CISO Express | A Security Professional’s Home Page

Microsoft Security Advisory

Microsoft Security Response Center

  • BlueHat Seattle 2019 Call for Papers is Now Open!
    2019 has seen a phenomenal BlueHatIL in February followed by a wildly successful BlueHat Shanghai in May… now it’s time to come back home for BlueHat Seattle!  2 days of hands-on technical training (October 22-23, 2019)  2 days of conference ta…
    - 3 Sep 19, 11:01pm -
  • Acquiring a VHD to Investigate
    In a previous post we described some of the differences between on-premises/physical forensics and cyber investigations and those performed in the cloud, and how this can make cloud forensics challenging. That blog post described a method of creating…
    - 3 Sep 19, 7:30pm -

Zero Day Initiative Upcoming Advisories

  • ZDI-CAN-5875: Wecon

    ZDI-CAN-5875: Wecon

    A CVSS score 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'nsfocus security team.' was reported to the affected vendor on: 2018-03-09, 0 days ago. The vendor is given until 2018-07-07 to publish a fix or workaround. Once the…
    - 9 Mar 18, 12:00pm -
  • ZDI-CAN-5863: Wecon

    ZDI-CAN-5863: Wecon

    A CVSS score 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Mat Powell - Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2018-03-09, 0 days ago. The vendor is given until 2018-07-07 to publish a fix or…
    - 9 Mar 18, 12:00pm -

US-CERT Alerts

US-CERT Bulletin

  • Vulnerability Summary for the Week of January 11, 2021
    Original release date: January 18, 2021The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for upda…
    - 6 days ago 18 Jan 21, 12:00pm -
  • Vulnerability Summary for the Week of January 4, 2021
    Original release date: January 11, 2021The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for upda…
    - 13 days ago 11 Jan 21, 12:06pm -

US-CERT Activity

  • Cisco Releases Advisories for Multiple Products
    Original release date: January 21, 2021Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lowe…
    - 3 days ago 21 Jan 21, 12:16pm -
  • Drupal Releases Security Updates
    Original release date: January 21, 2021Drupal has released security updates to address a vulnerability affecting Drupal. An attacker could exploit this vulnerability to take control of an affected system.CISA encourages users and administrators to…
    - 3 days ago 21 Jan 21, 12:15pm -

Joomla Security Advisory

  • [20210103] - Core - XSS in com_tags image parameters

    [20210103] - Core - XSS in com_tags image parameters

    Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions:3.1.0 - 3.9.23Exploit type: XSSReported Date: 2020-09-01Fixed Date: 2021-01-12CVE Number: CVE-2021-23125DescriptionLack of escaping of image-related parameters in multiple…
    - 13 days ago 11 Jan 21, 1:00pm -
  • [20210102] - Core - XSS in mod_breadcrumbs aria-label attribute

    [20210102] - Core - XSS in mod_breadcrumbs aria-label attribute

    Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions:3.9.0 - 3.9.23Exploit type: XSSReported Date: 2020-09-01Fixed Date: 2021-01-12CVE Number: CVE-2021-23124DescriptionLack of escaping in mod_breadcrumbs aria-label attribut…
    - 13 days ago 11 Jan 21, 1:00pm -

Wordpress Advisory

  • People of WordPress: Thelma Mutete

    People of WordPress: Thelma Mutete

    From writing her first line of code when she was 16, Thelma Mutete knew she wanted to work in IT. She shares her journey in web development and her discovery of WordPress.
    - 3 days ago 21 Jan 21, 4:40pm -
  • The Month in WordPress: December 2020
    We bid goodbye to 2020 in style with the release of WordPress 5.6 and the launch of Learn WordPress. But these weren’t the only exciting updates from WordPress in December. Read on to learn more! WordPress 5.6 is here The latest major WordPress rel…
    - 19 days ago 5 Jan 21, 10:55am -

Adobe Security Advisory

Oracle Security Advisory

Linux Security Advisory

ICS-CERT Advisory

    Cisco Security Advisory

      Cisco Security Response

        Cisco IPS Threat Defense Bulletins

          IBM Security Advisory by IBM PSIRT

          AWS Security Advisory by Amazon

          • Android Security Advisory
            2015/07/28 - 6:00PM PST   AWS is aware of the recently reported Android security issues described in: CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829. These issues present a risk to all data…
            - 63 days ago 22 Nov 20, 11:10am -
          • HeartBleed Bug Concern
            April 7, 2014 AWS is aware of the HeartBleed Bug (CVE-2014-0160) in OpenSSL and investigating any impact or required remediation. We will post back when we have more detail. April 8, 2014 Update: For the latest updates, please see the bulletin AWS…
            - 63 days ago 22 Nov 20, 11:10am -

          Google Chrome Security Advisory

          • Chrome Beta for iOS Update

            Chrome Beta for iOS Update

            Hi, everyone! We've released Chrome Beta 88 (88.0.4324.111) for iOS: it'll become available on App Store in next few days.You can see a partial list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.Bindu S…
            - 3 days ago 22 Jan 21, 2:09am -
          • Dev Channel Update for Desktop

            Dev Channel Update for Desktop

            The Dev channel has been updated to 89.0.4389.9 for Windows,Mac and Linux.A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The comm…
            - 4 days ago 20 Jan 21, 9:09pm -

          Symantec Product Security Advisories

            VMware Security Advisory

            • Intrinsic Security: Best Practices for Using Automation to Simplify and Improve Threat Protection

              Intrinsic Security: Best Practices for Using Automation to Simplify and Improve Threat Protection

                Cybercrime is up 600% during the COVID-19 pandemic as companies continue relying on employees working remotely. As the threat landscape evolves, security teams must remain agile in preventing and responding to an increasing volume of attacks. To s…
              - 55 days ago 1 Dec 20, 12:36am -
            • VMware and Tianfu Cup 2020
              Update November 08, 2020 Tianfu Cup International PWN Contest 2020 has been wrapped up with no attempts on our products on Day 2. We would like to thank Tianfu Cup organizers for making remote participation possible and continuing the contest.   Upd…
              - 79 days ago 6 Nov 20, 4:19pm -

            Bluecoat Security Advisory

            • SA148: Linux Kernel Vulnerabilities Feb-Apr 2017
              This Security Advisory addresses multiple vulnerabilities in the Linux kernel.  Symantec Network Protection products, which include vulnerable versions of the Linux kernel and use the affected functionality, are vulnerable.
              - 1 May 17, 4:39pm -
            • SA147: March 2017 NTP Security Vulnerabilities
              This Security Advisory addresses multiple vulnerabilities in the ntp.org NTP reference implementation announced in March 2017.  Blue Coat products that include a vulnerable version of the NTP reference implementation and make use of the affected fun…
              - 10 Apr 17, 7:26pm -

            Apple Security Announcement

              More Security Advisories