WordPress Releases Security Updates

WordPress 5.4 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. Therefore, Bhutan Computer Incident Response Team recommends users and administrators to review  the WordPress Security Release and upgrade to WordPress 5.4.1.

Cisco Releases Security Updates

Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Solution software. An attacker could exploit this vulnerability to take control of an affected system. Therefore, Bhutan Computer Incident Response Team recommends users and administrators to review  the Cisco Security Advisory and apply the necessary updates.

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Therefore, Bhutan Computer Incident Response Team recommends users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. Bridge APSB20-19 Illustrator APSB20-20 Magento APSB20-22

VMware Releases Security Updates for ESXi

VMware has released security updates to address a vulnerability in ESXi. An attacker could exploit this vulnerability to take control of an affected system. Therefore, Bhutan Computer Incident Response Team recommends users and administrators to review VMware Security Advisory VMSA-2020-0008 and apply the necessary updates.

Zero-Day in Apple mail on iOS User

The BtCIRT would like to inform the general public about the  default Mail App  in iPhones and iPads vulnerable to two critical flaws that attackers are exploiting.The vulnerabilities of the mail application allow attackers to take complete control over Apple devices remotely by simply sending an email to any targeted individual. These flaws which resides in the MIME library of the Apple mailing application are triggered while processing the contents of an email and they are critical hence it can be exploited with ‘zero-click,’ which means that no action is required from the targeted user. Therefore, Bhutan Computer Incident Response Team […]