2024-May

What's Changed

• GitLab Critical Security Advisory - 20240115002 by @TWangmo in #701

• WordPress Multiple Plugins Stored Cross-Site Scripting Vulnerability - 20240506001 by @CharlesRN in #702

• Xiaomi Android Devices Multiple Vulnerabilities - 20240507002 by @DininduSWick in #706
• Bump mdformat-mkdocs[recommended] from 2.0.10 to 2.0.11 by @dependabot in #705
• Bump mkdocs-git-revision-date-localized-plugin from 1.2.4 to 1.2.5 by @dependabot in #704
• Bump mkdocs-material from 9.5.20 to 9.5.21 by @dependabot in #703
• DLink vuln by @ryan-aus in #707
• Mozilla PDF.js Arbitrary Code Execution Vulnerability by @thiagoai1 in #709
• 20240508004 by @TerinaK in #710
• 20240508002-Adobe-Acrobat-Reader-Security-Updates-May-2024 by @TWangmo in #711
• Google Android Security Advisory May 2024 - Advisory by @mahmadhabib076 in #712
• Google Chrome Arbitrary Code Execution Multiple Vulnerabilities - 20240509001 by @LSerki in #714
• Trend Micro Patches Multiple Vulnerability - 20240510005 - Advisory by @mahmadhabib076 in #715
• eDrawings Viewer DXF RCE Vulnerability - 20240509004 by @DininduSWick in #716
• Deno Privilege Escalation Vulnerability by @JT-WA in #717
• 20240510001-F5-Security-Advisory-Addresses-Multiple-Vulnerabilities by @TWangmo in #718
• TunnelVision VPN vuln by @ryan-aus in #719
• 20240513001 by @TerinaK in #721
• 20240419003-PuTTY-vulnerability by @TWangmo in #722
• Microsoft Edge (Chromium-based) Spoofing Vulnerability - 20240513003 by @LSerki in #723

Full Changelog: 2024-April...2024-May

2024-April

What's Changed

• SAP Security Advisory April 2024 - 20240416002 by @DininduSWick in #638
• [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #639
• Bump actions/checkout from 3.6.0 to 4.1.2 by @dependabot in #640
• Bump actions/configure-pages from 2.1.3 to 5.0.0 by @dependabot in #641
• Bump actions/deploy-pages from 1.2.9 to 4.0.5 by @dependabot in #642
• Bump github/codeql-action from 2.25.0 to 3.25.0 by @dependabot in #643
• 20240417002 by @DGOV-Bryce in #646
• Bump actions/dependency-review-action from 2.5.1 to 4.2.5 by @dependabot in #644
• Mozila vulns by @thiagoai1 in #645
• Google Chrome Multiple RCE Vulnerabilities - 20240418002 by @LSerki in #650
• TP-Link Archer Routers Advisory by @CharlesRN in #651
• Ivanti Avalanche Multiple RCE Vulnerabilities - 20240418004 by @DininduSWick in #652
• Advisory - Cisco Patches Vulnerabilities in Integrated Management Controller - 20240419001 by @mahmadhabib076 in #655
• 20240419003 by @DGOV-Bryce in #657
• Libreswan Popular VPN Software Vulnerability - 20240419004 by @LSerki in #656
• 20240419002-Oracle-Critical-Patch-Update-for-April-2024 by @TWangmo in #658
• HashiCorp security advisory by @CharlesRN in #661
• Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability - 20240422002 by @LSerki in #660
• Bump pymdown-extensions from 10.7.1 to 10.8 by @dependabot in #663
• Bump actions/upload-artifact from 3.pre.node20 to 4.3.3 by @dependabot in #662
• Bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #659
• Bump github/codeql-action from 3.25.0 to 3.25.1 by @dependabot in #649
• VirtualBox priv esc by @ryan-aus in #666
• Correct heading typo for VirtualBox advisory by @ryan-aus in #669
• Bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #672
• 20240424003-Microsoft-pulls-fix-for-outlook by @carel-v98 in #671
• Windows DOS-to-NT Path Conversion Process Exploited - 20240424002 - Advisory by @mahmadhabib076 in #670
• Windows Print Spooler Elevation of Privilege Vulnerability - 20240423002 by @DininduSWick in #667
• Bump github/codeql-action from 3.25.1 to 3.25.2 by @dependabot in #668
• Exchange vulnerabilities by @thiagoai1 in #673
• ArcaneDoor Exploiting Cisco ASA Vulnerabilities - 20240425001 by @petarpetrovski in #676
• Progress Software Telerik Reporting Vulnerability by @CharlesRN in #675
• 20240426002 by @TerinaK in #674
• Updated sentinel guidance by @adonm in #665
• Revert "ArcaneDoor Exploiting Cisco ASA Vulnerabilities - 20240425001" by @adonm in #677
• Fixed id - arcanedoor by @adonm in #678
• WordPress Automatic plugin critical vulnerability by @CharlesRN in #680
• Windows Kernel Elevation of Privilege Vulnerability - 20240429001 by @LSerki in #681
• Secret Server auth bypass advisory by @ryan-aus in #682
• Advisory - Network Attached Storage (NAS) Vulnerability - 20240430002 by @mahmadhabib076 in #686
• Bump pymdown-extensions from 10.8 to 10.8.1 by @dependabot in #684
• R Programming Language Vulnerability by @CharlesRN in #687
• CrushFTP systems vulnerability - 20240430001 by @DininduSWick in #688
• Updated to April 2024 by @DamoOne in #693
• smartscreen by @thiagoai1 in #694
• 20240501003 by @TerinaK in #692
• 20240501002-Zscaler-Client-Connector-Vulnerability by @carel-v98 in #691
• Microsoft SmartScreen updated with newly identified Exploits by @CharlesRN in #696
• HPE Aruba Network Products Critical Remote Code Execution (RCE) Vulnerabilities - 20240502001 by @petarpetrovski in #697
• Create 20240503001-Apache-ActiveMQ-Vulnerability.md by @jasonkasih in #698
• Bump actions/dependency-review-action from 4.2.5 to 4.3.2 by @dependabot in #695
• Bump step-security/harden-runner from 2.7.0 to 2.7.1 by @dependabot in #690
• Bump mdformat-mkdocs[recommended] from 2.0.9 to 2.0.10 by @dependabot in #683
• Bump github/codeql-action from 3.25.2 to 3.25.3 by @dependabot in #679
• Bump mkdocs-material from 9.5.18 to 9.5.20 by @dependabot in #685
• Bump mkdocs from 1.5.3 to 1.6.0 by @dependabot in #664
• Acrobat Reader Vulnerability - 20240503003 by @LSerki in #699
• 20240503002 & 20240503004 by @DGOV-Bryce in #700

Full Changelog: 2024-March...2024-April

2024-March

What's Changed

• Ivanti Endpoint Manager Code Injection Vulnerability - Advisory by @mahmadhabib076 in #586
• .net infomration disclosure vuln by @ryan-aus in #584
• Microsoft Edge Chromium based Security Feature Bypass Vulnerability - 20240326004 by @DininduSWick in #585
• Update on Past Advisory by @TWangmo in #587
• Apache vulnerabilities by @thiagoai1 in #588
• Firefox Patches Critical Zero-Day Vulnerabilities - 20240327003 by @CharlesRN in #589
• CISA Releases Multiple Critical Infrastructure Related Advisories - 20240327001 by @LSerki in #590
• 20240328001-Apple-Security-Updates-Safari-MacOS by @carel-v98 in #592
• 20240328002 by @TerinaK in #596
• Added new ADSes and Updated the TTP Guideline Table by @DininduSWick in #595
• Markdown format updates to all ADS forms by @DininduSWick in #598
• Linux Kernel Vulnerability - Advisory by @mahmadhabib076 in #599
• 20240402006-JetBrains-TeamCity-Cross-Site-Scripting-Vulnerability by @TWangmo in #600
• WallEscape util-Linux Vulnerability - 20240402004 by @DininduSWick in #601
• GitLab stored xss by @ryan-aus in #602
• 20240402006-JetBrains-TeamCity-Cross-Site-Scripting-Vulnerability by @TWangmo in #604
• Supply Chain Compromise Affecting XZ Utils Data Compression Library - 20240402002 by @CharlesRN in #603
• 20240402001 by @DGOV-Bryce in #605
• 20240404001-VMWare-SD-WAN-Updates by @carel-v98 in #607
• Ivanti Critical Patch for Multiple Products - 20240209001 by @TWangmo in #608
• Create 20240405002-Edge-Chromium-based-Spoofing-Vulnerability.md by @jasonkasih in #609
• 20240405001 by @TerinaK in #610
• 20240405003 by @DGOV-Bryce in #611
• Cisco Vulnerability in Small Business Routers by @CharlesRN in #613
• PGAdmin Remote Code Execution Vulnerability - 20240408001 by @LSerki in #614
• Fixed severities and ordering by @JT-WA in #616
• Podman Buildah Vulnerability - 20240408004 by @DininduSWick in #615
• Pixel zero day patches by @ryan-aus in #617
• Updated (Defanged) code sample for MonikerLink by @DininduSWick in #618
• Removed code example for MonikerLink by @DininduSWick in #619
• 20240410002-Fortinet-Releases-Security-Updates-for-Multiple-Products by @TWangmo in #620
• April 2024 Security Updates by @thiagoai1 in #621
• 20240410004-Adobe Releases Security Updates for Multiple Products by @carel-v98 in #622
• D-link critical vulnerability advisory by @mahmadhabib076 in #623
• 20240410001-D-Link-Critical-Vulnerability by @TWangmo in #624
• Added - Create Chrome-Security-Update-20240412001.md by @jasonkasih in #625
• Revert "20240410001-D-Link-Critical-Vulnerability" by @DGovEnterprise in #626
• Juniper Security Updates by @JT-WA in #627
• Bitdefender Advisory by @CharlesRN in #628
• Palo Alto Networks PAN-OS Command Injection Vulnerability added to CISA Known Exploited Catalog - 20240415001 by @LSerki in #629
• 20240416004-Critical-Rust-Standard-Library-Vulnerability by @TWangmo in #630
• Advisory - Google Chrome V8 Enum Cache Out-Of-Bounds Read RCE Vulnerability by @mahmadhabib076 in #631
• openssf and vuln updates by @adonm in #632
• [StepSecurity] Apply security best practices by @step-security-bot in #633
• Bump mkdocs-material from 9.5.15 to 9.5.18 by @dependabot in #635
• Bump mdformat-mkdocs[recommended] from 2.0.6 to 2.0.9 by @dependabot in #634
• Nodejs April security release by @ryan-aus in #637

New Contributors

• @DGovEnterprise made their first contribution in #626
• @step-security-bot made their first contribution in #633
• @dependabot made their first contribution in #635

Full Changelog: 2024-February...2024-March

2024-February

Releases

Target is to publish a release each month along with threat activity brief.

What's Changed

• Deployment Walkthrough and FAQ addition by @DGOV-Bryce in #229
• Roundcube vulnerabilities by @JT-WA in #230
• Update 20230615002-SEO-poisoning-Gootloader-Advisory.md by @petarpetrovski in #231
• 202300626003 Advisory by @DGOV-Bryce in #234
• 20230626001 by @TWangmo in #233
• Firefox SVG Animation Remote Code Execution - 20230626002 by @thiagoai1 in #232
• VMware Advisory VMSA-2023-0014 by @JT-WA in #235
• 20230627002-Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved by @TWangmo in #238
• 20230627003 Advisory by @DGOV-Bryce in #236
• Apple-Update-20230627004 by @carel-v98 in #239
• Microsoft Teams Malware Delivery Vector by @JT-WA in #241
• Medtronic Paceart Optima System by @carel-v98 in #242
• Defending Continuous Integration/Continuous Delivery (CI/CD) Environments - 20230630005 by @DininduSWick in #245
• DLink advisories by @mahmadhabib076 in #247
• 202306300002 by @CharlesRN in #249
• iPhone bugs abused in spyware attacks - 20230630001 by @TWangmo in #248
• Pull request for six Samsung security update by @TWangmo in #250
• Top20 TTP's - Observables Gap Analysis by @DininduSWick in #252
• Updated Top 20 TTP's - Observables Gap Analysis by @DininduSWick in #253
• 202307002-Mozilla-Security-Advisories by @TWangmo in #255
• Stack Rot vulnerability 20230710001 by @carel-v98 in #256
• QR-Phishing-Advisory by @carel-v98 in #258
• Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability by @mahmadhabib076 in #257
• 20230711001-Android-Security-Bulletin by @TWangmo in #260
• Microsoft Security Updates Advisory 20230712003 by @CharlesRN in #261
• FortiOS and FortiProxy security patch advisory by @ryan-aus in #262
• Adobe Releases Security Updates for ColdFusion and InDesign by @mahmadhabib076 in #263
• 20230713001-Joint-Cybersecurity-Advisory(CSA) by @TWangmo in #264
• SolarView-Advisory-001 by @CharlesRN in #265
• 20230714002-BD-Alaris-System-with-Guardrails-Suite-MX by @TWangmo in #266
• Security Update for Zimbra Collaboration Suite Version 8.8.15 - 20230717002 by @DininduSWick in #267
• Adobe Product Security Incident Response Team - Advisory by @mahmadhabib076 in #268
• 20230717004-Cisco-SD-WAN-vManage-API-vulnerability by @TWangmo in #269
• Apple-Security_Advisory-005 by @CharlesRN in #270
• Microsoft TI Storm-0987 by @ryan-aus in #271
• Citrix Releases Security Updates 001 by @CharlesRN in #272
• Updated Observables Gap Analysis by @DininduSWick in #273
• Citrix Releases Security Updates for NetScaler ADC and Gateway - 20230720001 by @DininduSWick in #274
• Oracle Releases Security Updates - 20230720002 by @LSerki in #275
• 20230720004-Juniper-Security-Advisories-July by @TWangmo in #276
• Adobe cold fusion security patch released by @ryan-aus in #277
• 20230721001-Adobe-Cold-Fusion-Access-Control by @carel-v98 in #278
• 20230724001-On-prem-Atlassian-Stacks-are-vulnerable by @TWangmo in #279
• Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells - 20230721002 Updated reference by @DininduSWick in #282
• Vulnerability in Ivanti Endpoint Manager Mobile (EPMM) - 20230725001 by @DininduSWick in #283
• 20230726001-AMD-Zenbleed-Flaw-Leaks-Sensitive-Data.md by @JT-WA in #284
• 20230726002-Apple-Security-Updates-July by @TWangmo in #285
• Unpatched Zyxel Devices are Being Roped Into DDoS Botnets - 20230727003 by @DininduSWick in #286
• Main by @thiagoai1 in #287
• AMD Zenbleed Edit by @JT-WA in #288
• Barracuda-IoC-Update-Fixed by @carel-v98 in #290
• CISA Releases IDOR Vulnerability joint Advisory - 20230801001 by @thiagoai1 in #291
• Fixed Alert number for Barracuda update by @carel-v98 in #292
• 20230804001-Mozilla-Security-Updates by @TWangmo in #293
• Update threat-activity.md by @DamoOne in #294
• 20230808001-Zyxel-P660HN-T1A-Routers-Vulnerability by @TWangmo in #295
• FortiOS Advisory + Updates to Network Management guideline by @JT-WA in #296
• Microsoft August Patches by @carel-v98 in #297
• SCuBA Recommendations by @JT-WA in #299
• Fixed typos by @carel-v98 in #300
• Adobe security updates by @ryan-aus in #301
• Downfall & Zenbleed Advisory by @JT-WA in #302
• 20230810002-.NET-Core-and-Visual-Studio-vulnerability by @TWangmo in #303
• SAP August 2023 Security Updates by @ryan-aus in #306
• 20230815001-AMD-CPU-vulnerability by @TWangmo in #305
• Network Management Guideline update by @JT-WA in #304
• Network guidance by @adonm in #307
• 20230818001-Citrix-ShareFile-Vulnerability by @TWangmo in #308
• Atlassian-Releases-Security-Update-for-Confluence-Server-and-Data-Center - 20230821001 by @DininduSWick in #309
• Advisories 20230822 001,002 by @JadonWill in #310
• Citrix-Advisory-20230822004 by @CharlesRN in #311
• 20230822003 - Ivanti Sentry API Bypass by @carel-v98 in #312
• grammar fix by @ryan-aus in #313
• Threat Hunt TTP Detection Guideline and updates to yaml entries by @DininduSWick in #314
• Advisories 20230829 001,002 by @JadonWill in #315
• CISA and FBI Publish Joint Advisory on QakBot Infrastructure - 20230901002 by @DininduSWick in #318
• VMware Releases Security Updates for Aria Operations for Networks - 20230901001 by @CharlesRN in #316
• Advisory - 20230901003 Barracuda by @JadonWill in #319
• Update config-wombat-test.md by @adonm in #320
• Advisories 20230905 001,002,003 by @JadonWill in #325
• 20230904001 Infamous chisel Report by @carel-v98 in #321
• 20230907001-Apache-RocketMQ-Command-Execution-Vulnerability by @TWangmo in #326
• Update threat-activity.md by @DGov-Aaron in #327
• 20230908001-State actors exploiting Zoho&Foritnet by @carel-v98 in #328
• 20230908002-Cisco-BroadWorks-Authentication-Bypass-Flaw by @TWangmo in #329
• Advisory 20230908002 by @JadonWill in #330
• Fixed formatting issues by @carel-v98 in #331
• 20230913001 Patch Tuesday by @carel-v98 in #332
• Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability - 20230915001 by @DininduSWick in #335
• Advisories 20230914 001 & 002 by @JadonWill in #334
• 20230914003-Chrome-Buffer-Overflow by @carel-v98 in #333
• 20230918001-Chromium-WebP-Heap-Based-Buffer-Overflow-Critical-Vulnerability by @twang...

2023-June

Update advisory-vulnerability.md