Multiple Junos OS Vulnerabilities [Published Date: 2023-09-19]
Juniper Networks has released fixes to address several vulnerabilities. These vulnerabilities could potentially be chained together to allow unauthorized remote code execution (RCE) on SRX and EX series devices. Also, a VulnCheck vulnerability researcher released another PoC exploit that only utilizes one of the vulnerabilities, bypassing the need to upload files while still achieving remote code execution.
GitLab Issues Updates for Critical Flaw [Published: September 18, 19, and 20, 2023]
GitLab versions 13.12 before 16.2.7 and 16.3 before 16.3.4 are vulnerable if you have both direct transfers and security policies enabled. While this can be mitigated by turning one of those features off, the better fix is to update to a more current version.
Apple Releases Security Updates for Multiple Products [Publish Date: 22-09-2023]
Apple has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected device.
Atlassian Releases September Security Bulletin
Atlassian has released its security bulletin for September 2023 to address vulnerabilities in multiple products. A malicious cyber actor could exploit some of these vulnerabilities to take control of an affected system.
Drupal Releases Security Advisory to Address Vulnerability in Drupal Core
Drupal has released a security advisory to address a vulnerability affecting multiple Drupal versions. A malicious cyber actor could exploit this vulnerability to take control of an affected system.
ISC Releases Security Advisories for BIND 9
The Internet Systems Consortium (ISC) has released security advisories to address vulnerabilities affecting ISC’s Berkeley Internet Name Domain (BIND) 9. A malicious cyber actor could exploit these vulnerabilities to cause denial-of-service conditions.
3rd Party AV Uninstaller Module for Trend Micro Apex One and Worry-Free Business Security Arbitrary Code Execution Vulnerability
Trend Micro has released new patches and hotfixes for Trend Micro Apex One (on-premise and SaaS), Worry-Free Business Security and Worry-Free Business Security Services (SaaS) that resolves a vulnerability in the 3rd party AV uninstaller module that is provided with the endpoint products. Trend Micro said that a successful exploitation of the flaw could allow an attacker to manipulate the component to execute arbitrary commands on an affected installation. However, it requires that the adversary already has administrative console access on the target system. Trend Micro has observed at least one active attempt of potential attacks against this vulnerability in the wild (ITW). Customers are strongly encouraged to update to the latest versions as soon as possible.
Palo Alto Networks has released a security update to address a vulnerability in PAN-OS
Palo Alto Networks has released a security update to address a vulnerability in PAN-OS BGP software such as FRRouting FRR included as part of the PAN-OS virtual routing feature enables a remote attacker to reset network sessions through an invalid BGP update incorrectly. This issue is applicable only to firewalls configured with virtual routers that have BGP enabled.
Fortinet Releases Security Updates for Multiple Products [For website]
Fortinet has released security updates to address vulnerabilities (CVE-2023-29183 and CVE-2023-34984) affecting FortiOS, FortiProxy, and FortiWeb. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system.
Google Releases Security Updates for Google Chrome
Google has released security updates to address a vulnerability affecting Google Chrome. A cyber threat actor can exploit the vulnerability, allowing for arbitrary code execution.
Mozilla Releases Security Updates for Multiple Products
Mozilla has released security updates to address a vulnerability affecting Firefox, Firefox ESR, and Thunderbird. A cyber threat actor can exploit this vulnerability to take control of an affected system.
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities (CVSS 5.4 to 7.6 (Max)) affecting Adobe software (including Adobe Acrobat and Reader). A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system:
Apple Releases Security Updates for iOS and macOS
Apple has released security updates to address a vulnerability in multiple products. A cyber threat actor could exploit this vulnerability to take control of an affected device:
Microsoft Releases September 2023 Updates
Microsoft has released updates to address multiple vulnerabilities (including Microsoft Exchange Server 2016, Microsoft System Center, .NET Framework, Microsoft Office, Windows DHCP Server, Windows TCP/IP, etc.) in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities (*CVSS 5.5 to 8.8) to take control of an affected system.
Update Situational Alert on Cyber Threats [Published on 08 August, 2023]
This report serves as an update to the ‘SITUATIONAL ALERT ON CYBER THREATS’ issued on 4th August. It provides an Indicator of Compromise (IOC) list which organizations may use for their preventive security measures...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit some of these vulnerabilities to take control of an affected system:
Fortinet Releases Security Update for FortiOS
Fortinet has released a security update to address a vulnerability (CVE-2023-29182) affecting FortiOS. A remote attacker can exploit this vulnerability to take control of an affected system.
Microsoft Releases August 2023 Security Updates
Microsoft has released updates to address multiple vulnerabilities (*CVSS:4.5 to 9.8) with security updates for 87 flaws, including two actively exploited and twenty-three remote code execution vulnerabilities in Microsoft software (including Microsoft Exchange Server 2016, Microsoft Office, Microsoft Edge, SQL Server, Hyper-V, etc.). An attacker can exploit some of these vulnerabilities to take control of an affected system...
Situational Alert on Cyber Threats [Published on 04 August, 2023]
In a response to a declaration made by some religious and ideologically motivated underground hacker groups on 31st July to launch as they mentioned a storm of cyber-attacks against Bangladesh cyberspace on next 15th August, Bangladesh Government's Computer Incident Response Team (BGD e-GOV CIRT) is releasing this alert to warn critical information infrastructures (CII), banks and financial institutions, health care and all sorts of government and private organizations of the possible conducted cyber-attacks by the groups that may disrupt IT operations and businesses....
Regarding Strengthening Cyber Security of All Banks/FIs operating in Bangladesh
Considering the recent increase in cyber incidents, there is possibility of cyber attacks in any Banks/FIS operating in Bangladesh. It is important to take securiry measures to deal with any such cyber attack.
A security update for java-1.8.0-IBM is now available for Red Hat Enterprise Linux (RHEL) 8. Red Hat Product Security has rated this update as having a security impact of Important (*CVSS Max 7.4). This update fixes CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21967, CVE-2023-21968. CSU encourages you to review Redhat Security Advisory and apply the necessary updates if it applies to our environment.
Juniper has released updates to address multiple vulnerabilities in Juno OS. An attacker can exploit some of these vulnerabilities to take control of an affected system.