Security Advisories

A faulty software update issued by CrowdStrike has resulted in a massive outage that’s affected Windows computers around the world, disrupting businesses, airports, train stations, banks, broadcasters, and the healthcare sector.  While the issue is affecting Windows systems, the cause is a faulty CrowdStrike update.   CrowdStrike clarified that the outage was not caused by a cyberattack but was the result of a “defect” in a software update for its… Read More

CRITICAL: Server-side request forgery (SSRF) impacting Ivanti Connect Secure and Policy Secure Products New Software Updates and Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways Apple Releases Security Updates for Multiple Products _________________________________________________ Server-side request forgery (SSRF) impacting Ivanti Connect Secure and Policy Secure Products Situation: Ivanti has released multiple Zero Day vulnerabilities in its VPN products: Connect Secure (versions 9.x and 22.x) and Policy Secure (versions… Read More

Cisco Releases Security Advisories for Multiple Products Atlassian Releases Security Advisory for Confluence Data Center and Server VMware Releases Advisory for VMware Tools Vulnerabilities Apple Releases Security Updates for iOS and iPadOS VMware Releases Security Advisory for vCenter Server Mozilla Releases Security Advisories for Multiple Products Cisco Releases Security Advisories for Multiple Products Situation: Cisco released security advisories for vulnerabilities affecting multiple Cisco products. Problem: Out of date systems pose… Read More

• Cisco Releases Security Advisory for IOS XE Software Web UI • Fortinet Releases Security Updates for Multiple Products • Palo Alto Networks Security Advisory – October 2023 • Citrix Releases Security Updates for Multiple Products • Apple Releases Security Updates for iOS and iPadOS • Atlassian Releases Security Advisory for Confluence Data Center and Server • Cisco Releases Security Advisories for Multiple Products • CISA, NSA, FBI, and International… Read More

• Mozilla Releases Security Updates for Multiple Products • Apple Releases Security Updates for Multiple Products • Cisco Releases Security Advisories for Multiple Products • NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actors • Snatch Ransomware Security Advisory Mozilla Releases Security Updates for Multiple Products Situation: Mozilla has released security updates to address a vulnerability affecting Firefox, Firefox ESR, Firefox Focus for Android, and Firefox for… Read More

• Mozilla Releases Security Updates for Multiple Products • Palo Alto Networks Security Advisories – September 2023 • Microsoft Releases September 2023 Updates • Apple Releases Security Updates for iOS and macOS • NSA, FBI, and CISA Release Cybersecurity Information Sheet on Deepfake Threats • Cisco warns of VPN Zero-Day Exploited by Ransomware Gangs Mozilla Releases Security Updates for Multiple Products Situation: Mozilla has released security updates to address a… Read More

• Ivanti Releases Security Updates for EPMM to address CVE-2023-35081 • Macs under attacks from password-stealing malware — how to stay safe • Apple Releases Security Updates for Multiple Products • CISA Releases Malware Analysis Reports on Barracuda Backdoors _______________________________________________ Ivanti Releases Security Updates for EPMM to address CVE-2023-35081 Situation: Ivanti has identified and released patches for a directory traversal vulnerability (CVE-2023-35081, CWE-22) in Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron… Read More

• Atlassian Releases Security Updates for Several Products • Oracle Releases Security Updates for Several Products • CISA Releases Cybersecurity Advisory on Threat Actors Exploiting Citrix CVE-2023-3519 • Adobe Releases Security Updates for ColdFusion Atlassian Releases Security Updates for Several Products Situation: Atlassian has released its Security Bulletin for July 2023. Problem: There are vulnerabilities in Confluence Data Center & Server (CVE-2023-22505 and CVE-2023-22508) and Bamboo Data Center (CVE-2023-22506). Implication:… Read More

Fortinet Releases Security Updates for FortiOS and FortiProxy Mozilla Releases Security Updates for Multiple Products CISA Adds One Known Exploited Vulnerability to Catalog CISA and FBI Release #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability CISA and Partners Release Joint Guide to Securing Remote Access Software Fortinet Releases Security Updates for FortiOS and FortiProxy Situation: Fortinet has released security updates to address a heap-based buffer overflow vulnerability CVE-2023-27997 in FortiOS and… Read More

• CISA Warns of Hurricane/Typhoon-Related Scams • CISA and Partners Release Cybersecurity Advisory Guidance detailing PRC state-sponsored actors evading detection by “Living off the Land” _________________________________________________ CISA Warns of Hurricane/Typhoon-Related Scams Situation: CISA urges users to remain on alert for malicious cyber activity following a natural disaster such as a hurricane or typhoon. Problem: Attackers target potential disaster victims by leveraging social engineering tactics, techniques, and procedures (TTPs). Implication: Disaster… Read More