Advisories

All version of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. This maybe exploited to compromise a server. Administrators are advised to patch up.

Microsoft released guidance to ensure that Microsoft Office applications are properly secured when processing Dynamic Data Exchange (DDE) Fields.

The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organisations to develop, purchase and maintain applications and APIs that can be trusted.

The Global Cyber Alliance (GCA) and its partners (IBM Security & Packet Clearing House) have launched a DNS service that will assist user’s improve their privacy and security protection against web based threats.

Good news is that the WordPress security team has worked out a release to fix this vulnerability. For those using the WordPress themes for your websites, kindly see further instructions on how to update to Version 4.8.3 via:-

This Flash vulnerability could allow remote code execution, and is rated as Critical.

Bad Rabbit ransomware encrypts victim’s files and disk using the AES-128-CBC and RSA-2048 algorithms

These vulnerabilities affect devices running IOS and IOS XE software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

A collection of Bluetooth implementation vulnerabilities known as "BlueBorne" has been released.

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address two critical memory corruption vulnerabilities that could lead to code execution.

Microsoft released security updates to provide additional protections against malicious attackers.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices.

A security vulnerability exists in Microsoft Office Outlook 2007 that could allow arbitrary code to run when a maliciously modified file is opened. This update

resolves that vulnerability.

Cisco released workarounds to address the SNMP subsystem vulnerabilities in its IOS and IOS XE software. The Cisco Security Advisory on how to mitigate this threat can be accessed here

Oracle has released critical security patch that addresses 308 vulnerabilities across multiple products. Details can be found here

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system. Details can be found here

The Uganda National Computer Emergency Response Team and Coordination Center under the National Information Technology Authority - Uganda (NITA-U) is aware of an eminent threat affecting many organizations.

Conexant's MicTray64.exe is installed with the Conexant audio driver package and registered as a Microsoft Scheduled Task to run after each user login.

Based on the attack analysis for this particular ransomware, Microsoft released patches for the older versions of Microsoft Operating Systems. Kindly access this update by clicking here