UCSF IT Technology

Synk has released security updates to address vulnerabilities in vm2 Project vm2 for Node.js. Exploiting this vulnerability leads to access to a host object and a sandbox compromise. For a complete description of the vulnerabilities and affected systems go to CVE-2022-25893 Detail. IT Security Read more about IT Security service offerings.

VMware has released security updates to address vulnerabilities in VMware Log Insight.  A remote attacker could exploit these vulnerabilities to take control of an affected system.

Samsung released security updates to address vulnerabilities in Samsung’s Galaxy Store.  An attacker could exploit these vulnerabilities to perform remote code execution. 

Apple has released a security update to address vulnerabilities in multiple Apple Products. A remote attacker could exploit these vulnerabilities to take control of an affected device.

Dell has released security updates to address Critical vulnerabilities in Dell Secure Connect Gateway (SCG) Policy Manager. An attacker could exploit these vulnerabilities to compromise the affected system.

Threat Alert: What to Watch For Cybercriminals have launched a series of phishing attacks using timely email phishing lures related to annual compensation reviews and bonuses.  The phishing emails encourage recipients to click a lure to confirm a payment-related change.

OpenText released security updates to address Critical and High Vulnerabilities in the

VMware has released security updates to address vulnerabilities in VMware vRealize Network.  A malicious actor with network access to the vRNI REST API can execute commands without authentication.

Cisco released security updates to address a High vulnerability in the Cisco Unified CM.  A remote attacker could exploit this vulnerability to read or modify any data on the underlying database or elevate their privileges.