UCSF IT Technology

Android released its July Android update to address multiple vulnerabilities in Android Devices, three of which have been actively exploited. The most severe of these vulnerabilities could lead to remote code execution. For a complete description of the vulnerabilities and affected systems go to Android Security Bulletin—July 2023. IT Security 

Progress released a Service Pack to address vulnerabilities in MOVEit Transfer. A cyber threat actor could exploit these vulnerabilities to obtain sensitive information. For a complete description of the vulnerabilities and affected systems go to MOVEit Transfer 2020.1 (12.1) Service Pack (July 2023). IT Security 

Threat Alert: What to Watch For The Royal Bank of Canada (RBC) issued a consumer alert warning of voice phishing (vishing) calls impersonating the financial institution.  The calls appear to come from a toll-free number, and a recorded message informs the user that RBC has detected a potential fraud issue.  These calls do not provide a name or information about who the fraud may impact.

Threat Alert: What to Watch For Cybercriminals have launched a series of phishing attacks that claim to inform the recipient of physical altercations between employees and equipment damage at a worksite.  The lures include a malicious attachment allegedly containing a video of the altercation.

Ubuntu released multiple security updates in June for various Ubuntu products. For a complete description of the vulnerabilities and affected systems go to Ubuntu June 2023 Archives by date. IT Security  Read more about IT Security service offerings.

Red Hat released multiple security updates in June for various Red Hat products. For a complete description of the vulnerabilities and affected systems go to Red Hat June Updates. IT Security  Read more about IT Security service offerings.

Suse released multiple security updates in June for various Suse products. For a complete description of the vulnerabilities and affected systems go to Suse June 2023 Archives by date. IT Security  Read more about IT Security service offerings.

Medtronics released a security update to address a vulnerability in its Medtronics Paceart Optima cardiac device data workflow system. An attacker could exploit this vulnerability to perform denial-of-service attack or remote code execution that could affect the system's operations and data.

WordPress released a security update to address a Critical vulnerability in miniOrange's Social Login and Register plugin for WordPress. Exploitation of this vulnerability could allow an unauthenticated attacker to gain access to any account on a site including accounts used to administer the site, if the attacker knows, or can find, the associated email address.

Archer released a security update to address an Actively Exploited vulnerability in TP-Link Archer AX21 Firmware. A remote attacker could exploit this vulnerability to execute arbitrary OS commands with root privileges. For a complete description of the vulnerabilities and affected systems go to TP-Link Archer Firmware Download Information Security Update Information. IT Security