Advisories

Cisco has released advisories addressing vulnerabilities in a range of products. All Network administrators are advised to study the advisory and apply the appropriate measures.

Drupal users should upgrade to the latest versions to mitigate against potential XSS vulnerabilities. Web administrators should review the detailed advisory.

Cisco has released its ASA, FMC and FTD Software Security Bundled Publication. This addresses 12 Cisco Security Advisories that describe 12 vulnerabilities in Cisco ASA and FTD Software.

Samsung issued out a security release for its smart phones that addresses a vulnerability (Memory corruption in Quram Library with decoding qmg). If successfully exploited, an attacker could gain access user information such as call logs, address book, SMS archive, etc.

Update your Firefox browser to Firefox 76. This update fixes 11 vulnerabilities. Protect your browsing.

VMware released a patch to fix the stored Cross-Site Scripting (XSS) vulnerability in VMware ESXi. Users should review this advisory here.

Zoom users should change their passwords. Doing this will increase protection of your zoom account against increased cyber threats.

Oracle released its April Critical Patch Updates which address multiple vulnerabilities.

Network Administrators are strongly advised to examine security updates for various Juniper products which can be found here. These updates are released by the Microsoft Security R

Network Administrators are strongly advised to examine security updates for various Juniper products which can be found here. These updates are prepared by the Juniper Networks Sec

VMware has released updates to address a sensitive information disclosure vulnerability in the VMware Directory Service (vmdir).

Zoom has released its software update to enhance privacy and security. We strongly recommend all Zoom users to update their installation to the latest release. Find details here

We have released guidelines to enable users of Zoom use the platform in a secure manner especially when scheduling and managing meetings. This can be accessed here

Drupal has released security updates to fix third-party library vulnerabilities. Web administrators are advised to upgrade versions of drupal to the latest versions. Also note that versions of Drupal 8 prior to 8.7.x have reached end of life and do not receive security coverage.

Malicious actors are taking advantage of the increase search for COVID-19 related information from the World Health Organisation (WHO). This is mainly done through sending out e-mails on COVID-19 embedded with malicious links or attachments loaded with malware.

The increased use of Zoom for online meetings has attracted malicious actors whose aim is to disrupt the meeting using threatening and abusive language as well as materials. Access is obtained through publicly shared meeting links.

Based on the global impact of COVID-19, the Uganda National Computer Emergency Response Team and Coordination Center (CERT.UG/CC) strongly urges all organisations to review and prepare response plans first to protect staff as well as ensure continuity of critical IT enabled services.

NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, escalation of privileges, or information disclosure.

Adobe has released an update for Adobe After Effects for Windows. This update resolves a critical out-of-bounds write vulnerability that could lead to arbitrary code execution in the context of the current user.

Google has released Chrome 80 update (version 80.0.3987.122) that addresses three high-severity vulnerabilities, including a zero-day issue (CVE-2020-6418) that has been exploited in the wild.