UCSF IT Technology

Apache has released a Critical security update to address a zero-day vulnerability that is being actively exploited in the Apache Log4j utility. A remote attacker could exploit this vulnerability to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit Apache Log4j vulnerability.

SonicWall has released a security advisory to address Critical and Medium Vulnerabilities in SonicWall SMA 100 series appliances. A remote attacker could exploit this vulnerability to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit SonicWall product security notice.

CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory identifying active exploitation of a critical vulnerability in Zoho ManageEngine ServiceDesk Plus. A remote attacker could exploit this vulnerability to take control of an affected system For a complete description of the vulnerabilities and effected systems, visit:

Google has released Chrome version 95.0.4638.69 for Windows, Mac, and Linux to address vulnerabilities. This update protects against remote attackers using the vulnerability to to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit Stable Channel Update for Desktop. Read more about IT Security service offerings.

Critical Flaw in Sitecore Experience Platform Exploited in Attacks. This bulletin is to protect against a remote code execution vulnerability through insecure deserialization in the Report.ashx file. For a complete description of the vulnerabilities and effected systems, visit SITECORE - Security Bulletin SC2021-003-499266.

Researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against System-on-a-Chip (SoC) security bugs impacting multiple vendors. For a complete description of the vulnerabilities and effected systems, visit CISA urges vendors to patch BrakTooth bugs after exploits release.

Google has released Chrome version 95.0.4638.69 for Windows, Mac, and Linux to address vulnerabilities. This update protects against remote attackers using the vulnerability to to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit Stable Channel Update for Desktop.

Microsoft has released a blog on NOBELIUM (nation-state threat actor) attacks on cloud services and other technologies. This blog is to protect against NOBELIUM gaining access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations.

Google has released Chrome version 95.0.4638.54 to address vulnerabilities for Windows, Mac, and Linux. These updates protect against remote attackers using the vulnerabilities to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit Stable Channel Update for Desktop.  

The FDA has identified a Class I – the most serious type – recall on multiple Medtronic Devices. Use of these devices may cause serious injuries or death.  For a complete description of the vulnerabilities and effected systems, visit Medtronic Security Bulletins.