Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Bhutan Computer Incident Response Team recommended users and administrators to review the following Cisco Advisories and apply the necessary updates: Cisco Application Services Engine Unauthorized Access Vulnerabilities cisco-sa-case-mvuln-dYrDPC6w Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability cisco-sa-3000-9000-fileaction-QtLzDRy2 Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass Vulnerability cisco-sa-mso-authbyp-bb5GmBQv...
Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 78.8, Firefox ESR 78.8, and Firefox 86. An attacker could exploit these vulnerabilities to take control of an affected system. Bhutan Computer Incident Response Team recommended users and administrators to review the Mozilla security advisories and apply the necessary updates....
VMware Releases Multiple Security Updates
VMware has released security updates to address multiple vulnerabilities–CVE-2021-21972, CVE-2021-21973, CVE-2021-21974—ESXi, vCenter Server, and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Bhutan Computer Incident Response Team recommended users and administrators to review the VMware Security Advisory VMSA-2021-0002 and apply the necessary updates....
Cisco Releases Security Updates for AnyConnect Secure Mobility Client
Cisco has released security updates to address a vulnerability in Cisco AnyConnect Secure Mobility Client. An attacker could exploit this vulnerability to take control of an affected system. Bhutan Computer Incident Response Team recommended users and administrators to review the Cisco Security Advisory cisco-sa-anyconnect-dll-hijac-JrcTOQMCand apply the necessary updates....
Phishing Alert
The Bhutan Computer Incident Response Team (BtCIRT), Department of IT and Telecom (DITT) would like to earnestly request the general public that there is a new phishing site (for harvesting login credentials) which is a cloned page of the login page of the “Citizens services website”. Fake/Cloned Webpage: Genuine webpage: Notice the difference between the valid and the fake url as shown in the figures above. It has come to the notice of BtCIRT of a phishing email which originated from a private email id (gmail) whereby the message indicates the Royal Government of Bhutan has started COVID-19 vaccination...