Cisco has released the security advisory to address a vulnerability in Cisco Adaptive Security Appliance (ASA) software with web management interface enabled.
Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. Reports indicate active exploitation against vulnerability in Windows kernel has been observed.
Adobe released a security update to address some vulnerabilities found in the Adobe Flash Player. Reports indicate that one of the vulnerabilities is being exploited in the wild.
Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks which may allow remote attackers to exploit the vulnerable systems without authentication.
A local attacker could disclose the encrypted information on the vulnerable Solid State Drives (SSD) by altering the firmware through the debugging interface.
Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.
Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. Reports indicate that proof-of-concept and fully workable exploit codes targeting the vulnerabilities in Microsoft Jet Database Engine and Windows Kernel have been publicly disclosed. Active exploitation against another vulnerability in the Windows operation system has also been observed.
Cisco released security advisories to address the vulnerabilities in Adaptive Security Appliance (ASA) software and Firepower Threat Defense (FTD) software.
Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. Reports indicate that exploitation of a zero-day vulnerability was detected against Windows systems
VPNFilter is a malware designed to infect small office and home office (SOHO) network equipment including routers and network-attached storage (NAS) devices which would allow hackers to perform man-in-the-middle attacks on traffic going through vulnerable routers, gather credentials, and obtain supervisory control.
Apache has released a new version of Apache Struts to address a vulnerability caused by misconfiguration in namespace. Since proof-of-concept and fully workable exploit codes targeting the vulnerability have been publicly available, attacks against any of the vulnerable systems are highly likely from now on.
Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. Reports indicate that exploitation of two zero-day vulnerabilities were detected against Internet Explorer and Windows systems./td>
Apache Software Foundation has released new versions of Apache Tomcat to address multiple vulnerabilities which are caused by UTF-8 decoder flaw and tracking of connection closures.
Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.
Cisco released a security advisory to address the vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA). Researchers report that exploitations of the vulnerability are observed.
Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components and enhancing the security as a defense in depth measure.
Adobe and Microsoft have published security advisories about vulnerabilities found in the Adobe Flash Player. Reports indicate that one of the vulnerabilities is being exploited in the wild against Windows users.
Google Project Zero and Microsoft have recently disclosed the Rogue System Register Read (RSRE, Variant 3a) and Speculative Store Bypass (SSB, Variant 4) which are related to the previous Meltdown and Spectre vulnerabilities announced in January 2018.
Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. Reports indicate that exploitation of two zero-day vulnerabilities were detected against Windows systems.
Drupal released a security update to fix a critical vulnerability (CVE-2018-7602). Multiple attack vectors could be adopted to exploit the vulnerabilities.
Reports indicate that there is elevated risk of cyber attacks on vulnerable network devices. Users are advised to patch and harden all network devices immediately.
Microsoft has released a security advisory addressing the kernel-level privilege escalation vulnerability, affecting Microsoft Windows 7(x64) and Server 2008 R2(x64).
Cisco has released 20 security advisories fixing a number of vulnerabilities in Cisco IOS and IOS XE software, of which 3 advisories are rated as critical and 17 advisories are rated as high.
VMware has published a security advisory to address a vulnerability found in VMware Workstation version 12.x and 14.x, as well as VMWare Fusion version 8.x and 10.x.
Adobe has released a security update to address vulnerabilities found in the Adobe Flash Player. Reports indicate that one of the vulnerabilities is being exploited in the wild against Windows users.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited on phishing email, which has been reported to the HKMA.
Cisco has released the security advisory to address a vulnerability in Cisco Adaptive Security Appliance (ASA) software with the webvpn feature enabled.
Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products. Patches are also available for some products to address the Meltdown and Spectre issues.
Users are advised to take immediate action to patch the affected systems, especially for those installed with Microsoft Office, since exploitation has been reported in the wild.
Users are advised to take immediate action to patch the affected Linux/Unix systems to address the well-known Meltdown and Spectre CPU issues with elevated risks.
Major browser vendors have published security advisories to address vulnerabilities. Users are advised to take immediate action to patch the affected browsers to address the well-known Meltdown and Spectre CPU issues with elevated risks.
HKCERT reminds enterprises that, besides financial data, personal data is also a target of attackers. Enterprises need to ensure the security and proper protection of such data should be in place.
Microsoft has released 18 security updates addressing multiple vulnerabilities which affect several Microsoft products or components. Users are advised to take immediate action to patch the affected systems since there is elevated risk of cyber attacks for the vulnerabilities.
