Microsoft Security Advisory
- 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsoft Excel that allows users to set the functionality of the DDE protocol based on their environment. For more information and to download the…- 9 Jan 18, 6:00pm -
- 4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information regarding security settings for the AD DS (Active Directory Domain Services) account used by Azure AD Connect fo…- 12 Dec 17, 6:00pm -
Microsoft Security Response Center
- BlueHat Seattle 2019 Call for Papers is Now Open!2019 has seen a phenomenal BlueHatIL in February followed by a wildly successful BlueHat Shanghai in May… now it’s time to come back home for BlueHat Seattle! 2 days of hands-on technical training (October 22-23, 2019) 2 days of conference ta…- 3 Sep 19, 11:01pm -
- Acquiring a VHD to InvestigateIn a previous post we described some of the differences between on-premises/physical forensics and cyber investigations and those performed in the cloud, and how this can make cloud forensics challenging. That blog post described a method of creating…- 3 Sep 19, 7:30pm -
Zero Day Initiative Upcoming Advisories
- ZDI-CAN-5863: Wecon- 9 Mar 18, 12:00pm -
A CVSS score 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Mat Powell - Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2018-03-09, 0 days ago. The vendor is given until 2018-07-07 to publish a fix or… - ZDI-CAN-5875: Wecon- 9 Mar 18, 12:00pm -
A CVSS score 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'nsfocus security team.' was reported to the affected vendor on: 2018-03-09, 0 days ago. The vendor is given until 2018-07-07 to publish a fix or workaround. Once the…
US-CERT Alerts
- AA20-031A: Detecting Citrix CVE-2019-19781Original release date: January 31, 2020 | Last revised: February 10, 2020SummaryUnknown cyber network exploitation (CNE) actors have successfully compromised numerous organizations that employed vulnerable Citrix devices through a critical vulnerabil…- 16 days ago 31 Jan 20, 6:07pm -
- AA20-020A: Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOPOriginal release date: January 20, 2020 | Last revised: January 27, 2020SummaryNote: As of January 24, 2020, Citrix has released all expected updates in response to CVE-2019-19781.[1] On January 19, 2020, Citrix released firmware updates for Citr…- 28 days ago 20 Jan 20, 2:54pm -
US-CERT Bulletin
- Vulnerability Summary for the Week of February 3, 2020Original release date: February 10, 2020 | Last revised: February 12, 2020The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS…- 7 days ago 10 Feb 20, 12:28pm -
- Vulnerability Summary for the Week of January 27, 2020Original release date: February 3, 2020 | Last revised: February 4, 2020The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS s…- 14 days ago 3 Feb 20, 4:36pm -
US-CERT Activity
- Be Cautious of Romance ScamsOriginal release date: February 14, 2020This Valentine’s Day, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to be wary of internet romance scams. Cyber criminals partaking in this type of fraud target victims, gain their…- 3 days ago 14 Feb 20, 3:39pm -
- North Korean Malicious Cyber ActivityOriginal release date: February 14, 2020The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified the following malware variants used by the North Korea…- 3 days ago 14 Feb 20, 12:40pm -
Joomla Security Advisory
- [20200103] - Core - XSS in com_actionlogs- 20 days ago 28 Jan 20, 1:00pm -
Project: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions: 3.9.0-3.9.14Exploit type: XSSReported Date: 2019-December-25Fixed Date: 2020-January-28CVE Number: CVE-2020-8421DescriptionInadequate escaping of usernames allow XSS attacks… - [20200102] - Core - CSRF com_templates LESS compiler- 20 days ago 28 Jan 20, 1:00pm -
Project: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions: 3.0.0-3.9.14Exploit type: CSRFReported Date: 2019-December-18Fixed Date: 2020-January-28CVE Number: CVE-2020-8420DescriptionA missing CSRF token check in the LESS compiler of…
Wordpress Advisory
- People of WordPress: Kori Ashton- 2 days ago 14 Feb 20, 9:12pm -
You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares som…
- WordCamp Asia Cancelled Due to COVID-19I’ve arrived at the difficult decision to cancel the inaugural WordCamp Asia event, which was planned to take place in Bangkok on February 21st. The excitement and anticipation around this event have been huge, but there are too many unknowns aroun…- 5 days ago 12 Feb 20, 4:23am -
Adobe Security Advisory
- Security Bulletins PostedAdobe has published security bulletins for Adobe Framemaker (APSB20-04), Adobe Acrobat and Reader (APSB20-05), Adobe Flash Player (APSB20-06), Adobe Digital Edition (APSB20-07) and Adobe Experience Manager (APSB20-08). Adobe recommends users update…- 6 days ago 11 Feb 20, 7:30am -
- Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-05)A prenotification security advisory (APSB20-05) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, February 11, 2020. We will continue to provide updates on the upcoming release via the Security Bulletins and A…- 11 days ago 6 Feb 20, 6:13am -
Oracle Security Advisory
- Oracle Critical Patch Update Advisory - January 2020- 33 days ago 14 Jan 20, 7:30pm -
- Oracle Critical Patch Update Advisory - October 2019- 15 Oct 19, 7:30pm -
Linux Security Advisory
- Fedora 31: ksh FEDORA-2020-d940aca772>- 1 day ago 15 Feb 20, 8:30pm -
Do not evaluate arithmetic expressions from environment variables at startup
- Fedora 30: ksh FEDORA-2020-a0f0eb8500>- 1 day ago 15 Feb 20, 8:09pm -
Do not evaluate arithmetic expressions from environment variables at startup
ICS-CERT Advisory
Cisco Security Advisory
Cisco Security Response
Cisco IPS Threat Defense Bulletins
IBM Security Advisory by IBM PSIRT
- IBM Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® (CVE-2016-5995).A vulnerability in IBM DB2 for Linux, Unix and Windows could allow a local user to gain elevated privilege. CVE(s): CVE-2016-5995 Affected product(s) and affected version(s): The following IBM DB2 and DB2 Connect editions running on AIX, Linux and HP…- 16 Sep 16, 2:01pm -
- IBM Security Bulletin: Potential Information Disclosure vulnerability in WebSphere Application Server (CVE-2016-5986)There is a potential information disclosure in WebSphere Application Server. CVE(s): CVE-2016-5986 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server and Web…- 16 Sep 16, 2:01pm -
AWS Security Advisory by Amazon
- Kubernetes Security Issue (CVE-2019-11249)Last Updated: August 15, 2019 9:00AM PDT CVE Identifier: CVE-2019-11249 AWS is aware of a security issue (CVE-2019-11249) which resolves incomplete fixes for CVE-2019-1002101 and CVE-2019-11246. Like the aforementioned CVEs, the issue is in the Kub…- 15 Aug 19, 5:33pm -
- Kubernetes Security Issue (CVE-2019-11246)July 02, 2019 2:00 PM PDT CVE Identifier: CVE-2019-11246 AWS is aware of a security issue (CVE-2019-11246) in the Kubernetes kubectl tool that could allow a malicious container to replace or create files on a user's workstation. If a user were to…- 6 Aug 19, 3:02pm -
Google Chrome Security Advisory
- Dev Channel Update for Desktop- 2 days ago 14 Feb 20, 7:53pm -
The Dev channel has been updated to 82.0.4056.3 for Windows and Mac. Linux platform will be updated next week.A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please l… - Stable Channel Update for Desktop- 3 days ago 13 Feb 20, 10:25pm -
The stable channel has been updated to 80.0.3987.106 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a ne…
Symantec Product Security Advisories
VMware Security Advisory
- Security updates AMD Radeon Display Driver – CVE-2019-5124, CVE-2019-5146, CVE-2019-5147, & CVE-2019-5183Greetings from VMware Security Response Center! We wanted to make you aware of multiple AMD security issues tracked by CVE-2019-5124, CVE-2019-5146, CVE-2019-5147, & CVE-2019-5183. These issues exist in AMD Radeon Display Drivers and have been shown…- 26 days ago 22 Jan 20, 6:14am -
- What’s new in AppDefense Plug-in 2.3 in vCenter- 88 days ago 20 Nov 19, 9:06pm -
New Updates in AppDefense 2.3 The release of VMware AppDefense 2.3 brings lot of new exciting features in the product. This release delivers a major update to AppDefense plug-in in vCenter. Notably, this release includes OS Integrity features, Behav…
Bluecoat Security Advisory
- SA148: Linux Kernel Vulnerabilities Feb-Apr 2017This Security Advisory addresses multiple vulnerabilities in the Linux kernel. Symantec Network Protection products, which include vulnerable versions of the Linux kernel and use the affected functionality, are vulnerable.- 1 May 17, 4:39pm -
- SA147: March 2017 NTP Security VulnerabilitiesThis Security Advisory addresses multiple vulnerabilities in the ntp.org NTP reference implementation announced in March 2017. Blue Coat products that include a vulnerable version of the NTP reference implementation and make use of the affected fun…- 10 Apr 17, 7:26pm -
Zero Day Initiative Pusblished Advisories
Apple Security Announcement
More Security Advisories
-
Cloud Security Alliance Media Coverage
Click for More Info on Mozilla Security Advisory
-
Cloud Security Alliance Media Coverage
Click for More Info on Mozilla Known Vulnerabilities