Microsoft May Madness
Patch Tuesday was anything but typical in the month of May. On May 8, Microsoft released security patches for a total of 67 vulnerabilities, addressing 21 critical vulnerabilities, 42 important and four low-severity, while Adobe addressed a critical flaw in Adobe Flash Player. This is a big push from Microsoft ... Read More
Critical Oracle WebLogic Server Flaw Still Not Patched
One of the many issues that should have been addressed by Oracle’s Critical Patch Update for April 2018 was a fix for a flaw affecting versions 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 of the Oracle WebLogic Server (WLS) Java Enterprise Edition (EE) application server. This vulnerability, which has been assigned CVE-2018-2628 ... Read More
Cyber Actors Targeting Network Infrastructure Devices – What You Need to Know
Based on the recent surge of attacks on network devices by Russian state-sponsored cyber actors, the US-CERT has released Technical Alert (TA18-106A). As of now, targets being attacked are primarily government and private-sector organizations, critical infrastructure providers and the internet service providers (ISPs) that support U.S. infrastructure. Tenable has warned ... Read More
Critical Drupal Core Vulnerability: What You Need to Know
Drupal is popular, free and open-source content management software. On March 28, the Drupal security team released patches for CVE-2018-7600, an unauthenticated remote code execution vulnerability in Drupal core. The vulnerability affects Drupal versions 6, 7 and 8. Patches have been released for versions 7.x, 8.3.x, 8.4.x and 8.5.x. No ... Read More
SamSam Ransomware: How to Identify and Mitigate the Risk
As many news outlets have reported, Atlanta is recovering from an attack on its city computers that occurred on the morning of March 22. Initial reports stated and later confirmed that SamSam ransomware, also known as Samas and SamSamCrypt, was at play. SamSam ransomware exploits older, unpatched JBoss system and ... Read More
