Highlights and Updates

Samba Releases Security Updates

Wednesday, 22nd January 2020

The Samba Team has releasedsecurity updates to address vulnerabilities in multiple versions of Samba. Anattacker could exploit one of these vulnerabilities to take control of anaffected system.

We encourage users andadministrators to review the Samba Security Announcements for CVE-2019-14902,CVE-2019-14907, and CVE-2019-19344 and apply the necessary updates and workarounds.

Oracle Releases January 2020 Security Bulletin

Wednesday, 15th January 2020

Oracle has released itsCritical Patch Update for January 2020 containing 334 new security patches toaddress vulnerabilities across multiple products. A remote attacker couldexploit some of these vulnerabilities to take control of an affected system.

We encourage users andadministrators to review the Oracle January 2020 Critical Patch Update andapply the necessary updates.

VMware Releases Security Update

Tuesday, 14th January 2020

VMware has released asecurity update to address a vulnerability in VMware Tools. An attacker couldexploit this vulnerability to take control of an affected system.

We encourage users andadministrators to review VMware Security Advisory VMSA-2020-0002 and apply thenecessary update.

Adobe Releases Security Updates

Tuesday, 14th January 2020

Adobe has released security updates to addressvulnerabilities in Illustrator CC and Experience Manager. An attacker couldexploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review AdobeSecurity Bulletins APSB20-03 and APSB20-01 and apply the necessary updates.

Juniper Networks Releases Security Updates

Thursday, 9th January 2020

Juniper Networks has released security updates to addressmultiple vulnerabilities in various Juniper products. A remote attacker couldexploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the Juniper Security Advisorieswebpage and apply the necessary updates.

Cisco Releases Security Updates for Multiple Products

Wednesday, 8th January 2020

Cisco has released security updates to addressvulnerabilities in Cisco Webex Video Mesh, Cisco IOS, and Cisco IOS XESoftware. A remote attacker could exploit these vulnerabilities to take controlof an affected system. For updates addressing lower severity vulnerabilities, seethe Cisco Security Advisories webpage.

We encourage users and administrators to review the CiscoWebex Video Mesh Advisory and the Cisco IOS and IOS XE Software Advisory andapply the necessary updates.

Mozilla Patches Critical Vulnerability

Wednesday, 8th January 2020

Mozilla has released security updates to address avulnerability in Firefox and Firefox ESR. An attacker could exploit thisvulnerability to take control of an affected system. This vulnerability was detectedin exploits in the wild.

We encourage users and administrators to review the Mozilla Security Advisory forFirefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.

Drupal Releases Security Updates

Monday, 23rd December 2019

Drupal hasreleased security updates to address vulnerabilities in Drupal 7.x, 8.7.x, and8.8.x. An attacker could exploit some of these vulnerabilities to modify dataon an affected website.

Spear phishing campaigns—they’re sharper than you think

Tuesday, 3rd December 2019

Even yourmost security-savvy users may have difficulty identifying honed spear phishingcampaigns. Unlike traditional phishing campaigns that are blasted to a largeemail list in hopes that just one person will bite, advanced spear phishingcampaigns are highly targeted and personal. They are so targeted, in fact, thatwe sometimes refer to them as “laser” phishing. And because these attacks areso focused, even tech-savvy executives and other senior managers have beenduped into handing over money and sensitive files by a well-targeted email.That’s how good they are. Read More


New Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

Tuesday, 3rd December 2019

Cybersecurityresearchers have discovered a new unpatched vulnerability in the Androidoperating system that dozens of malicious mobile apps are already exploiting inthe wild to steal users' banking and other login credentials and spy on theiractivities.

Dubbed Strandhogg, thevulnerability resides in the multitasking feature of Android that can beexploited by a malicious app installed on a device to masquerade as any otherapp on it, including any privileged system app.

In other words, when a user taps the icon of alegitimate app, the malware exploiting the Strandhogg vulnerability canintercept and hijack this task to display a fake interface to the user insteadof launching the legitimate application. 
Read More