Microsoft Security Advisory
- 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsoft Excel that allows users to set the functionality of the DDE protocol based on their environment. For more information and to download the…- 9 Jan 18, 6:00pm -
- 4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information regarding security settings for the AD DS (Active Directory Domain Services) account used by Azure AD Connect fo…- 12 Dec 17, 6:00pm -
Microsoft Security Response Center
- BlueHat Seattle 2019 Call for Papers is Now Open!2019 has seen a phenomenal BlueHatIL in February followed by a wildly successful BlueHat Shanghai in May… now it’s time to come back home for BlueHat Seattle! 2 days of hands-on technical training (October 22-23, 2019) 2 days of conference ta…- 3 Sep 19, 11:01pm -
- Acquiring a VHD to InvestigateIn a previous post we described some of the differences between on-premises/physical forensics and cyber investigations and those performed in the cloud, and how this can make cloud forensics challenging. That blog post described a method of creating…- 3 Sep 19, 7:30pm -
Zero Day Initiative Upcoming Advisories
- ZDI-CAN-5875: Wecon- 9 Mar 18, 12:00pm -
A CVSS score 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'nsfocus security team.' was reported to the affected vendor on: 2018-03-09, 0 days ago. The vendor is given until 2018-07-07 to publish a fix or workaround. Once the… - ZDI-CAN-5863: Wecon- 9 Mar 18, 12:00pm -
A CVSS score 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Mat Powell - Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2018-03-09, 0 days ago. The vendor is given until 2018-07-07 to publish a fix or…
US-CERT Alerts
- newAA21-265A: Conti RansomwareOriginal release date: September 22, 2021SummaryImmediate Actions You Can Take Now to Protect Against Conti Ransomware• Use multi-factor authentication.• Segment and segregate networks and functions.• Update your operating system and softwar…- 15 hours ago 22 Sep 21, 5:00pm -
- AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService PlusOriginal release date: September 16, 2021SummaryThis Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactic…- 7 days ago 16 Sep 21, 5:00pm -
US-CERT Bulletin
- Vulnerability Summary for the Week of September 13, 2021Original release date: September 20, 2021 High VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infozohocorp -- manageengine_adselfservice_plusZoho ManageEngine A…- 3 days ago 20 Sep 21, 10:58am -
- Vulnerability Summary for the Week of September 6, 2021Original release date: September 13, 2021 High VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadaptivescale -- lxduiA Hardcoded JWT Secret Key in metadata.p…- 10 days ago 13 Sep 21, 10:54am -
US-CERT Activity
- newCISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware Original release date: September 22, 2021CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks. Maliciou…- 15 hours ago 22 Sep 21, 5:00pm -
- newGoogle Releases Security Updates for ChromeOriginal release date: September 22, 2021Google has released Chrome version 94.0.4606.54 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.CISA encourages user…- 16 hours ago 22 Sep 21, 3:36pm -
Joomla Security Advisory
- [20210402] - Core - Inadequate filters on module layout settings- 13 Apr 21, 3:00pm -
Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0 - 3.9.25Exploit type: LFIReported Date: 2021-01-03Fixed Date: 2021-04-13CVE Number: CVE-2021-26031DescriptionInadequate filters on module layout settings could lead… - [20210401] - Core - Escape xss in logo parameter error pages- 13 Apr 21, 3:00pm -
Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0 - 3.9.25Exploit type: XSSReported Date: 2021-03-09Fixed Date: 2021-04-13CVE Number: CVE-2021-26030DescriptionInadequate escaping allowed XSS attacks using the logo p…
Wordpress Advisory
- WP Briefing: Episode 16: A Sneak Peek at WordPress 5.9In addition to this episode’s small list of big things, Josepha Haden Chomphosy reviews the upcoming 5.9 WordPress release and its Full Site Editing features. Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, e…- 3 days ago 20 Sep 21, 12:00pm -
- Join us for WordPress Translation Day Global Events in September 2021- 6 days ago 16 Sep 21, 9:51pm -
WordPress contributors around the world are celebrating the sixth Global WordPress Translation Day throughout September 2021!
Adobe Security Advisory
- Security Bulletins PostedAdobe has published security bulletins for Magento (APSB21-08), Adobe Acrobat and Reader (APSB21-09), Adobe Photoshop (APSB21-10), Adobe Animate (APSB21-11), Adobe Illustrator (APSB21-12) and Adobe Dreamweaver (APSB21-13). Adobe recommends users up…- 9 Feb 21, 9:57am -
- Upcoming Security Updates for Adobe Acrobat and Reader (APSB21-09)A prenotification security advisory (APSB21-09) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for the week of February 09, 2021. We will continue to provide updates on the upcoming release via the Security Bulletins an…- 4 Feb 21, 7:16am -
Oracle Security Advisory
- Oracle Critical Patch Update Advisory - July 2021- 65 days ago 20 Jul 21, 7:30pm -
- Oracle Critical Patch Update Advisory - April 2021- 20 Apr 21, 7:30pm -
Linux Security Advisory
- newDebian LTS: DLA-2764-1: tomcat8 security update>- 11 hours ago 22 Sep 21, 9:10pm -
Apache Tomcat did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.
- newopenSUSE: 2021:1303-1 important: chromium>- 12 hours ago 22 Sep 21, 8:16pm -
An update that fixes 28 vulnerabilities is now available.
ICS-CERT Advisory
Cisco Security Advisory
Cisco Security Response
Cisco IPS Threat Defense Bulletins
IBM Security Advisory by IBM PSIRT
- IBM Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® (CVE-2016-5995).A vulnerability in IBM DB2 for Linux, Unix and Windows could allow a local user to gain elevated privilege. CVE(s): CVE-2016-5995 Affected product(s) and affected version(s): The following IBM DB2 and DB2 Connect editions running on AIX, Linux and HP…- 16 Sep 16, 2:01pm -
- IBM Security Bulletin: Potential Information Disclosure vulnerability in WebSphere Application Server (CVE-2016-5986)There is a potential information disclosure in WebSphere Application Server. CVE(s): CVE-2016-5986 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server and Web…- 16 Sep 16, 2:01pm -
AWS Security Advisory by Amazon
- runC Security Issue (CVE-2021-30465)[V2] Last Updated: 2021/06/16 1:20 PM PDTThis is an update for this issue. Binaries of AWS IoT Greengrass Core V1 (1.10.4 and 1.11.3) with patched runC are now available for download (https://docs.aws.amazon.com/greengrass/v1/developerguide/what-is-…- 99 days ago 16 Jun 21, 7:34pm -
- Xen Security Advisories (XSA-372, 373, 374, 375, and 377)Initial Publication Date: 2021/06/08 3:30 PM PDT The Xen Security Team has released Xen Security Advisories 372, 373, 374, 375, and 377 regarding the Xen hypervisor. AWS customers’ data and instances are not affected by this issue, and no customer…- 8 Jun 21, 10:35pm -
Google Chrome Security Advisory
- Chrome for Android Update- 1 day ago 21 Sep 21, 7:57pm -
Hi, everyone! We've just released Chrome 94 (94.0.4606.50) for Android: it'll become available on Google Play over the next few days.This release includes stability and performance improvements. You can see a full list of the changes in the Git lo… - Stable Channel Update for Desktop- 2 days ago 21 Sep 21, 5:54pm -
The Chrome team is delighted to announce the promotion of Chrome 94 to the stable channel for Windows, Mac and Linux.Chrome 94 is also promoted to our new extended stable channel for Windows and Mac. This will roll out over the coming days/weeks.Chr…
Symantec Product Security Advisories
VMware Security Advisory
- Intrinsic Security: Best Practices for Using Automation to Simplify and Improve Threat Protection- 1 Dec 20, 12:36am -
Cybercrime is up 600% during the COVID-19 pandemic as companies continue relying on employees working remotely. As the threat landscape evolves, security teams must remain agile in preventing and responding to an increasing volume of attacks. To s…
- VMware and Tianfu Cup 2020Update November 08, 2020 Tianfu Cup International PWN Contest 2020 has been wrapped up with no attempts on our products on Day 2. We would like to thank Tianfu Cup organizers for making remote participation possible and continuing the contest. Upd…- 6 Nov 20, 4:19pm -
Bluecoat Security Advisory
- SA148: Linux Kernel Vulnerabilities Feb-Apr 2017This Security Advisory addresses multiple vulnerabilities in the Linux kernel. Symantec Network Protection products, which include vulnerable versions of the Linux kernel and use the affected functionality, are vulnerable.- 1 May 17, 4:39pm -
- SA147: March 2017 NTP Security VulnerabilitiesThis Security Advisory addresses multiple vulnerabilities in the ntp.org NTP reference implementation announced in March 2017. Blue Coat products that include a vulnerable version of the NTP reference implementation and make use of the affected fun…- 10 Apr 17, 7:26pm -
Zero Day Initiative Pusblished Advisories
Apple Security Announcement
More Security Advisories
-
Cloud Security Alliance Media Coverage
Click for More Info on Mozilla Security Advisory
-
Cloud Security Alliance Media Coverage
Click for More Info on Mozilla Known Vulnerabilities