TTCSIRT-235.101619: TT-CSIRT ADVISORY – ORACLE SECURITY UPDATES

TTCSIRT-235.101619: TT-CSIRT ADVISORY – ORACLE SECURITY UPDATES

Oracle has released its Critical Patch Update for October 2019 to address 219 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Due to the threat posed by a successful attack, TTCSIRT strongly recommends that administrators apply the Critical Security Patch Update as soon […]

TTCSIRT-234.101419: TT-CSIRT ADVISORY – CHROME SECURITY UPDATES

Google has released Chrome version 77.0.3865.120 for Windows, Mac, and Linux. This new version addresses vulnerabilities that an attacker could exploit to take control of an affected system. TTCSIRT encourages users and administrators to review the following blog post from Google and update to the latest version of Chrome on all devices. Issues addressed include […]

TTCSIRT-233.101019: TT-CSIRT ADVISORY – INTEL SECURITY UPDATES

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine. TTCSIRT encourages users and administrators to review the following advisories from Intel and apply the necessary remediation actions: CVE-2019-14569 – Potential security vulnerabilities in system […]

TTCSIRT-232.100719: TT-CSIRT ADVISORY – VPN SECURITY UPDATES

The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. Affected applications include those by Fortinet, Palo Alto and Pulse Secure. TTCSIRT encourages users and administrators to read the NCSC alert for more information and see the following […]

TTCSIRT-231.100219: TT-CSIRT ADVISORY – ANDROID SECURITY UPDATES

Please be advised that multiple vulnerabilities have been discovered in the Google Android 10 operating system (OS), the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of a privileged process. These vulnerabilities could be exploited […]

TTCSIRT-230.100219: TT-CSIRT ADVISORY – PHP SECURITY VULNERABILITY

A vulnerability has been discovered in PHP, which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. It supports a wide variety of platforms and is used by numerous web-based software applications. Successfully exploiting this vulnerability could allow for arbitrary code […]

TTCSIRT-229.092719: TT-CSIRT ADVISORY – APPLE SECURITY UPDATES

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to obtain access to sensitive information. TTCSIRT encourages users and administrators to review Apple’s security updates page and apply the necessary updates: https://support.apple.com/en-us/HT201222   1) CVE-2019-8641 – A remote attacker may be able to cause unexpected […]

TTCSIRT-228.092719: TT-CSIRT ADVISORY – CISCO SECURITY UPDATES

Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. TTSCIRT urges users and administrators to review the Cisco Security Advisories page and apply the necessary updates: https://tools.cisco.com/security/center/publicationListing.x   CRITICAL 1) CVE-2018-0296 – Cisco Adaptive Security Appliance […]

TTCSIRT-227.092019: TT-CSIRT Advisory – Microsoft Security Updates

Microsoft has released a security update stating that it has discovered the following vulnerabilities in Microsoft SharePoint Server 2019: a) CVE-2019-1257 – the software fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the SharePoint application pool and the […]

TTCSIRT-226.092019: TT-CSIRT Advisory – Chrome Security Updates

Google has released a security update stating that it has discovered the following vulnerabilities in Google Chrome: a) Use-after-free in UI – CVE-2019-13685. b) Use-after-free in media – CVE-2019-13688. These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted web page. Exploitation could allow an attacker to execute arbitrary […]