Drupal has released security updates to fix third-party library vulnerabilities. Web administrators are advised to upgrade versions of drupal to the latest versions. Also note that versions of Drupal 8 prior to 8.7.x have reached end of life and do not receive security coverage.
Malicious actors are taking advantage of the increase search for COVID-19 related information from the World Health Organisation (WHO). This is mainly done through sending out e-mails on COVID-19 embedded with malicious links or attachments loaded with malware.
The increased use of Zoom for online meetings has attracted malicious actors whose aim is to disrupt the meeting using threatening and abusive language as well as materials. Access is obtained through publicly shared meeting links.
Based on the global impact of COVID-19, the Uganda National Computer Emergency Response Team and Coordination Center (CERT.UG/CC) strongly urges all organisations to review and prepare response plans first to protect staff as well as ensure continuity of critical IT enabled services.
NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, escalation of privileges, or information disclosure.
Adobe has released an update for Adobe After Effects for Windows. This update resolves a critical out-of-bounds write vulnerability that could lead to arbitrary code execution in the context of the current user.
Google has released Chrome 80 update (version 80.0.3987.122) that addresses three high-severity vulnerabilities, including a zero-day issue (CVE-2020-6418) that has been exploited in the wild.
A vulnerability in the implementation of the wireless egress packet processing of certain Broadcom Wi-Fi chipsets.
The VMware team published an advisor concerning a vulnerability in VMware Tools in functionality that was removed from VMware Tools 11.0.0 has been determined to affect VMware Tools for Windows version 10.x.y.
Microsoft released advice concerning a remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
Oracle has released critical updates to fix security flaws. The update contains 334 patches. Uganda National CERT and Coordination Center advises users to apply the updates for these products.
Adobe released security updates to fix vulnerabilities in Adobe Illustrator and Adobe Experience Manager.
Due to a spoofing vulnerability that exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates, Microsoft has released updates to the Windows 10 platform in order to reduce the risk exposure.
VMware has released its security advisory for Workspace ONE SDK. The severity is rated at ‘medium’ and details can be accessed here.
Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The Mozilla Foundation released its security Advisory requesting users of the Firefox browser to update to the latest version. The update fixes a previous zero-day vulnerability that an attacker could take advantage of and gain unauthorized control of a user’s device.
Microsoft will stop supporting and releasing updates for Windows 7 on 14 January 2020. This means there will be no technical support or software and security updates from Microsoft. Continued use of Windows 7 after this date will leave users exposed to an array of cyber threats.
Planned Internet Service Maintenance Alert
Microsoft has released a security update for Internet Explorer. IT Administrators are strongly advised to patch up. Details can be accessed here.
VMware has released security advisories rated as ‘important’ for the vSphere ESXi and vCenter Server products. Administrators are strongly urged to review the advisory and implement the appropriate resolutions.