Multiple security vulnerabilities in the VMware products listed below. Patches and workarounds are available to remediate or workaround these vulnerabilities in affected Time-of-check Time-of-use (TOCTOU) issue (CVE-2020-3957).
Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system to access more than the user should have access to, where Fusion, VMRC and Horizon Client are installed.
Impacted Products:
Sectigo at present offers the ability to cross-sign certificates with the AddTrust legacy root to increase support among very old systems and devices. This root is due to expire at the end of May, 2020. Any applications or installations that depend on this cross-signed root must be updated by May, 2020 or run the risk of outage or displayed error message.
For more information read:
Multiple vulnerabilities have been discovered in Apple iOS, iPadOS, and watchOS, which could allow for arbitrary code execution.
Cisco has released security updates to address vulnerabilities affecting FXOS, NX-OS, and Unified Computing System (UCS) software. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway. A remote attacker could exploit this vulnerability to run arbitrary code on a targeted system. This vulnerability was detected in exploits in the wild.
Since 2015, financially motivated cybercriminal groups have actively targeted businesses in the retail, restaurant, hotel, and gaming industries at an increasing rate. Recently, the cybercriminal group FIN7,1 known for targeting such businesses through phishing emails, deployed an additional tactic of mailing USB devices via the United States Postal Service (USPS). The mailed packages sometimes include items like teddy bears or gift cards to employees of target companies working in the Human Resources (HR), Information Technology (IT), or Executive Management (EM) roles.
There has been a circulation of malicious websites pretending to be credible sources for more information on the Coronavirus-19. PLEASE double check the validity and reliability of websites you are visiting. This also includes attachments!
The UCLA IT Security Office will send out a notification to system administrators when these issues have been resolved.
Both SentinelOne and Sophos are being tested for compatibility issues with the macOS Mojave Anti-Tampering mechanism.
As with any new OS release, we recommend waiting to upgrade until the early bugs have been removed.
If a machine is currently running macOS High Sierra and the SentinelOne Next Generation Endpoint Protection agent, UCLA IT Security recommends not upgrading to macOS Mojave.
On July 14, 2019, the data breach monitoring service haveibeenpwned.com posted a database dump of approximately 101 million users who had their information exposed as part of the Evite data breach.
This breach was officially reported in June of 2019 and thought to have occurred back on February 22, 2019. Additional information regarding this incident can be found by visiting Evite’s security notice webpage at https://www.evite.com/security/update.
UPDATE: 6/25/19 -- This implementation has been postponed until further notice.
Since June of 2019, unidentified cyber actors have leveraged a known SharePoint vulnerability, CVE-2019-0604, to exploit notable US entities. Following widespread scanning for CVE-2019-0604 in May, June, and October 2019, respectively, cyber actors compromised the network of two identified US municipalities using CVE-2019-0604. Malicious activities included exfiltration of user information, escalation of administrative privileges, and the dropping of webshells for remote/backdoor persistent access.
Original release date: February 25, 2020
OpenSMTPD has released version 6.6.4p1 to address a critical vulnerability. A remote attacker could exploit this vulnerability to take control of an affected server. OpenSMTPD is an open-source server-side implementation of the Simple Mail Transfer Protocol (SMTP) that is part of the OpenBSD Project.
Apache Tomcat servers released in the last 13 years are vulnerable to a bug named Ghostcat that can allow hackers to takeover unpatched systems.
Discovered by Chinese cybersecurity firm Chaitin Tech, Ghostcat is a flaw in the Tomcat AJP protocol.
AJP stands for Apache JServ Protocol and is a performance-optimized version of the HTTP protocol in binary format. Tomcat uses AJP to exchange data with nearby Apache HTTPD web servers or other Tomcat instances.
Tomcat's AJP connector is enabled by default on all Tomcat servers and listens on the server's port 8009.
National Consumer Protection Week (NCPW) is March 1–7. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade Commission (FTC) and its NCPW partners provide free resources to protect consumers from fraud, scams, and identity theft.
Review FTC’s NCPW resource page tips:
Attackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable to the CVE-2020-0688 remote code execution vulnerability patched by Microsoft two weeks ago.
All Exchange Server versions up to the last released patch are exposed to potential attacks following these ongoing scans, including those currently out of support even though Microsoft's security advisory doesn't explicitly list them.
WordPress is, by far, the most widely used website building technology on the internet. According to the most recent statistics, more than 35% of all internet websites run on versions of the WordPress CMS (content management system).
Due to its huge number of active installations, WordPress is a massive attack surface. Attempts to hack into WordPress sites are like a constant hum in the background of all internet traffic, going on at any given time.
A group of hackers is using the remote desktop ActiveX control in Word documents to automatically execute on Windows 10 a malware downloader called Ostap that was seen recently adopted by TrickBot for delivery.
Security researchers have found dozens of files that delivered the first malware payload, indicating a larger campaign.
In light of the global scale of COVID-19, cyber criminals have been able to take advantage of the fear and uncertainty to deploy scams and attacks against unsuspecting targets worldwide. Threat actors are using COVID-19-themed phishing emails to serve malware and phish landing pages. Security researchers have discovered ransomware strains, selling misleading services and misinformation campaigns taking advantage of the concern and fear over COVID-19.
© 2023 Regents of the University of California