Read More

DESCRIPTION Server Message Block (SMB) is a protocol which is commonly found in windows based systems. This is a common method for sharing folder and accessing them via network. This method is quite common which makes this vulnerability very dangerous as even large enterprises usually have common shared location where they can store and retrieve files. IMPACTThis vulnerability can lead towards development of many malware…

Read More

DESCRIPTION Almost all of the Netgear devices now contains web interface for easy management. It becomes easy for the home administrator to configure and manage the device efficiently. Moreover, WiFi routers from this company is widely used Bangladesh. To do this httpd service has been used and it fails to validate the he header size provided to the upgrade_check.cgi handler. Despite copying the header to…

Read More

DESCRIPTIONMultiple vulnerabilities have been discovered in SAP products, the most severe of which could allow an unauthenticated, remote attacker to execute code on the affected systems. Details of the vulnerabilities are as follows: * Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard) (CVE-2020-6286).* Security updates for the browser control Google Chromium delivered with SAP Business Client.* Information Disclosure in SAP NetWeaver (XMLToolkit for…

Read More

Description In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. Impact This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the TMUI, through the BIG-IP management port and/or Self IPs, to execute arbitrary system commands, create or delete…

Read More

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security. Report : Following is the CVE report from BGD e-GOV CIRT for the month of June 2020.

SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2. Salt is an open-source remote task and configuration management framework widely used in data centers and cloud servers. A remote attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities were detected in exploits in the wild. CVE-2020-11651: An issue was discovered in…

Read More

CVE-2020-8618:An assertion check in BIND (that is meant to prevent going beyond the end of a buffer when processing incoming data) can be incorrectly triggered by a large response during zone transfer. Impact: An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to…

Read More

Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.8, 8.9, and 9.0. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. For more information, please visit following URL:https://www.drupal.org/sa-core-2020-004https://www.drupal.org/sa-core-2020-005

WordPress 5.4.1 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. WordPress 5.4.2 is now available. For more information, please visit following URL:https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is…

Read More

CVE-2020-13428:A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. Impact:According to VideoLan’s security bulletin, this vulnerability can be exploited by creating a specially crafted file and tricking a user into opening it…

Read More

Palo Alto Networks’ Unit 42 researchers discovered six new vulnerabilities in D-Link wireless cloud routers running their latest firmware.The vulnerabilities were found in the DIR-865L model of D-Link routers. The following are the six vulnerabilities found: CVE-2020-13782: Improper Neutralization of Special Elements Used in a Command (Command Injection)CVE-2020-13786: Cross-Site Request Forgery (CSRF)CVE-2020-13785: Inadequate Encryption StrengthCVE-2020-13784: Predictable seed in pseudo-random number generatorCVE-2020-13783: Cleartext storage of sensitive…

Read More

The JSOF research lab has discovered a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. The 19 vulnerabilities, given the name Ripple20, affect hundreds of millions of devices and include multiple remote code execution vulnerabilities. These vulnerabilities affect Treck TCP/IP stack implementations for embedded systems. The Treck TCP/IP stack is affected including: IPv4IPv6UDPDNSDHCPTCPICMPv4ARP Impact:Successful exploitation of these…

Read More

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. What is UPnP? Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and…

Read More

Description: A vulnerability has been discovered in Microsoft Windows SMB Server that could allow for remote code execution. This vulnerability is due to an error in handling maliciously crafted compressed data packets within version 3.1.1 of Server Message Blocks. To exploit this vulnerability, an attacker can send specially crafted compressed data packets to a target Microsoft Server Message Block 3.0 (SMBv3) server. Clients who connects…

Read More

Description: A vulnerability has been discovered in Zoom Client that could allow for arbitrary code execution. An exploitable partial path traversal vulnerability exists in the way Zoom Client processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution due to how Zoom handles shared files. Zoom automatically unpacks shared…

Read More

Severity: High Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the “signature_algorithms_cert” TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service…

Read More

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security. Report : Following is the CVE report from BGD e-GOV CIRT for the month of April 2020.

Security researchers at Trend Micro discovered a potential cyberespionage campaign, which we have named Project Spy, that infects Android and iOS devices with spyware.Trend Micro also reported that, significantly small number of downloads of the app in Pakistan, India, Afghanistan, Bangladesh, Iran, Saudi Arabia, Austria, Romania, Grenada, and Russia. The spyware apps can steal Facebook messages, WhatsApp messages, text messages, contact lists, call logs, photos,…

Read More

Description:A vulnerability was identified in Google Chrome, a remote attacker could exploit this vulnerability to trigger remote code execution and denial of service on the targeted system. Impact:Denial of ServiceRemote Code Execution Google Chrome (Desktop version) prior to 81.0.4044.113 version are vulnerable. Mitigation:Updates are available.Google has released Chrome version 81.0.4044.113 for Windows, Mac, and Linux.Please see the references or vendor advisory for more information. Reference:https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html

Description: Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more…

Read More

Description: Google has released Chrome version 81.0.4044.92 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html

Description: Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES

Description: VMware has released security updates to address a vulnerability in VMware Directory Service (vmdir). An attacker could exploit this vulnerability to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2020-0006.html

Description : Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. System / Technologies Affected :    iCloud for Windows 7.18 iCloud for Windows 10.9.3 iTunes 12.10.5 for Windows iOS 13.4 and iPadOS 13.4 Safari 13.1 watchOS 6.2 tvOS 13.4 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update…

Read More

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security. Report : Following is the CVE report from BGD e-GOV CIRT for the month of March 2020.

Description: A vulnerability has been discovered in Microsoft Windows SMB Server that could allow for remote code execution. This vulnerability is due to an error in handling maliciously crafted compressed data packets within version 3.1.1 of Server Message Blocks. To exploit this vulnerability, an attacker can send specially crafted compressed data packets to a target Microsoft Server Message Block 3.0 (SMBv3) server. Clients who connects…

Read More

The Cybersecurity and Infrastructure Security Agency (CISA) warns individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of…

Read More

Description: Multiple vulnerabilities in the Cisco Webex Network Recording Player and Cisco Webex Player could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit these vulnerabilities by sending a user a link or email attachment containing a malicious ARF (Advanced Recording Format) or WRF (Webex Recording Format) file via a link or an email…

Read More

Description : Multiple vulnerabilities were identified in Google Chrome, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution and security restriction bypass on the targeted system. Impact: Remote Code Execution     Security Restriction Bypass System / Technologies Affected :    Google Chrome (Desktop version) prior to 80.0.3987.132 Mitigation: Before installation of the software, please visit the vendor’s web-site for more details….

Read More

Description: A vulnerability has been discovered in the WordPress Duplicator Plugin that could allow for Arbitrary File Downloads. This vulnerability exists due to the way Duplicator handles certain requests from unauthenticated users. When an attacker sends a specially crafted request to Duplicator, an unauthenticated user can download arbitrary files from the target WordPress site. This includes the ‘wp-config.php’ file, which contains various site configurations, and…

Read More

Subject: A Vulnerability in Apache Tomcat Could Allow for Arbitrary File Reading (CVE-2020-1938)   Description: A vulnerability has been discovered in Apache Tomcat, which could allow for reading of arbitrary files on the affected system. The vulnerability exists in the AJP protocol, which is by default exposed over TCP port 8009 and enabled. The vulnerability can be exploited by an attacker who can communicate with…

Read More

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security. Report : Following is the CVE report from BGD e-GOV CIRT for the month of February 2020.

Description: Google has released Chrome version 80.0.3987.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html

Description: Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Feb https://support.microsoft.com/en-us/help/20200211/security-update-deployment-information-february-11-2020

Description: Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Framemaker APSB20-04 Acrobat and Reader APSB20-05 Flash Player APSB20-06 Digital Editions APSB20-07 Experience Manager APSB20-08 Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for…

Read More

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security. Report : Following is the CVE report from BGD e-GOV CIRT for the month of January 2020.

Summary New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats. On January 14, 2020, Microsoft released software fixes to address 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among…

Read More

Description: Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more…

Read More

Description: Cisco has released security updates to address multiple vulnerabilities in Data Center Network Manager (DCNM). A remote attacker could exploit these vulnerabilities to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: Cisco Data Center Network…

Read More

Description: Microsoft has released information about CVE-2019-1491, a vulnerability in SharePoint Server. An attacker could exploit this vulnerability to obtain sensitive information. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2019-Dec https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1491 https://support.microsoft.com/en-us/help/20191210/security-update-deployment-information-december-10-2019

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security. Report : Following is the CVE report from BGD e-GOV CIRT for the month of November – December 2019.

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security. Report : Following is the CVE report from BGD e-GOV CIRT for the month of October 2019.

Description: Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.7.x, and 8.8.x. An attacker could exploit some of these vulnerabilities to modify data on an affected website. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: SA-CORE-2019-012 SA-CORE-2019-011 SA-CORE-2019-010 SA-CORE-2019-009

Description: Microsoft has released information about CVE-2019-1491, a vulnerability in SharePoint Server. An attacker could exploit this vulnerability to obtain sensitive information. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2019-Dec https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1491 https://support.microsoft.com/en-us/help/20191210/security-update-deployment-information-december-10-2019

Description: WordPress 5.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/

Description: Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Xcode 11.3 watchOS 5.3.4 watchOS 6.1.1 tvOS 13.3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra Safari 13.0.4 iOS 12.4.4 iOS 13.3 and iPadOS 13.3 iTunes 12.10.3 for Windows iCloud for Windows 7.16…

Read More

Description: Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges. Linux Administrative Tools for Intel Network Adapters Advisory INTEL-SA-00237 FPGA SDK for OpenCL Advisory INTEL-SA-00284 Processors Voltage Settings Modification Advisory INTEL-SA-00289 Control Center-I Advisory INTEL-SA-00299 Quartus Prime Pro Edition Advisory INTEL-SA-00311 SCS Platform Discovery Utility Advisory INTEL-SA-00312 Unexpected Page Fault in Virtualized…

Read More

Description: VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2019-0020.html https://www.vmware.com/security/advisories/VMSA-2019-0021.html

Description: Intel has released security updates to address vulnerabilities in multiple products. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates: BMC Advisory INTEL-SA-00313 UEFI Advisory INTEL-SA-00280 SGX and TXT Advisory INTEL-SA-00220 Processor Security Advisory INTEL-SA-00240 CSME, Intel SPS, Intel TXE, Intel AMT, Intel PTT and Intel DAL Advisory INTEL-SA-00241 Graphics Driver for Windows Advisory INTEL-SA-00242 Ethernet 700…

Read More

Description: Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-pi-epn-codex https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-sbr-cominj https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-telepres-roomos-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-telepres-roomos-privesc

Description: Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/

Description: The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to obtain sensitive information. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.samba.org/samba/security/CVE-2019-10218.html https://www.samba.org/samba/security/CVE-2019-14833.html https://www.samba.org/samba/security/CVE-2019-14847.html

Description: Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates. Impact: A remote attacker could exploit this vulnerability to take control of…

Read More

Description: VMware has released a security update to address a vulnerability affecting Harbor Container Registry for Pivotal Cloud Foundry (PCF). An attacker could exploit this vulnerability to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2019-0016.html

Description: The CERT Coordination Center (CERT/CC) has released information on multiple vulnerabilities affecting Pulse Secure Virtual Private Network (VPN). An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been targeted by advanced persistent threat (APT) actors. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the…

Read More

Description: The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information….

Read More

Description: Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. watchOS 5.3.1 iOS 12.4.1 macOS Mojave 10.14.6 tvOS 12.4.1 Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more…

Read More

Description: WordPress 5.2.2 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/

Description: Exim has released patches to address vulnerabilities affecting Exim 4.92.1 and prior versions. A remote attacker could exploit this vulnerability to take control of an affected email server. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://exim.org/static/doc/security/CVE-2019-15846.txt https://kb.cert.org/vuls/id/672565/

Description: Cisco has released security updates to address a vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190710-asa-ftd-dos

Description: Atlassian has released security updates to address a vulnerability affecting Jira Server and Jira Data Center. A remote attacker could exploit this vulnerability to take control of an affected system. Paragraph Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html https://cyber.gc.ca/en/alerts/atlassian-confluence-security-advisory

Summary The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an…

Read More

Description: The CERT Coordination Center (CERT/CC) has released information on TCP networking vulnerabilities affecting Linux and FreeBSD kernels. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.kb.cert.org/vuls/id/905115/

Description: Apple has released security updates to address vulnerabilities in AirPort Express, AirPort Extreme, and AirPort Time Capsule wireless routers with 802.11n. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for…

Read More

Description: Dell has released a security advisory to address a vulnerability in Dell SupportAssist software. An attacker could exploit this vulnerability to access sensitive information. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en

Description: Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more…

Read More

Description: Exim has released patches to address a vulnerability affecting Exim versions 4.87–4.91. A remote attacker could exploit this vulnerability to take control of an affected email server. This vulnerability was detected in exploits in the wild. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more…

Read More

Description: Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates: NUC Firmware Advisory INTEL-SA-00264 RAID Web Console 3 for Windows Advisory INTEL-SA-00259…

Read More

Description Apple has released AirPort Base Station Firmware Update 7.91 to address vulnerabilities in AirPort Extreme and AirPort Time Capsule wireless routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for…

Read More

Description: Microsoft has released security updates to address a remote code execution vulnerability in the following in-support and out-of-support operating systems: In-support systems: Windows 7, Windows Server 2008 R2, and Windows Server 2008 Out-of-support systems: Windows 2003 and Windows XP A remote attacker could exploit this vulnerability to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control…

Read More

Description: VMware has released security updates to address vulnerabilities in the following products : vCenter Server, ESXi, Workstation, Fusion. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2019-0007.html https://www.vmware.com/security/advisories/VMSA-2019-0008.html

Description: Cisco has released security updates to address vulnerabilities in multiple Cisco products.  Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/publicationListing.x

Description: Facebook has released a security advisory to address a vulnerability in WhatsApp. A remote attacker could exploit this vulnerability to take control of an affected device. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.facebook.com/security/advisories/cve-2019-3568

Description: Oracle has released its Critical Patch Update for April 2019 to address 297 vulnerabilities across multiple products. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Description: Cisco has released a security update to address vulnerabilities in multiple Cisco products. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/publicationListing.x

Description: Drupal has released security updates to address multiple vulnerabilities in Drupal Core. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.drupal.org/sa-core-2019-005 https://www.drupal.org/sa-core-2019-006

Description: The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting multiple Virtual Private Network (VPN) applications. An attacker could exploit this vulnerability to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.kb.cert.org/vuls/id/192371/

Description: VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2019-0006.html

Apache Releases Security Updates for Apache Tomcat Description: The Apache Software Foundation has released Apache Tomcat versions 7.0.94 and 8.5.40 to address a vulnerability. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://mail-archives.us.apache.org/mod_mbox/www-announce/201904.mbox/%3C13d878ec-5d49-c348-48d4-25a6c81b9605%40apache.org%3E

Description: Microsoft has released updates to address multiple vulnerabilities in Microsoft software. The April security release consists of security updates for the following software: Adobe Flash Player Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ChakraCore ASP.NET Microsoft Exchange Server Team Foundation Server Azure DevOps Server Open Enclave SDK Windows Admin Center Impact: A remote attacker could exploit…

Read More

Description: Cisco has released several security advisories to address vulnerabilities in multiple Cisco products : Cisco IP Phone 8800 Series Path Traversal Vulnerability cisco-sa-20190320-ipptv Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability cisco-sa-20190320-ipfudos Cisco IP Phone 8800 Series Authorization Bypass Vulnerability cisco-sa-20190320-ipab Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability cisco-sa-20190320-ip-phone-rce Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability cisco-sa-20190320-ip-phone-csrf Impact: A…

Read More

Description: Drupal has released security updates to address a vulnerability in Drupal Core. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.drupal.org/sa-core-2019-004

Description: ASUS has released Live Update version 3.6.8. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. These vulnerabilities were detected in exploits in the wild. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s:…

Read More

Description: Microsoft has released an update to address a vulnerability in Azure Linux Guest Agent Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804

Description: Intel has released security updates and recommendations to address vulnerabilities in multiple products. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.intel.com/content/www/us/en/security-center/default.html Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available….

Read More

Description: WordPress 5.1 and prior versions are affected by a vulnerability. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/

Description: Adobe has released security updates to address a vulnerability in ColdFusion. These updates resolve a critical vulnerability that could lead to arbitrary code execution in the context of the running ColdFusion service.    Adobe is aware of a report that CVE-2019-7816 has been exploited in the wild.   Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the…

Read More

Description: Cisco has released security updates to address vulnerabilities in multiple Cisco products. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a…

Read More

Description: OpenSSL version 1.0.2r has been released to address a vulnerability for users of versions 1.0.2–1.0.2q Impact: An attacker could exploit this vulnerability to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.openssl.org/news/secadv/20190226.txt

Description: Drupal has released security updates to address a vulnerability in Drupal Core. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.drupal.org/sa-core-2019-003

Description: Drupal has released security updates addressing vulnerabilities in Drupal 7.x, 8.5.x, and 8.6.x.  Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.drupal.org/sa-core-2019-001 https://www.drupal.org/sa-core-2019-002

Description: Oracle has released its Critical Patch Update for January 2019 to address 284 vulnerabilities across multiple products. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Description: Juniper Networks has released multiple security updates to address vulnerabilities in various Juniper products. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES

Description: Microsoft has released updates to address multiple vulnerabilities in Microsoft software. The January security release consists of security updates for the following software: Adobe Flash Player Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ChakraCore .NET Framework ASP.NET Microsoft Exchange Server Microsoft Visual Studio Impact: A remote attacker could exploit this vulnerability to take control of an…

Read More

Description: Adobe has released security updates to address vulnerabilities in Adobe Connect and Adobe Digital Editions. This update resolves an important session token exposure vulnerability.  Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://helpx.adobe.com/security/products/connect/apsb19-05.html https://helpx.adobe.com/security/products/Digital-Editions/apsb19-04.html

Description: WordPress 5.0 and prior versions are affected by multiple vulnerabilities. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/

Description: Microsoft has released out-of-band security updates to address a vulnerability in Internet Explorer 9, 10, and 11. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653 https://www.kb.cert.org/vuls/id/573168/

Description: Cisco has released security updates to address a vulnerability in Adaptive Security Appliance. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc

Description: VMware has released security updates to address a vulnerability in Workstation and Fusion. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2018-0030.html

Description: The Samba Team has released security updates to address several vulnerabilities in Samba. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s:  CVE-2018-14629 CVE-2018-16841 CVE-2018-16851 CVE-2018-16852 CVE-2018-16853 CVE-2018-16857

Description: Apple has released security updates to address vulnerabilities in multiple products. iCloud for Windows 7.9 Safari 12.0.2 iTunes 12.9.2 for Windows macOS Mojave 10.14.2, Security Update  2018-003 High Sierra, Security Update 2018-006 Sierra tvOS 12.1.1 iOS 12.1.1 Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for…

Read More

Description: Microsoft has released updates to address multiple vulnerabilities in Microsoft software. The November security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ChakraCore .NET Core Skype for Business Azure App Service on Azure Stack Team Foundation Server Microsoft Dynamics 365 (on-premises) version 8 PowerShell Core Microsoft.PowerShell.Archive 1.2.2.0 Impact:…

Read More

Description: Adobe has released security updates to address vulnerabilities in Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://helpx.adobe.com/security/products/flash-player/apsb18-39.html https://helpx.adobe.com/security/products/acrobat/apsb18-40.html https://helpx.adobe.com/security/products/photoshop/apsb18-43.html

Description: VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://www.vmware.com/security/advisories/VMSA-2018-0027.html

Description: Cisco has released a security advisory to address a vulnerability affecting Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos https://www.kb.cert.org/vuls/id/339704

Description: The Apache Software Foundation has released a security update to address a vulnerability affecting Apache Tomcat JK Connectors 1.2.0 to 1.2.44. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://mail-archives.us.apache.org/mod_mbox/www-announce/201810.mbox/%3c16a616e5-5245-f26a-a5a4-2752b2826703@apache.org%3e

Description: Cisco has released security updates to address a vulnerability in Cisco Webex Productivity Tools and the Cisco Webex Meetings Desktop App. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection

Description: Microsoft has released a security update to address a vulnerability in the Yammer desktop application. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8569

Description: libssh has released security updates addressing a vulnerability affecting libssh versions 0.6 and above. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/

Description: Drupal has released security updates addressing multiple vulnerabilities in Drupal 7.x and 8.x. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://www.drupal.org/sa-core-2018-006

Description: Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/publicationListing.x

Description: Oracle has released its Critical Patch Update for October 2018 to address 301 vulnerabilities across multiple products. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution…

Read More

Description: The Apache Software Foundation has released security updates to address a vulnerability in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://mail-archives.us.apache.org/mod_mbox/www-announce/201810.mbox/%3c4cf697b0-db03-9eab-f2aa-54c2026d0e88@apache.org%3e

Description: VMware has released a security update to address a vulnerability in AirWatch Console. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2018-0024.html

Description: Apple has released security updates to address vulnerabilities in iCloud for Windows and iOS. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://support.apple.com/en-us/HT209141 https://support.apple.com/en-us/HT209162

Description: Cisco has released several updates to address vulnerabilities affecting multiple products. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities

Description: Apple has released a security update to address multiple vulnerabilities in macOS Mojave 10.14. The updates below are available for these Mac models: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013, Mid 2010, and Mid 2012 models…

Read More

Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution…

Read More

Description: Microsoft has released updates to address multiple vulnerabilities in Microsoft software. The September security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ChakraCore Adobe Flash Player .NET Framework Microsoft.Data.OData ASP.NET Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are…

Read More

Description: Adobe has released security updates to address vulnerabilities in Adobe Flash Player and ColdFusion. These updates address an important vulnerability in Adobe Flash Player 30.0.0.154 and earlier versions.  Successful exploitation could lead to information disclosure. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://helpx.adobe.com/security/products/flash-player/apsb18-31.html https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html

Description:VMware has released security updates to address vulnerabilities in VMware AirWatch Agent and Content Locker. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2018-0023.html

Description:Cisco has released a security update to address a vulnerability in Cisco Data Center Network Manager. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal

Description: Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.kb.cert.org/vuls/id/906424

Description: The Apache Software Foundation has released a security update to address a vulnerability in Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://cwiki.apache.org/confluence/display/WW/S2-057

Description: Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://helpx.adobe.com/security/products/photoshop/apsb18-28.html

Description: Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.kb.cert.org/vuls/id/332928

Description: Microsoft has released updates to address multiple vulnerabilities in Microsoft software. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ecb26425-583f-e811-a96f-000d3a33c573

Description: Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault (L1TF). This method impacts select microprocessor products supporting Intel® Software Guard Extensions (Intel® SGX). Further investigation by Intel has identified two related applications of L1TF with the potential to impact additional microprocessors, operating systems, system management mode, and virtualization software. If used for malicious purposes, this class of vulnerability has the…

Read More

Description: Oracle has released a security alert to address a vulnerability in multiple versions of Oracle Database. This Security Alert addresses an Oracle Database vulnerability in versions 11.2.0.4 and 12.2.0.1 on Windows. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html

Description: Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability. Relevant Products VMware Horizon 6 VMware Horizon 7 VMware Horizon Client for Windows Impact: An attacker could exploit these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2018-0019.html

Description: The Linux kernel, versions 4.9+, is vulnerable to denial of service conditions with low rates of specially modified packets. Impact: An remote attacker may be able to trigger a denial-of-service condition against a system with an available open port. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.kb.cert.org/vuls/id/962459 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e

Description: Drupal has released a security update addressing a vulnerability in Drupal 8.x. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.drupal.org/SA-CORE-2018-005

Description: The Apache Software Foundation has released security updates to address vulnerabilities in Apache Tomcat versions 9.0.0.M9 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. Impact: An attacker could exploit these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E

Description: Cisco has released updates to address vulnerabilities affecting Cisco products. Impact: An attacker could exploit these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities

Description: Oracle has released its Critical Patch Update for July 2018 to address 334 vulnerabilities across multiple products. Impact: An attacker could exploit these vulnerabilities to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Description: Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Impact: An attacker could exploit these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/

Description: VMware has released security updates to address vulnerabilities in VMware ESXi, Workstation, and Fusion. Impact: An attacker could exploit these vulnerabilities to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2018-0016.html

Description: Cisco has released updates to address vulnerabilities affecting multiple products. Impact:  A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Mitigation: Cisco has released software updates that address this vulnerability. Please see the references or vendor advisory for more information. References: Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability cisco-sa-20180620-nxos-bo Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary…

Read More

Description: Intel has released recommendations to address a vulnerability—dubbed Lazy FP state restore—affecting Intel Core-based microprocessors. System software may utilize the Lazy FP state restore technique to delay the restoring of state until an instruction operating on that state is actually executed by the new process. Systems using Intel® Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore…

Read More

Description: Cisco has released updates to address vulnerabilities affecting multiple products. Impact:  A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Mitigation: Cisco has released software updates that address this vulnerability. Please see the references or vendor advisory for more information. Reference URL’s: Digital Network Architecture Center Static Credentials Vulnerability cisco-sa-20180516-dnac Digital Network Architecture Center Authentication Bypass Vulnerability cisco-sa-20180516-dna2 Digital Network…

Read More

Description: Red Hat has released security updates to address a vulnerability in its Dynamic Host Configuration Protocol (DHCP) client packages for Red Hat Enterprise Linux 6 and 7. Impact: An attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://bugzilla.redhat.com/show_bug.cgi?id=1567974 https://access.redhat.com/security/cve/cve-2018-1111 https://access.redhat.com/security/vulnerabilities/3442151

Description: Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Impact: Successful exploitation of the most severe of these vulnerabilities could…

Read More

Description: Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for code execution. There are reports of a remote code execution vulnerability (CVE-2018-8174) being actively exploited in the wild as part of a cyber-espionage campaign. Impact: Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user….

Read More

Description: A vulnerability has been discovered in Adobe Flash Player, which could allow for arbitrary code execution. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages. Impact: Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the user running the application. Depending on…

Read More

Description: Multiple Dell EMC Products are prone to multiple remote command-injection vulnerabilities. Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. Impact: A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed. Mitigation: Updates are available. Please see the…

Read More

Description: Apple Swift is prone to an arbitrary code-execution vulnerability. Impact: A remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://support.apple.com/en-us/HT208804 https://lists.apple.com/archives/security-announce/2018/May/msg00000.html https://www.securityfocus.com/bid/104085/info https://swift.org/

Description: A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. Impact: Upon visiting a malicious or compromised website with a vulnerable device, an attacker may be able to bypass security features provided by the web browser. Mitigation: Apply an update. Google Chrome and Mozilla Firefox have released updates which disable high precision timers…

Read More

Description: Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details of these vulnerabilities are as follows: * An information disclosure vulnerability in Android runtime. (CVE-2017-13309) * Multiple elevation of privilege vulnerabilities in Framework. (CVE-2017-13310, CVE-2017-13311) * Multiple information disclosure vulnerabilities in Kernel components. (CVE-2017-16643, CVE-2017-5754) *…

Read More

Description: VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to…

Read More

Description: An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses…

Read More

Description: An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. Impact: An attacker can exploit this issue to crash the host, denying service to legitimate users. Xen 4.0 and later are vulnerable. Mitigation: Updates are available. Please see the references or vendor…

Read More

Description: RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote-control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key…

Read More

Description: Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution. Impact: An attacker tricks the user who has root…

Read More

Description: A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image. To exploit the vulnerability, an attacker would place malicious code in a specially crafted container image which, if an authenticated administrator imported (pulled), could cause a container management service utilizing the Host Compute Service Shim library to execute malicious…

Read More

Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution…

Read More

Description: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe Impact: An attacker can exploit this issue to cause denial-of-service conditions. OpenSSL…

Read More

Description: A flaw was found in the way the Linux KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Impact: An attacker can leverage this issue to gain elevated privileges…

Read More

Description: A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user’s privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a…

Read More

Description: A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of certain 802.11 management information element frames that an affected device receives from wireless clients. An attacker could exploit…

Read More

Description: A vulnerability in the assignment and management of default user accounts for Secure Shell (SSH) access to Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running Cisco Mobility Express Software could allow an authenticated, remote attacker to gain elevated privileges on an affected access point. Impact: The vulnerability exists because the Cisco Mobility Express controller of the affected software configures the…

Read More

Description: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core – Highly critical – Remote Code Execution – SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild. Impact: An attacker…

Read More

Description: Apple has released security updates to address vulnerabilities in multiple products. The following is titled under this update : Safari 11.1 macOS High Sierra 10.13.4 iOS 11.3.1 Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://support.apple.com/en-us/HT208741 https://support.apple.com/en-us/HT208742 https://support.apple.com/en-us/HT208743

Description: Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The following products are covered by the updates : Cisco WebEx Clients Remote Code Execution Vulnerability cisco-sa-20180418-wbs(link is external) Cisco UCS Director Virtual Machine Information Disclosure Vulnerability for End User Portal cisco-sa-20180418-uscd(link is external) Cisco StarOS Interface Forwarding Denial…

Read More

Description: CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses). We would like to thank the CKEditor team for patching the vulnerability and coordinating the fix and release process, and matching the Drupal core security…

Read More

Description: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Impact: An attacker could exploit this vulnerability to take control of an…

Read More

Description: VMware has released security updates to address a vulnerability in vRealize Automation. Impact: An attacker could exploit this vulnerability to take control of an affected system. Mitigation: Apply an update. Please see the references or vendor advisory for more information. Reference URL’s: https://www.vmware.com/security/advisories/VMSA-2018-0009.html

Description: Adobe has released security updates to address vulnerabilities in Adobe PhoneGap Push Plugin, Adobe Digital Editions, Adobe InDesign, Adobe Experience Manager, and Adobe Flash Player. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Apply an update. Please see the references or vendor advisory for more information. Reference URL’s: https://helpx.adobe.com/security/products/phonegap/apsb18-15.html https://helpx.adobe.com/security/products/Digital-Editions/apsb18-13.html https://helpx.adobe.com/security/products/indesign/apsb18-11.html https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html https://helpx.adobe.com/security/products/flash-player/apsb18-08.html

Description: Microsoft has released updates to address vulnerabilities in Microsoft software. The April security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ChakraCore Adobe Flash Player Microsoft Malware Protection Engine Microsoft Visual Studio Microsoft Azure IoT SDK Impact: A remote attacker could exploit this vulnerability to take control of…

Read More

Description: Microsoft has released security updates to address a vulnerability in Windows 7 x64 and Windows Server 2008 R2 x64 systems. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Apply an update. This issue is addressed in the Microsoft update for CVE-2018-1038. Please see the references or vendor advisory for more information. Reference URL’s: https://www.kb.cert.org/vuls/id/277400

Description: The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Upgrade to Struts 2.5.16. Please see the references or vendor advisory for more information. Reference URL’s: https://cwiki.apache.org/confluence/display/WW/S2-056

Description: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: If you are running 7.x, upgrade to Drupal 7.58. If you are running…

Read More

Description: Cisco has released updates to address vulnerabilities affecting multiple products. Review the following Cisco Security Advisories and apply the necessary updates: Cisco IOS XE Software Static Credential Vulnerability Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability Impact: A remote attacker could exploit some of these vulnerabilities to…

Read More