AA20-020A: Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP

Summary Note: As of January 24, 2020, Citrix has released all expected updates in response to CVE-2019-19781.[1]  On January 19, 2020, Citrix released firmware updates for Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 11.1 and 12.0.On January 22, 2020, Citrix released security updates for vulnerable SD-WAN WANOP appliances.On January 23, 2020, Citrix released firmware updates for Citrix Read more about AA20-020A: Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP[…]

NSA Releases Guidance on Mitigating Cloud Vulnerabilities

The National Security Agency (NSA) has released an information sheet with guidance on mitigating cloud vulnerabilities. NSA identifies cloud security components and discusses threat actors, cloud vulnerabilities, and potential mitigation measures. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to review NSA’s guidance on Mitigating Cloud Vulnerabilities and CISA’s page on APTs Read more about NSA Releases Guidance on Mitigating Cloud Vulnerabilities[…]

Adobe releases security updates – update your systems asap Oct 13, 2016

Adobe has released security updates to address vulnerabilities in Flash Player and the Creative Cloud Desktop Application. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Adobe Security Bulletins APSB16-32 (external link) and APSB16-34 (external link) and apply the Read more about Adobe releases security updates – update your systems asap Oct 13, 2016[…]

Microsoft releases security updates – Oct 11, 2016

Microsoft has released 10 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Microsoft Security Bulletins MS16-118 through MS16-127 (external link) and apply the necessary updates. Read more.

Cisco releases security update – Oct 13, 2016

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates. More info.

Update Google Chrome asap to avoid security pit falls

Google has released Chrome version 54.0.2840.59 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow an attacker to take control of an affected system. Users and administrators are encouraged to review the Chrome Releases (link is external) page and apply the necessary update.

How to handle your customer or employee’s confidential data?

An organization that handles customer or employee confidential data must protect all stages of confidential data life cycle. Data theft can happen at any stage of the life cycle. The following are the various data life cycle stages. Data gathering Data transmission Data storage Data purge 1. Data gathering: Organization gathers data through physical forms Read more about How to handle your customer or employee’s confidential data?[…]