UCSF IT Technology

VMware has released security updates to address a High vulnerability in VMware Aria Operations for Networks. A remote attacker could exploit this vulnerability to execute arbitrary commands. For a complete description of the vulnerabilities and affected systems go to VMSA-2023-0012.1. IT Security 

SAP released their June 2023 updates to address vulnerabilities in various SAP products. For a complete description of the vulnerabilities and affected systems go to SAP Security Patch Day –June 2023. IT Security  Read more about IT Security service offerings.

Google updated Chrome channels to 114.0.5735.133 for Mac and Linux and 114.0.5735.133/134 for Windows to address vulnerabilities in Chrome. For a complete description of the vulnerabilities and affected systems go to ShareFile StorageZones Controller Security Update for CVE-2023-24489.

Threat Alert: What to Watch For Cybercriminals have launched phishing attacks that hijack legitimate email threads to deliver malicious URLs. Attackers hijack email threads to further increase the believability of the attacks.

Threat Alert: What to Watch For Cybercriminals have launched phishing attacks abusing legitimate tools that are used to direct web traffic.  Phishing lures contain an embedded URL that leads to a lookalike Google Chrome update site.  Downloading the fake Google Chrome update installs a legitimate tool used for remotely monitoring and supporting computers.

Citrix has released a security update to address a vulnerability in Citrix ShareFile StorageZones Controller. An attacker could exploit these vulnerabilities to execute arbitrary code.

Microsoft released their June Security Update to address vulnerabilities in multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

Cisco has released security updates to address vulnerabilities in Multiple Cisco Products. These vulnerabilities could be exploited to take over an affected system.

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system.  For a complete description of the vulnerabilities and affected systems go to Adobe Security Bulletins. IT Security 

Fortinet has released security updates to address a Critical vulnerability in Fortinet FortiOS and FortiProxy. An attacker could exploit this vulnerability to execute arbitrary code or commands via specifically crafted requests. For a complete description of the vulnerabilities and affected systems go to FortiOS & FortiProxy - Heap buffer overflow in sslvpn pre-authentication. IT Security