TTCSIRT-332.08.12.20: TT-CSIRT ADVISORY- CITRIX ENDPOINT MANAGEMENT (CEM) SECURITY UPDATE

  • Home
  • Archive for category "Security Advisories"
TTCSIRT-332.08.12.20: TT-CSIRT ADVISORY- CITRIX ENDPOINT MANAGEMENT (CEM) SECURITY UPDATE
By

Multiple vulnerabilities have been discovered in Citrix Endpoint Management (CEM), also referred to as XenMobile.These vulnerabilities have the following identifiers: CVE-2020-8208 CVE-2020-8209 CVE-2020-8210 CVE-2020-8211 CVE-2020-8212 The following versions of Citrix Endpoint Management (CEM) are affected by critical severity vulnerabilities: XenMobile Server 10.12 before RP2 XenMobile Server 10.11 before RP4 XenMobile Server 10.10 before RP6 XenMobile Server before 10.9 RP5 Users affected by these critical severity vulnerabilities are strongly recommended to […]

Read More
TTCSIRT-331.08.03.20: TT-CSIRT ADVISORY- CISCO RELEASES SECURITY UPDATES FOR MULTIPLE PRODUCTS
By

Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page via the link provided; https://tools.cisco.com/security/center/publicationListing.x Below are Critical Cisco Vulnerabilities with the relevant links to give a […]

Read More
TTCSIRT-328.07. 27.20: TT-CSIRT ADVISORY- POTENTIAL LEGACY RISK FROM MALWARE TARGETING QNAP NAS DEVICES
By

The United States Cyber security and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC); are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.   All QNAP NAS devices are potentially vulnerable to […]

Read More
TTCSIRT-326.07.20.20: TT-CSIRT ADVISORY-PERFORMANCEPOINT SERVICES REMOTE CODE EXECUTION VULNERABILITY
By

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. To exploit this vulnerability, an attacker […]

Read More
TTCSIRT-325.07.17.20: TT-CSIRT ADVISORY-CISCO RELEASES SECURITY UPDATES FOR MULTIPLE PRODUCTS
By

Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system. The following are affected appliances along with links detailing its respective vulnerability: Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability cisco-sa-rv110w-static-cred-BMTWBWTy Small Business RV110W, RV130, RV130W, […]

Read More
TTCSIRT-324.07.17.20: TT-CSIRT ADVISORY-APT29 TARGETS COVID-19 VACCINE DEVELOPMENT
By

APT29 (also known as ‘the Dukes’ or ‘Cozy Bear’) is a suspected Russian Intelligence Cyber Espionage Group. The United Kingdom’s National Cyber Security Centre issued detection and mitigation advice for organisations involved in coronavirus vaccine development with custom malware by APT29. The report goes into detail regarding recent Tactics, Techniques and Procedures (TTPs) of the […]

Read More
TTCSIRT-323.07.14.20: TT-CSIRT ADVISORY- Vulnerability in Windows DNS
By

Microsoft has released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are […]

Read More

Quick Navigation

Partner Agencies

Subscribe to Stay Updated!

Subscribe

Follow on social media:

Facebook-f X-twitter Linkedin-in Instagram