Cyber Threat Alert Updates

On January 15, the Cyber Threat Alert Level was evaluated and is being raised to Blue (Guarded) due to vulnerabilities in Ivanti, SonicWall, Adobe, Microsoft, and Fortinet products. On January 9, the MS-ISAC released two advisories. The first advisory was for multiple vulnerabilities in Ivanti products, the most severe of which could allow for remote code execution. The second advisory was for multiple vulnerabilities in SonicOS SSLVPN, the most severe of which could allow for authentication bypass. On January 14, the MS-ISAC released four advisories. The first advisory was for multiple vulnerabilities in Adobe products, the most severe of which could allow for arbitrary code execution. The second advisory was for multiple vulnerabilities in Microsoft products, the most severe of which could allow for remote code execution. The third advisory was for multiple vulnerabilities in Ivanti Avalanche that could allow for authentication bypass. The last advisory was for multiple vulnerabilities in Fortinet products, the most severe of which could allow for remote code execution. On January 15, the MS-ISAC released an advisory for multiple vulnerabilities in Rsync, the most severe of which could allow for remote code execution. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.