Author Archives: Advisory Services

Oracle Squashes 53 Critical Bugs in April Security Update

Overall Oracle patched 297 flaws across multiple product as part of its April security update.


Ubiquitous Bug Allows HIPAA-Protected Malware to Hide Behind Medical Images

The ubiquitous nature of the flaw opens the door for rapidly spreading, crippling cyberattacks.


Cisco Releases Security Update for Cisco IOS XR

Original release date: April 17, 2019 Cisco has released a security update to address a vulnerability in Cisco IOS XR. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.  This product is provided subject to this Notification and this Privacy & Use policy.


ICSJWG Spring Meeting April 23–25

Original release date: April 17, 2019 The Industrial Control Systems Joint Working Group (ICSJWG)—a collaborative and coordinating body operating under the Critical Infrastructure Partnership Advisory Council framework—will hold the 2019 ICSJWG Spring Meeting in Kansas City, Mo, April 23–25, 2019. ICSJWG facilitates information sharing to reduce the risk to the Nation’s industrial control systems.   The Cybersecurity and Infrastructure Security Agency (CISA) encourages interested participants to visit the ICSJWG website to register for the Spring Meeting by April 17, 2019, …
Read More »


Multiple Vulnerabilities in Broadcom WiFi Chipset Drivers

Original release date: April 17, 2019 The CERT Coordination Center (CERT/CC) has released information on multiple vulnerabilities in Broadcom WiFi chipset drivers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT/CC Vulnerability Note VU#166939 for more information and refer to vendors for appropriate updates, when available. This product is provided subject to this Notification and this Privacy & …
Read More »


Windows Zero-Day Emerges in Active Exploits

Patched just last week, the Windows kernel bug is being used for full system takeover.


Oracle Releases April 2019 Security Bulletin

Original release date: April 16, 2019 Oracle has released its Critical Patch Update for April 2019 to address 297 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle April 2019 Critical Patch Update and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


Authentication Bypass Bug Hits Top Enterprise VPNs

Business users of Cisco, F5 Networks, Palo Alto Networks and Pulse Secure platforms are impacted, according the U.S. government.


SB19-105: Vulnerability Summary for the Week of April 8, 2019

Original release date: April 15, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »


Multiple Vulnerabilities in WPA3 Protocol

Original release date: April 12, 2019 The CERT Coordination Center (CERT/CC) has released information on vulnerabilities—referred to as Dragonblood—in WPA3 protocol. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#871675 for more information and refer to vendors for appropriate updates, when available. This product is provided subject to this Notification and this Privacy & Use policy.