Security Advisories

Please see Security Advisories for the week ending December 31, 2021 LastPass users are skeptical after company insists it wasn’t hacked _______________________________ LastPass users are skeptical after company insists it wasn’t hacked Situation Online forums are abuzz with reports that LastPass sent emails to users describing unauthorized login attempts with their master passwords, after one user posted about the issue on Hacker News. Problem This is considered particularly concerning because the password was… Read More

Please see Security Advisories for the week ending December 17, 2021 CISA Issues ED 22-02 Directing Federal Agencies to Mitigate Apache Log4j Vulnerabilities VMware Releases Security Advisory NSA and CISA Release Guidance on Securing 5G Cloud Infrastructures Google Releases Security Updates for Chrome Adobe Releases Security Updates for Multiple Products CISA Adds Two Known Exploited Vulnerabilities to Catalog Immediate Steps to Strengthen Critical Infrastructure against Potential Cyberattacks Security Advisory: SAP Releases… Read More

Critical Advisory: Conti Ransomware Group Seen Using Log4Shell to Hack vCenter Servers Situation The Conti ransomware group has been seen using the critical Log4Shell exploit to gain access to internal VMware vCenter Server and then encrypt virtual machines. Problem Conti has been seen exploiting and taking advantage of the not yet patched versions of vCenter impacted by the Log4Shell vulnerability. While VMware has provided mitigation techniques and workarounds a patch… Read More

Critical RCE Zero-Day Exploit Found in Popular Java Logging Library log4j Situation A critical RCE (aRbitrary Code Execution) has been found in log4j, a popular logging tool. This vulnerability is severe and affects every server running Java. Problem This vulnerability affects any Java application using log4j. An attacker can send a string to the server and the server will execute code hosted at the address. Implication  This attack is extremely… Read More

Please see Security Advisories for the week ending December 11, 2021 Critical RCE Zero-Day Exploit Found in Popular Java Logging Library log4j Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability CISA Releases Security Advisory for Hillrom Welch Allyn Cardiology Products Cisco Releases Security Advisory for Multiple Products Affected by Apache HTTP Server SonicWall Releases Security Patches for SMA 100 Series Appliances Mozilla Releases Security Updates for Firefox, Firefox ESR,… Read More

Please see Security Advisories for the week ending December 3, 2021 Mozilla Releases Security Updates for Network Security Services CISA and FBI Release Alert on Active Exploitation of CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus VMware Has Released Security Update For vCenter Server _______________________________ Mozilla Releases Security Updates for Network Security Services Situation Mozilla has released security updates to address a vulnerability in Network Security Services (NSS). Problem NSS (Network Security Services)… Read More

Please see Security Advisories for the week ending November 26, 2021 VMware Releases Security Updates for vCenter and Cloud Formation ISA Releases Capacity Enhancement Guides to Enhance Mobile Device Cybersecurity for Consumers and Organizations APT Exploitation of ManageEngine ADSelfService Plus Vulnerability _______________________________ VMware Releases Security Updates Situation VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. Problem The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file… Read More

CRITICAL Advisory: VMware Recalls ESXi 7 Update 3 From It’s Product Downloads Site Situation VMware has removed its latest ESXi release for version 7, Update 3 from its download service, due to driver interoperability problems that could cause failures during upgrades. Problem VMware’s investigation found some partner driver interoperability problems which prevented certain upgrade paths from completing in some customer environments. Specifically, driver VIB changes caused naming collisions in ESXi. This… Read More

Please see Security Advisories for the week ending November 19, 2021 CISA Has Updated the Catalog of Known Exploited Vulnerabilities NCSC Releases 2021 Annual Review Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities VMware Releases Security Update for Tanzu Application Service for VMs Apple Releases Security Update for iCloud for Windows 13 CISA Releases Advisory on Vulnerabilities in Multiple Data Distribution Service Implementations VMware Releases Security Advisory For… Read More