Skip to main content
We are continuing to get a large number of reports of emails imitating Manx Telecom being sent to @manx.net addresses and are aware of over 35 subsequent account compromises.

Overview

SolarWinds has reported a critical vulnerability affecting the Web Help Desk, 12.8.3 and all previous versions. If exploited, would allow an attacker to run commands on the host machine.  The vulnerability is a Java Deserialisation Remote Code Execution that could allow an attacker to run commands on a host machine.

Adobe has released security updates to address eight critical-severity vulnerabilities in Acrobat and Reader.  Exploitation could lead to privilege escalation or arbitrary code execution.

Mozilla has released an update to address several, high-severity vulnerabilities affecting Firefox, Firefox ESR and Thunderbird. 

Ivanti released security updates to address multiple vulnerabilities in Ivanti Virtual Traffic Manager (vTM), Neurons for ITSM, and Avalanche. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

Microsoft released its August scheduled update that addresses vulnerabilities in multiple products that includes nine critical-severity and nine zero-day vulnerabilities. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

Apache Cloudstack versions 4.10 up to 4.19.1.0 are affected by an access permission validation issue: domain admin accounts were found to be able to query all registered account-users API and secret keys in an environment, including that of a root admin.  An attacker who has domain admin access can exploit this to gain root admin and other-account privileges and perform malicious operations.

Android has released security updates that include a fix for a high-severity vulnerability (CVE-2024-36971) that is currently being exploited by cyber-attackers.  This vulnerability affects the Linux kernel and could allow an attacker to remotely execute code on a device.

Recommended Action

Organisations are encouraged to review the appropriate security advisory pages and apply the updates:

SolarwindsSecurity Advisories

AdobeSecurity Bulletin

Mozilla – Security Advisories

Ivanti – Ivanti Avalanche (Advisory); Ivanti Neurons for ITSM; Ivanti Virtual Traffic Manager (vTM)

Microsoft Release Notes

Apache CloudstackSecurity Releases

Google Pixel and Samsung mobilePixel Update Bulletin and Samsung Security Update

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

.

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates