Highlights and Updates

Mozilla Releases Security Updates

Tuesday, 13th June 2017
Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Cisco Releases Security Updates

Wednesday, 7th June 2017

Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system.

VMware Releases Security Updates

Wednesday, 7th June 2017

VMware has released security updates to address vulnerabilities in vSphere Data Protection. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.

We encourage users and administrators to review VMware Security Advisory VMSA-2017-0010(link is external) and apply the necessary updates.

Google Releases Security Updates for Chrome

Tuesday, 6th June 2017

Google has released Chrome version 59.0.3071.86 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases(link is external) page and apply the necessary updates.

SEI Issues Advice on Ransomware

Thursday, 1st June 2017

The Software Engineering Institute (SEI) of Carnegie Mellon University has released a blog post on best practices for preventing and responding to ransomware. This common malware captures, encrypts, and holds your data to extort a ransom. SEI˘®¯s top recommendation to thwart ransomware attacks is to back up your important files regularly.

We encourage users and administrators to review SEI's blog post

FBI Releases Article on Protecting Business Email Systems

Wednesday, 31st May 2017
The Federal Bureau of Investigation (FBI) has released an article on Building a Digital Defense with an Email Fortress. FBI warns that scammers commonly target business email accounts with phishing and social engineering schemes. Strategies for preventing email compromises include avoiding the use of free web-based email accounts; using multi-factor authentication; and updating firewalls, antivirus programs, and spam filters.

Microsoft Fixes Windows Defender Flaw

Monday, 29th May 2017
Microsoft has released a silent fix for a critical vulnerability in Malware Protection Engine. An attacker could create a malicious executable that when processed by the Malware Protection Engine's emulator would allow remote code execution. Microsoft learned of the flaw on May 12 and fixed it on Wednesday, May 24. The issue was patched automatically if users have configured their systems for automatic updates.

LNK files again being used to deliver malicious PowerShell script

Thursday, 25th May 2017
Cybercriminals have brought back an older attack vector using LNK files to execute PowerShell scripts to download malware.

Samba Releases Security Updates

Wednesday, 24th May 2017
The Samba Team has released security updates that address a vulnerability in all versions of Samba from 3.5.0 onward. A remote attacker could exploit this vulnerability to take control of an affected system.

Yahoo Retires Buggy ImageMagick Library

Tuesday, 23rd May 2017
Yahoo has retired the ImageMagick library image processing toolkit after the disclosure of a vulnerability that could expose image data from user inboxes