UCSF IT Technology

CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory identifying active exploitation of a critical vulnerability in Zoho ManageEngine ServiceDesk Plus. A remote attacker could exploit this vulnerability to take control of an affected system For a complete description of the vulnerabilities and effected systems, visit:

Google has released Chrome version 95.0.4638.69 for Windows, Mac, and Linux to address vulnerabilities. This update protects against remote attackers using the vulnerability to to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit Stable Channel Update for Desktop. Read more about IT Security service offerings.

Critical Flaw in Sitecore Experience Platform Exploited in Attacks. This bulletin is to protect against a remote code execution vulnerability through insecure deserialization in the Report.ashx file. For a complete description of the vulnerabilities and effected systems, visit SITECORE - Security Bulletin SC2021-003-499266.

Researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against System-on-a-Chip (SoC) security bugs impacting multiple vendors. For a complete description of the vulnerabilities and effected systems, visit CISA urges vendors to patch BrakTooth bugs after exploits release.

Google has released Chrome version 95.0.4638.69 for Windows, Mac, and Linux to address vulnerabilities. This update protects against remote attackers using the vulnerability to to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit Stable Channel Update for Desktop.

Microsoft has released a blog on NOBELIUM (nation-state threat actor) attacks on cloud services and other technologies. This blog is to protect against NOBELIUM gaining access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations.

Google has released Chrome version 95.0.4638.54 to address vulnerabilities for Windows, Mac, and Linux. These updates protect against remote attackers using the vulnerabilities to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit Stable Channel Update for Desktop.  

The FDA has identified a Class I – the most serious type – recall on multiple Medtronic Devices. Use of these devices may cause serious injuries or death.  For a complete description of the vulnerabilities and effected systems, visit Medtronic Security Bulletins.

The Apache Software Foundation has released an Important security advisory to address a zero-day vulnerability that is being actively exploited in the Apache HTTP Server. This advisory protects against an attacker using the path traversal attack to map URLs to files outside the expected document root.

Google has released Chrome version 94.0.4606.71 to address vulnerabilities for Windows, Mac, and Linux. These updates protect against remote attackers using the vulnerabilities to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit Stable Channel Update for Desktop.