UCSF IT Technology

Suse released multiple security updates in January for various Suse products.  For a complete description of the vulnerabilities and affected systems go to Suse January 2023 Archives by date. IT Security Read more about IT Security service offerings.

Red Hat released multiple security updates in January for various Red Hat products.  For a complete description of the vulnerabilities and affected systems go to Red Hat January 2023 Archives by date. IT Security Read more about IT Security service offerings.

Mandiant has reported a vulnerability in Apache DolphinScheduler. An attacker could exploit this vulnerability to perform a command injection.

Threat Alert: What to Watch For Cybercriminals are abusing Google Ads to have links to malicious web pages appear at the top of Google’s search results as sponsored links. These malicious links are tagged as “Ad” by Google.  These web pages are made to imitate the software download pages for popular software utilities and applications.

 

H-ISAC reported a vulnerability in Sudo was weaponized. An attacker could exploit this vulnerability to gain root privileges on the target system.

ManageEngine released security updates to address a vulnerability in Apache Santuario impacting ManageEngine products. Exploiting this vulnerability  allows a remote attacker to execute arbitrary code. For a complete description of the vulnerabilities and affected systems go to CVE-2022-25893 Detail. IT Security

Apache released security updates to address vulnerabilities in Apache Apache-airflow-providers-apache-pig.  Exploiting this vulnerability could leads to An OS command injection. For a complete description of the vulnerabilities and affected systems go to CVE-2022-40189 Detail. IT Security