Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Therefore, Bhutan Computer Incident Response Team recommends users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. InDesign APSB20-52 Framemaker APSB20-54 Experience Manager APSB20-56...
Google Releases Security Update
Google has released Chrome version 85.0.4183.102 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Therefore, Bhutan Computer Incident Response Team recommends users and administrators to review the Chrome Release and apply the necessary updates....
Microsoft Releases Security Update
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Therefore, Bhutan Computer Incident Response Team recommends users and administrators to review the Microsoft’s September 2020 Security Update Summary and Deployment Information and apply the necessary updates....
A Vulnerability in WordPress File Manager Plugin Could Allow for remote Code Execution
Risk Description: The Bhutan Computer Incident Response Team recommends WordPress website administrators about the new Vulnerability identified in the File Manager plugin which allows remote code execution. File Manager Plugin allows site Admins to upload, edit. delete files and folders directly from the WordPress backend without having to use FTP. If the vulnerability exploited successfully, it would allow attacker to upload web shell disguised inside an image file on the victim’s server. The attacker then access the web shell and take over the victim’s site. Versions Affected: File manager versions 6.0 – 6.8 Recommendations: Apply appropriate updates provided by...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. Therefore, Bhutan Computer Incident Response Team recommends users and administrators to review the following Cisco Advisories and apply the necessary updates: Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability cisco-sa-jabber-UyTKCPGg Enterprise NFV Infrastructure Software File Overwrite Vulnerability cisco-sa-nfvis-file-overwrite-UONzPMkr Jabber for Windows Protocol Handler Command Injection Vulnerability cisco-sa-jabber-vY8M4KGB IOS XR Authenticated User Privilege Escalation Vulnerability cisco-sa-iosxr-cli-privescl-sDVEmhqv IOS XR Software Authenticated User Privilege Escalation Vulnerability cisco-sa-iosxr-LJtNFjeN...