Advisories

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol.

Intel security has released an advisory that addresses a potential security vulnerability in Intel® Active Management Technology (AMT), and Intel® Standard Manageability (ISM) that may allow escalation of privilege.

Adobe has released a security update for Adobe InDesign. All system administrators are advised to study the advisory and apply the appropriate actions.

CERT.UG/CC raises this advisory that provides information on a North Korean group known as BuggleBoys that targets financial sectors across the globe using a Remote Access Tool (RAT) malware for exploiting weak network and system defenses.

Cisco has released advisories addressing vulnerabilities in a range of products. All Network administrators are advised to study the advisory and apply the appropriate measures.

Drupal users should upgrade to the latest versions to mitigate against potential XSS vulnerabilities. Web administrators should review the detailed advisory.

Cisco has released its ASA, FMC and FTD Software Security Bundled Publication. This addresses 12 Cisco Security Advisories that describe 12 vulnerabilities in Cisco ASA and FTD Software.

Samsung issued out a security release for its smart phones that addresses a vulnerability (Memory corruption in Quram Library with decoding qmg). If successfully exploited, an attacker could gain access user information such as call logs, address book, SMS archive, etc.

Update your Firefox browser to Firefox 76. This update fixes 11 vulnerabilities. Protect your browsing.

VMware released a patch to fix the stored Cross-Site Scripting (XSS) vulnerability in VMware ESXi. Users should review this advisory here.

Zoom users should change their passwords. Doing this will increase protection of your zoom account against increased cyber threats.

Oracle released its April Critical Patch Updates which address multiple vulnerabilities.

Network Administrators are strongly advised to examine security updates for various Juniper products which can be found here. These updates are released by the Microsoft Security R

Network Administrators are strongly advised to examine security updates for various Juniper products which can be found here. These updates are prepared by the Juniper Networks Sec

VMware has released updates to address a sensitive information disclosure vulnerability in the VMware Directory Service (vmdir).

Zoom has released its software update to enhance privacy and security. We strongly recommend all Zoom users to update their installation to the latest release. Find details here

We have released guidelines to enable users of Zoom use the platform in a secure manner especially when scheduling and managing meetings. This can be accessed here

Drupal has released security updates to fix third-party library vulnerabilities. Web administrators are advised to upgrade versions of drupal to the latest versions. Also note that versions of Drupal 8 prior to 8.7.x have reached end of life and do not receive security coverage.

Malicious actors are taking advantage of the increase search for COVID-19 related information from the World Health Organisation (WHO). This is mainly done through sending out e-mails on COVID-19 embedded with malicious links or attachments loaded with malware.

The increased use of Zoom for online meetings has attracted malicious actors whose aim is to disrupt the meeting using threatening and abusive language as well as materials. Access is obtained through publicly shared meeting links.