Cybersecurity Alerts

Last updated on September 18, 2024

Cybersecurity alerts provide timely information about current security issues, vulnerabilities, and threats. If you are a B.C. Public Service employee and believe your system may be compromised or at risk, please contact the 7-7000 Service Desk via email or phone 1-866-660-0811, option 3.


IMPORTANT UPDATE:

The Province of British Columbia’s Vulnerability and Risk Management (VRM) team has identified duplication of effort in the general vulnerability alerts and advisories which are provided, compared against that of the Canadian Centre for Cyber Security (CCCS).

Effective immediately, please use the vulnerability alerts and advisories provided by CCCS. We recommend checking this resource daily. CCCS also has vulnerability alerts and advisories available via an RSS feed as well: here. They also have a guidance, news, and events RSS feed available here.

Vulnerability Reports

 

August 2024

25th - 31st

N24-379 Cisco security Advisory

N24-378 Google Chrome security Advisory

N24-377 Fortra security Advisory

N24-376 Foxit security Advisory

N24-375 Red Hat security Advisory

N24-374 Ubuntu security Advisory

N24-373 SonicWall security Advisory

N24-372 Microsoft Edge security Advisory

18th - 24th

N24-371 SolaWinds security Advisory

N24-370 Google security Advisory

N24-369 drupal security Advisory

N24-368 Cisco security Advisory

N24-367 mitel security Advisory

N24-366 GitHub security Advisory

N24-365 Atlassian security Advisory


11th - 17th

N24-364 Zoom Security Advisory Security Advisory

N24-363 FortiAnalyzer Security Advisory Security Advisory

N24-362 FortiOS Security Advisory

N24-361 Microsoft Edge Security Advisory

N24-360 Palo Alto Prisma Browser Security Advisory

N24-359 Lenovo Security Advisory

N24-358 F5 Security Advisory

N24-357 Cisco Secure Web Appliance Security Advisory

N24-356 Cisco - RADIUS Protocol Security Advisory

N24-355 RADIUS Security Advisory

N24-354 Intel Security Advisory

N24-353 SolarWinds security Advisory

N24-352 Microsoft Security Advisory

N24-351 Adobe Security Advisory

N24-350 Ivanti Security Advisory

N24-349 SAP Security Advisory

N24-348 Red Hat Security Advisory

N24-347 Ubuntu Security Advisory

4th - 10th

N24-346 Microsoft Edge Security Advisory

N24-345 F5 Security Advisory

N24-344 Apache Security Advisory

N24-343 Drupal Opigno Security Advisory

N24-342 Cisco IP Phones Security Advisory

N24-341 Jenkins security Advisory

N24-340 HPE security Advisory

N24-339 Google Chrome security Advisory

N24-338 HPE security Advisory

N24-337 Mozilla security Advisory

N24-336 Red Hat security Advisory

N24-335 Android security Advisory

N24-334 Ubuntu security Advisory


1st - 3rd

N24-333 HPE security Advisory

 

July 2024

28th - 31st

N24-332 VMware security Advisory

N24-331 Google Chrome security Advisory

N24-330 HPE security Advisory

N24-329 Apple security Advisory

N24-328 Red Hat Security Advisory

N24-327 Oracle Security Advisory

N24-326 Microsoft Edge Security Advisory


21st - 27th

Update N24-283 Owl Labs Security Advisory

N24-325 Google Chrome security Advisory

N24-324 ISC BIND security Advisory

N24-323 Mitel security Advisory

N24-322 Red Hat security Advisory

N24-321 HPE security Advisory

N24-320 Sonicwall security Advisory

N24-319 Ubuntu security Advisory


14th - 20th

N24-318 Microsoft Edge security Advisory

N24-317 Ivanti security Advisory

N24-316 SolarWinds security Advisory

N24-315 Mitel security Advisory

N24-314 Atlassian security Advisory

N24-313 Google Chrome security Advisory

N24-312 Cisco security Advisory

N24-311 OpenSSH security Advisory

N24-310 HPE security Advisory

N24-309 Ivanti security Advisory

N24-308 Red Hat security Advisory

N24-307 HPE security Advisory

N24-306 Juniper security Advisory

N24-305 HPE security Advisory

N24-304 Ubuntu Vulnerability Advisory

N24-303 Exim Security Advisory


7th - 13th

N24-302 Linux Kernel Vulnerabilities Advisory

N24-301 Cisco OpenSSH Vulnerability Advisory

N24- 300 Cisco IOS XR Security Advisory

N24-299 Mitel Security Advisory

N24-298 GitLab Security Advisory

N24-297 VMware Security Advisory

N24-296 Apache Security Advisory

N24-295 WordPress Security Advisory

N24-294 Palo Alto Security Advisory

N24-293 SAP Security Advisory

N24-292 ServiceNow Security Advisory

N24-291 Red Hat Security Advisory

N24-290 Adobe Security Advisory

N24-289 Mozilla Security Advisory

N24-288 Fortinet Security Advisory

N24-287 Microsoft Security Advisory - July 2024

N24-286 Citrix Security Advisory

N24-285 IBM Security Advisory

N24-284 Ubuntu Security Advisory

N24-283 Owl Labs Security Advisory


1st - 6th

N24-282 VMware ESXi and vCenter Server Security Advisory

N24-281 VMware Cloud Director Security Advisory

N24-280 Juniper Security Advisory

N24-279 Citrix Security Advisory

N24-278 Red Hat Security Advisory

VRM Cyber Alert 001 Apache Tomcat

N24-277 HPE Security Advisory

N24-276 Android Security Advisory

N24-275 OpenSSH Security Advisory

N24-274 Cisco Security Advisory

N24-273 Apache Security Advisory

N24-272 Juniper Networks Security Advisory

N24-271 HPE Security Advisories

 

June 2024

23rd - 29th

N24-270 Fortra security advisory

Update N24-267 Progress MOVEit Security Advisory

N24-269 GitLab Security Advisory

N24-268 WordPress Security Advisory

N24-267 Progress MOVEit Security Advisory

N24-266 Citrix Security Advisory

N24-265 Google Chrome Security Advisory

N24-264 Ubuntu Security Advisory

N24-263 IBM Security Advisory

N24-262 Microsoft Edge Security Update


16th - 22nd

N24-261 Juniper Networks Security Advisory

N24-260 VMware Security Advisory

N24-259 Atlassian Security Advisory

N24-258 Google Chrome Security Advisory

N24-257 Red Hat Security Advisory

N24-256 IBM Security Advisory


9th - 15th

N24-255 Progress Telerik Security Advisory

N24-254 Mozilla Foundation Security Advisory

N24-253 Microsoft Edge Security Advisory

N24-252 Google Pixel Update Bulletin

N24-251 Android Security Bulletin—June 2024

AL24-008 Unauthorized user access to Snowflake customer accounts

N24-250 Lenovo Product Security Advisories

N24-249 XenServer and Citrix Hypervisor Security Update

N24-248 Citrix Workspace Security Advisory

N24-247 Cisco Secure Email and Web Manager Security Advisory

N24-246 Cisco Secure Email Gateway Security Advisory

N24-245 Cisco Finesse Security Advisory

N24-244 FortiOS Security Advisory

N24-243 Veeam Security Advisory

N24-242 Google Chrome Security Advisory

N24-241 Adobe Security Advisory

N24-240 Microsoft Security Advisory

N24-239 JetBrains Security Advisory

N24-238 Mozilla Security Advisory

N24-237 SAP security advisory

N24-236 Ubuntu security advisory

N24-235 Red Hat security advisory

N24-234 IBM Security Advisory

N24-233 PHP Security Advisory


1st - 8th

N24-232 SolarWinds security advisory

N24-231 HPE security advisory

N24-230 Microsoft Edge security advisory

N24-229 Android Edge security advisory

N24-228 Red Hat security advisory

N4-227 Google Chrome security advisory

 

May 2024

26th - 31st

AL24-007 - Vulnerability impacting Check Point Network Security Gateways (CVE-2024-24919)

N24-226 Dell Security Advisory

N24-225 HPE HP-UX Tomcat based Servlet Engine Advisory

N24-224 Check Point security advisory

N24-223 Mitel security advisory

N24-222 Ivanti security advisory

N24-221 Citrix security advisory

N24-220 Foxit security advisory

N24-219 Microsoft Edge security advisory

N24-218 Ubuntu security advisory


19th - 25th

 

N24-217 Google Chrome Security Advisory

N24-216 GitLab security advisory

N24-215 Mitel Security Advisory

N24-214 Atlassian security advisory

N24-213 Cisco security advisory

N24-212 VMware security advisory

N24-211 Ivanti Security Advisory

N24-210 Google Chrome security advisory

N24-209 GitHub Security Advisory

N24-208 Red Hat Security Advisory

N24-207 HPE Security Advisory


12th - 18th

N24-206 Lenovo Security Advisory

N24-205 Microsoft Edge Security Advisory (AV24-276)

N24-204 Drupal Security Advisory (AV24-275)

N24-203 Google Chrome security advisory

N24-202 Cisco security advisory

N24-201 Microsoft Edge security advisory

N24-200 HPE Security Advisory

N24-199 F5 security advisory

N24-198 Adobe security advisory

N24-197 Fortinet Security Advisory

N24-196 SAP Security Advisory

N24-195 Microsoft security advisory

N24-194 Mozilla Security Advisory

N24-193 VMware Security Advisory

N24-192 Google Chrome security advisory

N24-191 Apple Security Advisory

N24-190 Apple security advisory

N24-189 Microsoft Edge security advisory

N24-188 Ubuntu security advisory

N24-187 TunnelVision VPN security advisory


5th - 11th

N24-186 F5 Security Aadvisory

N24-185 Google Chrome Security Advisory

N24-184 Ubuntu Security Advisory

N24-183 Apple security advisory

N24-182 Citrix Security Advisory

N24-181 Tinyproxy Security Advisory

N24-180 Google Chrome security advisory

N24-179 Android security advisory

N24-178 Red Hat security advisory

1st - 4th

N24-177 Cisco security advisory

 

April 2024

28th - 30th

N24-176 HPE Security Advisory

N24-175 Google Chrome Security Advisory

N24-174 SonicWall security advisory

N24-173 Microsoft Edge Security Advisory

N24-172 Ubuntu security advisory

N24-171 WordPress plugin security Advisory


21st - 27th

N24-170 HPE Security Advisory

N24-169  Mitel Product Security Advisory

N24-168 Drupal Security Advisory

N24-167 Cisco security advisory

AL24-006  Alert - Cyber activity impacting CISCO ASA devices

N24-166 Google Chrome Security Advisory

N24-165 CrushFTP Security Advisory

N24-164 Ubuntu Security Advisory

N24-163 Red Hat Security Advisory

N24-162 OpenMetadata Security Advisory

14th - 20th

N24-161 Oracle Critical Patch Update Advisory - April 2024 (AV24-210)

N24-160 OpenSSL Security Advisory

N24-159 Ivanti Security Advisory

N24-158 Microsoft Edge Security Advisory

N24-156 Google Chrome Security Advisory - update

N24-157 Cisco security advisory

AL24-005 - Vulnerability impacting PAN-OS GlobalProtect Gateway - Update 2

N24-156 Google Chrome Security Advisory

N24-155 Atlassian security advisory

N24-154 Mozilla Security Advisory

N24-153 Juniper security advisory

AL24-005 - Vulnerability impacting PAN-OS GlobalProtect Gateway


7th - 13th

N24-152 Apache HTTP Server Security Advisory

N24-151 Palo Alto Networks Security Advisory

N24-150 Mitel security advisory

N24-149 Citrix security advisory

N24-148 Google Chrome Security Advisory

N24-147 Palo Alto Networks security advisory

N24-146 Microsoft Security Advisory

N24-145 Adobe Security Advisory

N24-144 Fortinet Security Advisory

N24-143 SAP Security Advisory

N24-142 Schneider Electric Security Advisory

N24-141 Red Hat Security Advisory


1st - 6th

N24-140 VMware Security Advisory

N24-139 Microsoft Edge Security Advisory

N24-138 HPE Security Advisory

N24-137 Cisco security advisory

N24-136 Ivanti security advisory

N24-135 Arch Security Advisory

N24-134 Google Chrome Security Advisory

N24-133 Android Security Advisory

N24-132 Kali Security Advisory

N24-131 OpenSUSE Security Advisory

N24-130 Debian Security Advisory

N24-129 Fedora Security Advisory

N24-128 HPE security advisory

N24-127 Red Hat security advisory

N24-126 Ubuntu Security Advisory

N24-125 Microsoft Edge security advisory

 

March 2024

24th - 30th

N24-124 JetBrains security advisory

N24-123 GitLab security advisory

N24-122 Cisco security advisory

N24-121 Microsoft Edge security advisory

N24-120 Google security advisory

N24-119 Red Hat security advisory

N24-118 Apple security advisory

N24-117 IBM Chrome security advisory

N24-116 Ubuntu Security Advisory


17th - 23rd

N24-115 Lenovo Security Advisory

N24-114 Mozilla Security Advisory

N24-113 Ivanti Security Advisory

N24-112 Google Chrome security advisory

N24-111 Atlassian Security Advisory

N24-110 Mozilla Security Advisory

N24-109 Red Hat Security Advisory

N24-108 Ubuntu Security Advisory


10th - 16th

N24-107 Microsoft Edge security advisory

N24-106 HPE security advisory

N24-105 Cisco Security Advisory

N24-104 Mitel Security Advisory

N24-103 Google Chrome security advisory

N24-102 Microsoft security advisory - March 2024

N24-101 Adobe Security Advisory

N24-100 Fortinet Security Advisory

N24-099 SAP Security Advisory

N24-098 Schneider Electric Security Advisory

N24-097 Microsoft Edge Security Advisory

1st - 9th

N24-096 Mozilla Security Advisory

N24-095 Apple Security Advisory

N24-094 GitLab security advisory

N24-093 Apple Security Advisory

N24-092 Drupal Security Advisory

N24-091 Cisco security advisory

N24-090 Google Chrome Security Advisory

N24-089 VMware Security Advisory

N24-088 JetBrains Security Advisory

N24-087 SolarWinds Security Advisory

N24-086 Android Security Advisory

N24-085 Red Hat Security Advisory

N24-084 Mitel security advisory

N24-083 Ubuntu Security Advisory

 

February 2024

25th - 29th

N24-082 HPE Security Advisory

N24-081 Cisco security advisory

N24-080 Google Chrome security advisory

N24-079 Zoom Security Advisory

N24-078 Ubuntu Security Advisory

18th - 24th

N24-077 Cisco Unified Intelligence Center Security Advisory

N24-076 ClamAV OLE2 Security Advisory

N24-075 GitLab security advisory

AL24-004 Vulnerabilities impacting ConnectWise ScreenConnect

N24-074 Atlassian security advisory

N24-073 Juniper Security Advisory

N24-072 Google Chrome security advisory

N24-071 VMware Security Advisory

N24-070 ScreenConnect Security Advisory

N24-069 Mozila security advisory

N24-068 Ubuntu Security Advisory


11th - 17th

N24-067 Solarwinds Security Advisory

N24-066 BIND Security Advisory

N24-065 F5 security advisory

N24-064 SAP security advisory

N24-063 HPE security advisory

N24-062 Adobe security advisory

N24-061 Schneider Electric security advisory

N24-060 Microsoft security advisory - February 2024

N24-059 Red Hat security advisory

N24-058 Ubuntu Security Advisory


4th - 10th

AL24-003 Vulnerabilities impacting Fortinet FortiOS

N24-057 FortiOS SSL VPN Security Advisory

N24-056 Ivanti Securityt Advisory

N24-055 FortiOS Security Bulletin

N24-054 OpenSSL Security Bulletin

N24-053 JSA Applications Security Bulletin

N24-052 Citrix Hypervisor Security Bulletin

N24-051 Sonic security advisory1

N24-050 Linux security advisory

N24-049 Cisco security advisory

N24-048 Google Chrome security advisory

N24-047 VMware security advisory

N24-046 Android security advisory


1st - 3rd

N24-045 Microsoft Edge security advisory

 

January 2024

28th - 31st

AL24-001  Alert - Ivanti Connect Secure and Ivanti Policy Secure gateways zero-day vulnerabilities – Update 2

N24-044 Ivanti security advisory

N24-043 Google security advisory

N24-042 Jenkins Security Advisory

N24-041 Ubuntu Security Advisory

21st - 27th

N24-040 Microsoft Edge Security Updates

N24-039 Junos Security Advisory

N24-038 GitLab security advisory

N24-037 WordPress security advisory

N24-036 Cisco security advisory

N24-035 Google Chrome security advisory

N24-034 Ivanti security advisory

N24-033 Fortra security advisory

N24-032 Mozilla security advisory

N24-031 HPE security advisory

N24-030 Apple security advisory

N24-029 Apple security advisory

N24-028 Red Hat  security advisory


14th - 20th

N24-027 HPE security advisory

N24-026 Oracle security advisory – January 2024 quarterly rollup

AL24-001  Ivanti Connect Secure and Ivanti Policy Secure gateways zero-day vulnerabilities -  Update 1

N24-025 SonicWall security advisory

N24-024 Atlassian security advisory

N24-023 Google security advisory

N24-022 VMWare security advisory

N24-021 Citrix security advisory

N24-020 Juniper Networks Security Advisory

AL24-002 Vulnerability impacting Gitlab

7th - 13th

N24-019 AMI MegaRAC Vulnerabilities

N24-018 Rapid Software Security Advisory

N24-017 GitLab Critical Security Release

N24-016 Apple security advisory

N24-015 Cisco security advisory

N24-014 Ivanti security advisory

N24-013 Microsoft security advisory - January 2024

N24-012 Fortinet security advisory

N24-011 Google Chrome security advisory

N24-010 SAP security advisory

N24-009 Schneider Electric security advisory

N24-008  Microsoft Edge security advisory

N24-007  Ubuntu security advisory


1st - 6th

N24-006 Update Apple security advisory

N24-005 Ivanti security advisory

N24-004 Perl security advisory

N24-003 HPE security advisory

N24-002 Google Chrome Security Advisory

N24- 001 Android Security Bulletin

N23-548 Microsoft Edge Security

 

December 2023

17th - 23rd

N23-547 Sensitive Data Disclosure Vulnerability (CVE-2023-40058)

N23-546 VMware Workspace ONE Launch

N23-545 Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Packet Validation Vulnerability

N23-544 Apache Struts Vulnerability Affecting Cisco Products

N23-543 HPE security advisory

N23-542 FXC LAN router security advisory

N23-541 Google security advisory

N23-540 Ivanti security advisory

N23-539 Apple security advisory

N23-538 EFACEC security advisory

N23-537 HPE security advisory

N23-536 Mozilla security advisory

N23-535 Wordpress security advisory

N23-534 IBM Security Advisory

N23-533 Ubuntu Security Advisory

N23-532 Adobe Security Advisory


10th - 16th

AL23-019 CVE-2023-50164 - Vulnerability impacting Apache Struts 2

N23-531 Unitronics PLCs Security Advisory

N23-530 HPE security advisory

N23-529 Palo Alto Networks security advisory

N23-528 GitLab security advisory

N23-527 Atlassian security advisory

N23-526 Ivanti security advisory

N23-525 Microsoft security advisory

N23-524 Fortinet security advisory

N23-523 SAP security advisory

N23-522 HPE security advisory

N23-521 Schneider Electric security advisory

N23-520 Apple security advisory

N23-519 Microsoft Edge security advisory


3rd - 9th

N23-518 Lenovo Security Advisory

N23-517 Sierra Wireless AirLink Security Advisory

N23-516 Schweitzer Engineering Laboratories Security Advisory

N23-515 Apache Struts Security Advisory

N23-514 CISA security advisory

N23-513 Atlassian security advisory

N23-512 Google Chrome security advisory

N23-511 Qualcomm security advisory

N23-510 Android security advisory

N23-509 Ubuntu security advisory

N23-508 IBM security advisory

N23-507 Dell security advisory

N23-506 Adobe Security Advisory

N23-505 Cisco AppDynamics PHP Agent

N23-504 Cisco Identity Services Engine Security Advisory

N23-503 Cisco Secure Endpoint for Windows Security Advisory

N23-502 Cisco IP Phone Security Advisory

N23-501 Cisco Secure Client Software Security Advisory

N23-500 Atlassian Security Bulletin

N23-499 Ubuntu Security Advisory

N23-498 Becton, Dickinson and Company Security Advisory

N23-497 Microsoft Edge Security Updates

N23-496 Delta Electronics Security Advisory

 

October 2023

29th - 31st

N23-462 VMare security advisory

N23-461 Ubuntu security advisory

N23-460 Mozilla security advisory

N23-459 VMare security advisory


22nd - 28th

N23-458 F5 security advisory

N23-457 Apple security advisory

N23-456 VMware security advisory

N23-455 Google Chrome security advisory

N23-454 Mozilla security advisory

N23-453 Ivanti security advisory

N23-452 VMware security advisory


15th - 21st

N23-451 Apache HTTP Server Security Advisory

N23-450 HTTP-2 Rapid Reset Attack Affecting Cisco Products October 2023

N23-449 Oracle Critical Patch Update Advisory - October 2023

N23-448 Atlassian Security Bulletin - October 2023

N23-447 F5 security advisory

N23-446 SonicWall security advisory

N23-445 Cisco security advisory

N23-444 IBM security advisory

N23-443 Ubuntu security advisory

N23-442 Fortinet security advisory


8th - 14th

N23-441 HPE security advisory

N23-440 Juniper Networks security advisory

N23-439 Curl security advisory

N23-438 Google Chrome security advisory

N23-437 Apple security advisory

N23-436 Fortinet security advisory

N23-435 Microsoft security advisory

N23-434 Citrix Security Advisory

N23-433 Schneider Electric Security Advisory

N23-432 Ubuntu Security Advisory

1st - 7th

N23-431 Hitachi Energy Security Advisory

N23-430 Microsoft Edge Security Update

N23-429 Exim Security Advisory

N23-428  SonicWall security advisory

N23-427  Apple security advisory

N23-426  Red Hat security advisory

N23-425 Atlassian Confluence Data Center and Server Security Advisory

N23-424 Cisco security advisory

N23-423  Google Chrome security advisory

N23-422 Ubuntu security advisory

N23-421 Dell Security advisory

N23-420 Android Security Advisory

 

September 2023

25th - 30th

N23-419 Hitachi Energy Asset Suite

N23-418 Rockwell Automation PanelView 800 Security Advisory

N23-417 Google security advisory (AV23-588)

N23-416 Progress Security Advisory

N23-415 Mozilla security advisory (AV23-587)

N23-414 Cisco security advisory

N23-413 Google Security Advisory

N23-412 Apple Security Advisory

N23-411 libwebp Vulnerability

N23-410 Mozilla Security Advisory

N23-409 Apache Avro .NET SDK Vulnerability

N23-408 Linux kernel netfilter subsystem Vulnerability

N23-407 D-LINK Wireless Router Vulnerability

N23-406 OpenSSH before 9.3p2 Vulnerability

N23-405 JSON Vulnerability

N23-404 Apache Tomcat Connectors mod_jk component Vulnerability

17th - 23rd

N23-403 Red Hat Openstack Undercloud Vulnerability

N23-402  Kubernetes service for notebooks in RHODS

N23-401  Red Hat Single Sign-On for OpenShift Vulnerability

N23-400 Trend Micro Apex One (on-prem and SaaS) Vulnerability

N23-399 Linux Kernel Below or Equal to 54 Vulnerability

N23-398 Apple Security Advisory

N23-397 MongoDB Server running on Windows or macOS Vulnerability

N23-396 Atlassian September Security Bulletin

N23-395 ISC Releases Security Advisories for BIND 9

N23-394 Drupal Core Cache Poisoning Vulnerability

N23-393 Python through 3.9.1 multiple Vulnerabilities

N23-392 Apache Calcite Vulnerability

N23-391 Microsoft Edge Elevation of Privilege Vulnerability

N23-390 OpenStack Vulnerability

N23-389 Red Hat Security Advisory

N23-388 Apple Security Advisory

N23-387 Apache Airflow prior to 1.10.11 Vulnerability

N23-386 Apache Airflow HDFS Provider prior to 4.1.1 Vulnerability

N23-385 Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 Vulnerability

N23-384 Linux kernel before 6.3.4. Vulnerability

N23-383 Ubuntu security advisory (AV23-558)


10th - 16th

N23-382 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Security Advisory

N23-381 Palo Alto Networks security advisory (AV22-553)

N23-380 Red Hat security advisory (AV23-552)

N23-379 Fortinet security advisory (AV23-551)

N23-378 Mozilla security advisory (AV23-550)

N23-377 Google Chrome security advisory (AV23-549)

N23-376 Microsoft Edge security advisory

N23-375 Microsoft security advisory – September 2023

N23-374 Adobe security advisory (AV23-546)

N23-373 SAP Security Advisory

N23-372 Google Chrome Security Advisory

N23-371 Ubuntu Security Advisory

1st - 9th

N23-370 Apple Security Advisory

N23-369 HPE Security Advisory

N23-368 Cisco Security Advisory

N23-367 Google Security Advisory

N23-366 Android Security Advisory

N23-365 Microsoft Edge Security Advisory

N23-364 Ivanti Security Advisory

 

August 2023

27th - 31st

N23-363 FortiOS Security Advisory

N23-362 VMware Security Advisory

N23-361 Mozilla Foundation Thunderbird Security Advisory

N23-360 Cisco Unified Communications Products Security Advisory

N23-359 Apache Tomcat 9.x Security Advisory

N23-358 HPE B-Series SANnav Management Portal and Global View Security Bulletin

N23-357 Lenovo Multi-vendor BIOS Security Vulnerabilities

N23-356 Lenovo Third-party Bootloader Vulnerabilities

N23-355 Cisco Application Policy Infrastructure Controller Security Advisory

N23-354 Cisco FXOS Software Security Advisory

N23-353 Out-of-Cycle Security Bulletin-Junos OS-SRX Series and EX Series-Multiple vulnerabilities in J-Web

N23-352 Cisco Nexus 3000 and 9000 Series Switches Security Advisory

N23-351 HPE Security Advisory

N23-350 Dell Security Advisory

N23-349  Google Stable Channel Update for Desktop

N23-348 VMWare Security Advisory

N23-347 Mozilla Security Advisory

N23-346 Microsoft Edge elevation of privilege vulnerability.pdf

N23-345 IBM security advisory vulnerability.pdf

20th - 26th

N23-344 Linux kernel memory management subsystem Vulnerability

N23-343 binutils libbfd.c 2.36 Vulnerability

N23-342 curl 7.65.2 Vulnerability

N23-341 MarkText on Windows, Linux and macOS Vulnerability

N23-340 Cisco IPV Appliance Multiple Vulnerabilities

N23-339 Cisco FXOS Software SNMP Vulnerability

N23-338 MIT Kerberos 5 Vulnerability

N23-337 Google Stable Channel Update for Desktop

N23-336 Linux Kernel Vulnerability

N23-335 xterm before 380 Vulnerability

N23-334 Python cpython v.3.7 Vulnerability

N23-333 Node.js Vulnerability

N23-332 Microsoft Edge Elevation of Privilege Vulnerability

N23-331 PHP loading PHAR files Vulnerability

N23-330 Ivanti Security Advisory

N23-329 Dell Security Advisory

N23-328 Apache Airflow Drill Provider Vulnerability

N23-327 .NET and Visual Studio Denial of Service Vulnerability


13th - 19th

N23-325 HPE Security Advisory

N23-324 Linux Kernel Vulnerability

N23-323 Cisco Security Advisory

N23-322 Ivanti Avalanche below version 6.4.1. Vulnerabilities

N23-321 Atlassian Security Advisory

N23-320 Google Stable Channel Update for Desktop

N23-319 Adobe Security Bulletin

N23-318 Apache Traffic Server Vulnerability

N23-317 Python before 3.11.4 Vulnerability

N23-316 Zoom Desktop Client for Windows Vulnerability


6th - 12th

N23-315 Leaking VPN Client Traffic Vulnerability

N23-314 Zoom SDKs before 5.14.7 Vulnerability

N23-313 Apache Airflow Vulnerability

N23-312 Red Hat Security Advisory

N23-311 Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability

N23-310 Juniper Networks Junos OS Vulnerability

N23-309 Microsoft Security Advisory - August 2023

N23-308 Android Security Advisory – August 2023 Monthly Rollup

N23-307 PHP Information Disclosure Vulnerability

N23-306 Linux kernel Out Of Bounds memory access flaw

N23-305 Samba Vulnerabilities


1st - 5th

AL23-013 Midnight Blizzard conducts targeted social engineering over Microsoft Teams

AL23-012 2022 Top routinely exploited vulnerabilities

N23-304 Aruba AP Multiple Vulnerabilities

N23-303 Apache Helix through 1.2.0

N23-302 Apache Jackrabbit RMI access can lead to RCE

N23-301 Google Stable Channel Update for Desktop

N23-300 F5 Security Advisory

N23-299 Apache InLong Vulnerability

N23-298 HPE Security Advisory

N23-297 Linux Kernel multiple Vulnerabilities

N23-296 Apache Shiro Vulnerability

N23-295 Mozilla Security Advisory

 

July 2023

23rd - 29th

N23-294 Linux kernel's Netfilter Subsystem Vulnerability

N23-293 Kentico CMS Vulnerabilities

N23-292 GitHub Repository Absolute Path Traversal Vulnerability

N23-291 Linux kernel through 6.3.1 Vulnerability

N23-290 Veritas InfoScale Operations Manager Vulnerability

N23-289 Linux Kernel multiple Vulnerabilities

N23-288 DedeCMS v5.7.109 Vulnerability

N23-287 Apache EventMesh Vulnerability

N23-286 Citrix Hypervisor Security Advisory

AL23-011 Threat Actors Exploiting Ivanti Endpoint Manager Mobile CVE-2023-35078

N23-285 Red Hat OpenShift Container Platform 4.13.5 Security Update

N23-284 Apple Security Advisory


16th - 22nd

N23-283 Atlassian Security Advisory

N23-282 Adobe Security Advisory

N23-281 Apache RocketMQ Vulnerability

N23-280 Oracle Security Advisory – July 2023 Quarterly Rollup

N23-279 Google Chrome Security Advisory

N23-278 Red Hat Security Advisory

N23-277 Citrix ADC and Citrix Gateway Security Bulletin


9th - 15th

N23-276 Microsoft Edge Security Advisory

N23-275 Zoom Client Vulnerabilities

N23-274 VMware SD-WAN (Edge) Authentication bypass Vulnerability

N23-273 Apple Security Advisory

N23-272 SonicWall Security Advisory

N23-271 Junos OS J-Web Multiple Vulnerabilities in PHP software

N23-270 Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability

N23-269 Node v20.2.0 Vulnerability

N23-268 Citrix Security Advisory

N23-267 Microsoft Security Advisory July 2023

N23-266 SAP Security Patch Day – July 2023

N23-265 Mozilla Security Advisory

N23-264 IBM July Security Advisory

N23-263 Apple Security Advisory

N23-262 Ubuntu Security Advisory


1st - 8th

N23-261 Cisco Security Advisory

N23-260 Cisco ACI Multi-Site CloudSec Security Advisory

N23-259 Progress MOVEit Security Advisory

N23-258 Vulnerability Android Security Bulletin

N23-257 Linux kernel’s XFS File System Vulnerability

N23-256 Zyxel NAS326 NAS540 NAS542 Vulnerability

N23-255 Mozilla Security Advisory

 

June 2023

25th - 30th

N23-244 ISC BIND Security Advisory

N23-245 Google Chrome Security Advisory

N23-246 Fortinet Security Advisory

N23-247 Linux Kernel Vulnerability

N23-248 Red Hat Security Advisory

N23-249 Apache Accumulo Vulnerability

N23-250 Linux kernel's versions 5.6 - 5.11 Vulnerability

N23-251 Linux Kernel Local Code Execution Vulnerability

N23-252 Microsoft Edge Chromium Vulnerabilities

N23-253 Trellix Security Advisory

N23-254 Apache Traffic Server multiple Vulnerabilities


18th - 24th

N23-234 KeePassXC through 2.7.5 Vulnerability

N23-235 Linux Kernel Multiple Vulnerabilities

N23-236 Red Hat Multiple OpenShift Products RCI Vulnerability

N23-237 Gradio open-source Python Library Vulnerability

N23-238 Apple Security Advisory

N23-239 Apache Traffic Server Vulnerability

N23-240 Juniper Networks Security Advisory

N23-241 Apache Tomcat Vulnerability

N23-242 VMware Security Advisory

N23-243 Ubuntu Security Advisory


11th - 17th

N23-226 FortiNet FortiOS RCE Vulnerability in SSL VPN devices

N23-228 Citrix Security Advisory

N23-229 Google Chrome Security Advisory

N23-230 Microsoft security advisory – June 2023 monthly rollup

N23-231 Adobe Security Advisory

N23-232 Microsoft Edge Security Updates

N23-233 MOVEit Transfer Critical Vulnerability


4th - 10th

N23-216 Microsoft Edge Security Advisory

N23-217 Mozilla Security Advisory

N23-218 Android Security Bulletin — June 2023

N23-219 Google Chrome Security Advisory

N23-220 Deviniti for Jira Vulnerability

N23-221 VMware Security Advisory

N23-222 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability

N23-223 Cisco AnyConnect Secure Mobility Client for Windows Local Privilege Elevation Vulnerability

N23-224 curl below v8.1.0 Information disclosure Vulnerability

N23-225 Cisco ASA-Firepower Threat Defense SSL-TLS denial of service Vulnerability


1st - 3rd

N23-213 Splunk Enterprise multiple Vulnerabilities

N23-214 Progress MOVEit Transfer

N23-215 Barracuda Email Security Gateway Appliances Security Advisory

Threats:

The best protection against all forms of malicious cyberattacks is to arm yourself with the knowledge ahead of time, so when you are faced with these adverse situations you are prepared and ready to respond accordingly.

Read up on the types of malicious cyberattacks you and your colleagues are at risk of falling victim to:

 

Phishing

Phishing is a social engineering method most frequently used by cyber criminals to capture personal and/or financial information. It uses email with faked information and takes the user to dangerous websites. Phishing emails are able to fake the sending address and reproduce logos of legitimate senders such as a bank or a government agency.

A phishing email usually has a few common elements:

  • It claims to come from a credible organization
  • It claims to come from someone familiar
  • A tone of urgency that asks the recipient to take immediate action
  • A tone of urgency that asks the recipient to take immediate action
  • A threat of negative consequences, or the promise of some kind a reward 

The goal is to trick a user into divulging personal and/or financial data such as credit card numbers, account user names and passwords or other valuable information. In some situations, the phishing email may trick a user into downloading dangerous malware onto their computer.

How do you guard against Phishing?

Remember that legitimate businesses, financial institutions, and help desks should never ask you for personal or confidential information via email, voice or text message. Be ware of unexpected messages and verify them by contacting. Less sophisticated messages may set off alarm bells because there are misspelled words or faulty grammar. You can ‘hover’ your mouse over a URL to see if it is identical to what is written; if they are different, this is an indicator that the source is probably not legitimate.

In General

  • Be careful if the email was unsolicited.
  • Be suspicious if the unsolicited email contains spelling errors or incorrect grammar.
  • The best practice is to not trust supplied links, especially if received in unsolicited emails; use a reputable search engine to look up the address and/or company names and go from there.
  • Do not reply with any personal, confidential or financial information to ‘verify’ your identity.
  • Monitor your credit card and bank statements. If you believe you have been a victim of phishing contact your local police to get advice and to file a complaint.
  • Do not click on “Unsubscribe” in a spam/ phishing email – this lets the spammers know they have hit a “live” address and you will get more emails of this type.
  • If you believe the email communication to be valid, contact the company directly.
  • If you are unsure what to do when a suspect email is received, best practice is to delete it.

Read up on the following external resources for a better understanding of phishing emails and how they are composed:

Safety Detectives' guide to phishing defence

Phishing examples from Aura

Phishing examples from Terranova Security

 

Ransomware

Ransomware is a form of malicious code or malware that infects a computer or network and spreads rapidly to encrypt the data. This malware makes the data inaccessible to the users and the criminals responsible will demand payment from the user in order to have their files unencrypted and returned. The payment is often requested in Bitcoin or other electronic currency. Businesses and individuals worldwide are currently under attack by ransomware. Individuals are reporting incidents in which their systems are frozen while an on-screen message demands payment to have their data returned. Individuals both at work and at home are at risk of these and similar attacks by hackers. Trend Micro researchers anticipate that ransomware will make further grounds in 2018 and that it’s not going away anytime soon.

Steps to lower the risk of infection and to help with recovery

  • Make sure all software is kept up-to-date with the latest patches including Windows, web browsers, Java and Adobe.
  • Perform regular backups of your data. Ideally, this data should be kept on a different device other than your computer.
  • Don’t open links or attachments in emails from untrusted or unknown sources.
  • Ensure your anti-virus is up to date.
  • Consider using a security application from a reputable company on your mobile device.
  • Don’t download or install applications from untrusted or unknown sources.
  • Never click on pop-up windows that claim your computer has a virus.

How to protect against a ransomware infection

Be skeptical. Do not click on any emails or attachments you do not recognize, and avoid suspicious websites altogether, such as the ads/links that often appear at the right or the bottom of a website. Do not accept any software updates that are triggered from a website or email. This includes offers of Windows 10, and updates to Java and Adobe Flash.
What to do if your workstation or other network-connected device is infected:
If you receive a ransomware pop-up, or come across a file that prompts you to pay a ransom to regain access to your files, you need to:

  1. Disable Wi-Fi (if using)
  2. Disconnect the network cable from the device to try and halt the spread
  3. Leave the device powered on for investigative reasons
  4. Go to another workstation and change key online passwords such as online banking
  5. Report the problem immediately to your IT department
 

Spyware

Spyware, a kind of malicious software, can monitor and control your computer without your permission. It
may be used to monitor your internet surfing, record your keystrokes and could potentially lead to identity
theft.

Because spyware is mostly focused on information collection or “spying”, the clues that spyware is on a computer can be difficult to spot. Spyware-like services are also sometimes installed ‘legally’ through the
wording of EULA agreements on social media and legitimate software.

The good news is that consumers can minimize how much of their information is collected by following some simple recommendations.

Recommendations

  • Keep your operating system and web browsers updated. Your operating system (like Windows or Linux) may offer free software “patches” to close holes in the system that spyware could exploit.
  • Download free software only from sites you know and trust. It can be appealing to download free software like games, peer-to-peer file-sharing programs, customized toolbars, or other programs that may change or customize the functioning of your computer. Be aware, however, that some of these free software applications bundle or hide other programs in the software, including spyware.
  • Don’t install any software without knowing exactly what it is. Take the time to read the end-user license agreement (EULA) before downloading any software. If the EULA is hard to find — or difficult to understand — think twice about installing the software.
  • Minimize “drive-by” downloads. Make sure your browser security setting is high enough to detect unauthorized downloads, for example, at least the “Medium” setting for Internet Explorer. Keep your browser updated.
  • Don’t click on any links within pop-up windows. If you do, you may install spyware on your computer. Instead, close pop-up windows by clicking on the “X” icon in the title bar.
  • Don’t click on links in spam that claim to offer anti-spyware software. Some software offered in spam actually installs spyware.
  • Install a personal firewall to stop uninvited users from accessing your computer. A firewall blocks unauthorized access to your computer and will alert you if spyware already on your computer is sending information out.

What to do if you suspect Spyware

If you think your computer might have spyware on it, you should take three steps:

  1. Get an anti-malware program from a vendor you know and trust.
  2. Set it to scan on a regular basis — at least once a week — and every time you start your computer, if possible.
  3. Uninstall unused software from your computer. Review and uninstall what you don’t use.
 

Social Engineering

Social Engineering is a way that people use normal social interactions to manipulate people to breach security. It isn’t limited to any technology or system, it can be conversation, texting, body language, or email.

The goals of Social Engineering are typically sensitive or personal information, but it can be used to access secure systems. Social Engineering is used for fraud, identity theft, or can be the prelude to a more serious hack.

Usually Social Engineering plays on a person’s expectations, and emotions. Sometimes it means a person is pretending to be a delivery person, or they could pretend to be frazzled and running late. They play on our gut reactions in order to bypass our reasoning.

There is no single technology or strategy that can defend against social engineering. Each person is the front line against this kind of intrusion. The critical element to protect yourself and your organization is critical thinking.

How to Avoid Being a Victim?

Keep your eyes open and ask yourself questions:

  • If someone wants to enter your house, ask yourself if this is really a secure situation? Are you expecting maintenance or a delivery? Is this person from the company that you’d expect?
  • Why is someone asking about details about your work? Is this information that could be used
    maliciously?
  • How is this person making me feel? Am I feeling sorry for this person who forgot their keycard? Am I feeling intimitated by this bigshot who demands access and information? Am I feeling like I owe this friendly stranger in the café?
  • Does this person really have authority? Have I actually seen any of their credentials?
  • Does it make sense for me to be using my financial information in this situation? Am I dealing with a verified and trusted entity?
  • Am I communicating in a secure way? Is this connection secure? Can I be overheard?

These questions might give you a sense that something is off about a situation. Be diligent and double-check information. Verify information with a trusted third party. Don’t take everything at face value.

What to do if you think you are a victim?

  • If you believe your financial accounts have been compromised, contact your financial institution or credit card company immediately. Watch for any unexplainable charges to your account.
  • Document the situation, report the attack to the police and file a report.
  • Check your credit report with:
    • Equifax Canada – www.consumer.equifax.ca/home/en_ca
    • Trans Union Canada – www.transunion.ca
  • If you believe you might have revealed confidential or sensitive information about your organization, report it to the appropriate Security or Privacy people within your organization.
 

Cyber-Propaganda

In recent years, we’ve seen Social Media networks being used to spread extremism, erode social trust, and influence elections. By changing people’s perception of the world, cyber-propaganda can manipulate the choices of people.

Read on to learn how you can resist cyber-propaganda.

Fake News

Fake news is being used to spread distrust, as well as change public opinion through manipulation. Fake news is hard to spot right away because the world changes at a rapid pace. That means we need to read everything with a critical eye.

Don’t just browse the headlines. When reading articles online, take a moment to ask some questions before sharing:

  • Who wrote it?
  • Is the site credible?
  • Does the evidence support what the author is claiming?
  • Is it supported by other articles?
  • Does the article serve a different purpose?

False Accounts

Not every user account online is who they claimto be. Foreign governments and cybercriminals have been creating fake accounts to generate conflict on the internet. Many of these accounts will pretend to have an extreme version of an existing opinion in order to break trust and cause further divisions between different political leanings. By creating more conflict, this allows groups to influence public decisions.

Before responding to an online post, check these things first:

  • How long has this user been in existence? Fake accounts are usually only used for short periods of time.
  • Does this user have a lot of likes but not a lot of followers? They could be artificially boosting their popularity.
  • Does this user often post links using URL shorteners like bit.ly or tinyurl?

Online Radicalization

Extremist groups use the internet to radicalize and recruit new members into violent and dangerous
movements. You might know someone who is at risk of online radicalization.

Watch for these signs:

  • Is the person reposting or linking to radical content? (hate groups, extremist groups)
  • Are they withdrawing from their usual social networks?
  • Are they exhibiting black-and-white thinking around social topics?
  • Is the person expressing extreme anger when faced with disagreement?

What you can do:

  • If you feel safe doing so, talk to someone if you’re worried they’re at risk of radicalization
  • Report online material promoting terrorism or extremism
    https://www.canadiancrimestoppers.org/tips
  • If you suspect a crime has occurred, report it to your local police force

How to Protect Against Cyber-Propaganda

The propaganda in our social networks can be scary, but we aren’t alone.
Here are some general tips to help resist cyber-propaganda:

  • Don’t just debunk, support media that is honest and reliable
  • Practice good information security to prevent your accounts from being breached and misused
  • Pay attention to those who benefit from the information that you see online
  • Use social media responsibly and think critically before you share anything

Contact information

Contact the 7-7000 Service Desk or phone 1-866-660-0811 option 3

Report an information security incident