Security Advisories

Please see Security Advisories for the week ending January 21, 2022 Mitigating Log4Shell and Other Log4j-Related Vulnerabilities Cisco Releases Security Updates for Multiple Products F5 Releases January 2022 Quarterly Security Notification Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats Microsoft Warns of Destructive Malware Targeting Ukrainian Organizations Oracle Releases January 2022 Critical Patch Update _______________________________… Read More

Citrix Releases Security Updates for Hypervisor Apple Releases Security Updates for iOS and iPadOS CNMF Identifies and Discloses Malware used by Iranian APT MuddyWater Cisco Releases Security Updates for Multiple Products New Palo Alto Networks Security Advisories Microsoft Releases January 2022 Security Updates Adobe Releases Security Updates for Multiple Products Citrix Releases Security Update for Workspace App for Linux Samba Releases Security Update CISA, FBI, and NSA Release Cybersecurity Advisory… Read More

Please see Security Advisories for the week ending January 7, 2022 Google Releases Security Updates for Chrome VMware Releases Security Updates for multiple products Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird CISA Adds 15 Known Exploited Vulnerabilities to Catalog WordPress Releases Security Update _______________________________ Google Releases Security Updates for Chrome Situation Google has released Chrome version 97.0.4692.71 for Windows, Mac, and Linux Problem This update addresses a number of… Read More

Please see Security Advisories for the week ending December 31, 2021 LastPass users are skeptical after company insists it wasn’t hacked _______________________________ LastPass users are skeptical after company insists it wasn’t hacked Situation Online forums are abuzz with reports that LastPass sent emails to users describing unauthorized login attempts with their master passwords, after one user posted about the issue on Hacker News. Problem This is considered particularly concerning because the password was… Read More

Please see Security Advisories for the week ending December 17, 2021 CISA Issues ED 22-02 Directing Federal Agencies to Mitigate Apache Log4j Vulnerabilities VMware Releases Security Advisory NSA and CISA Release Guidance on Securing 5G Cloud Infrastructures Google Releases Security Updates for Chrome Adobe Releases Security Updates for Multiple Products CISA Adds Two Known Exploited Vulnerabilities to Catalog Immediate Steps to Strengthen Critical Infrastructure against Potential Cyberattacks Security Advisory: SAP Releases… Read More

Critical Advisory: Conti Ransomware Group Seen Using Log4Shell to Hack vCenter Servers Situation The Conti ransomware group has been seen using the critical Log4Shell exploit to gain access to internal VMware vCenter Server and then encrypt virtual machines. Problem Conti has been seen exploiting and taking advantage of the not yet patched versions of vCenter impacted by the Log4Shell vulnerability. While VMware has provided mitigation techniques and workarounds a patch… Read More

Critical RCE Zero-Day Exploit Found in Popular Java Logging Library log4j Situation A critical RCE (aRbitrary Code Execution) has been found in log4j, a popular logging tool. This vulnerability is severe and affects every server running Java. Problem This vulnerability affects any Java application using log4j. An attacker can send a string to the server and the server will execute code hosted at the address. Implication  This attack is extremely… Read More

Please see Security Advisories for the week ending December 11, 2021 Critical RCE Zero-Day Exploit Found in Popular Java Logging Library log4j Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability CISA Releases Security Advisory for Hillrom Welch Allyn Cardiology Products Cisco Releases Security Advisory for Multiple Products Affected by Apache HTTP Server SonicWall Releases Security Patches for SMA 100 Series Appliances Mozilla Releases Security Updates for Firefox, Firefox ESR,… Read More

Please see Security Advisories for the week ending December 3, 2021 Mozilla Releases Security Updates for Network Security Services CISA and FBI Release Alert on Active Exploitation of CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus VMware Has Released Security Update For vCenter Server _______________________________ Mozilla Releases Security Updates for Network Security Services Situation Mozilla has released security updates to address a vulnerability in Network Security Services (NSS). Problem NSS (Network Security Services)… Read More