UCSF IT Technology

Mandiant reported a vulnerability in Apache Portable Runtime Utility. An attacker could exploit this vulnerability to write beyond bounds of a buffer. For a complete description of the vulnerabilities and affected systems go to  CVE-2022-25147 Detail. IT Security Read more about IT Security service offerings.

Threat Alert: What to Watch For

H-ISAC reported that a vulnerability in Foxit PDF Reader was likely weaponized. A malicious user could exploit these vulnerabilities to perform cross site scripting and remote code execration. For a complete description of the vulnerabilities and affected systems go to CVE-2022-28672 Detail. IT Security

H-ISAC reported that several vulnerabilities in Nagios were weaponized and productized. A malicious user could exploit these vulnerabilities to perform cross site scripting and remote code execration. For a complete description of the vulnerabilities and affected systems go to Nagios XI 5.7.5 Remote Code Execution.

OpenSSH released security updates to address vulnerabilities in OpenSSH.  For a complete description of the vulnerabilities and affected systems go to OpenSSH Release Notes 2/2/23. IT Security Read more about IT Security service offerings.

Researchers at Metabase Q reported vulnerabilities in ImageMagick. An attacker could exploit these vulnerabilities to perform information disclosure or trigger a Denial of Service (DoS) condition. For a complete description of the vulnerabilities and affected systems go to  CVE-2022-44267 and CVE-2022-44268 #6027. IT Security

Threat Alert: What to Watch For Cybercriminals have launched phishing attacks claiming to be senior executives offering employees a Valentine’s Day-themed reward in appreciation of their work.  The message purporting to be from executives might compel users to engage with the supposed employer-related communications.  The promise of a reward or gift for the employee’s dedication to the organization entices recipients to click