Original release date: April 2, 2020The Federal Bureau of Investigation (FBI) has released an article on defending against video-teleconferencing (VTC) hijacking (referred to as “Zoom-bombing” when attacks are to the Zoom VTC platform). Many...
Original release date: April 1, 2020The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory regarding two vulnerable command injection points in DrayTek devices (CVE-2020-8515). An attacker could exploit these...
Original release date: April 1, 2020Google has released Chrome version 80.0.3987.162 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
The Cybersecurity and...
The Vertiv Avocent UMG-4000 contains multiple vulnerabilities that could allow an authenticated attacker with administrative privileges to remotely execute arbitrary code. The web interface does not sanitize input provided from the remote...
The Versiant LYNX Customer Service Portal(CSP)is a"full-service customer portal that provides real-time information to terminal operators on the status of shipments into and out of a marine container terminal". The LYNX CSP,version 3.5.2,is...
Original release date: March 25, 2020Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and...
Original release date: March 25, 2020Adobe has released a security update to address a vulnerability in Creative Cloud Desktop Application. An attacker could exploit this vulnerability to take control of an affected system.
The Cybersecurity and...
Original release date: March 23, 2020Microsoft has released a security advisory to address remote code execution vulnerabilities in Adobe Type Manager Library affecting all currently supported versions of Windows and Windows Server operating...
Adobe Type Manager,which is provided by atmfd.dll,is a kernel module that is provided by Windows and provides support for OpenType fonts. Two vulnerabilities in the Microsoft Windows Adobe Type Manager library may allow an unauthenticated remote...
Original release date: March 19, 2020Drupal has released security updates to address vulnerabilities affecting Drupal 8.7.x and 8.8.x. An attacker could exploit these vulnerabilities to take control of an affected system.
The Cybersecurity and...
Original release date: March 19, 2020Cisco has released security updates to address multiple vulnerabilities in SD-WAN Solution software. An attacker could exploit these vulnerabilities to take control of an affected system. For updates...
Original release date: March 19, 2020Google has released Chrome version 80.0.3987.149 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
The Cybersecurity and...
This vulnerability results from using gradient descent to determine classification of inputs via a neural network. As such,it is a vulnerability in the algorithm. In plain terms,this means that the currently-standard usage of this type of machine...
Original release date: March 18, 2020Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and...
Original release date: March 16, 2020VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system.
The Cybersecurity and...
Original release date: March 12, 2020Microsoft has released out-of-band security updates to address a remote code execution vulnerability (CVE-2020-0796) in Microsoft Server Message Block 3.1.1 (SMBv3). A remote attacker could exploit this...
Original release date: March 11, 2020Microsoft has released a security advisory to address a remote code execution vulnerability (CVE-2020-0796) in Microsoft Server Message Block 3.1.1 (SMBv3). A remote attacker can exploit this vulnerability to...
Original release date: March 10, 2020Microsoft Exchange Servers affected by a remote code execution vulnerability, known as CVE-2020-0688, continue to be an attractive target for malicious cyber actors. A remote attacker can exploit this...
Original release date: March 10, 2020Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity...
Original release date: March 10, 2020Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of...
Original release date: March 10, 2020Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity...
Microsoft Server Message Block 3.1.1(SMBv3)contains a vulnerability in the way that it handles connections that use compression. This vulnerability may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system. It...
Original release date: March 6, 2020Zoho has released a security update on a vulnerability (CVE-2020-10189) affecting ManageEngine Desktop Central build 10.0.473 and below. A remote attacker could exploit this vulnerability to take control of an...
Original release date: March 6, 2020The Cybersecurity and Infrastructure Security Agency (CISA) warns individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments...
Original release date: March 5, 2020The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an advisory on securing internet-connected cameras such as smart security cameras and baby monitors. An attacker could gain access to...