Apple has released security updates to address vulnerabilities in iTunes. Exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Users and administrators are encouraged to review Apple Security Advisory and apply necessary update.

Drupal has released security updates to address vulnerabilities in Drupal core. Exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Users and administrators are encouraged to review Drupal Security Advisory and apply necessary update.

Cisco has released security updates to address vulnerabilities in Cisco WebEx Meetings. Exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Users and administrators are encouraged to review Cisco Security Advisory and apply necessary update.

Advisory No: TZCERT/SA/2020/11/18

Date of First Release: 18^th November 2020

Source: CISCO

Software Affected: Cisco Security Manager releases 4.21 and earlier.

Overview:

The vulnerability exists in the Cisco Security Manager device and can allow an unauthenticated, remote attacker to gain access to sensitive information.

Description:

The vulnerability is caused by improper validation of directory traversal sequences on affected device. An unauthenticated, remote attacker can exploit this vulnerability, by sending specially crafted URI that contains directory traversal characters, which can disclose the contents of files that are located outside of the server’s restricted path.

Impact:

Successful exploitation of the vulnerability could allow an adversary to gain access to sensitive information.

Solution:

Cisco has not issued any workaround that addresses this vulnerability; however, Cisco has released software updates for the product. Users and administrators are advised to apply cisco updates.

References:

1. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-path-trav-NgeRnqgR

In effort to ensure a high and effective level of Network and Information Security within the country, Tanzania Computer Emergency Response Team (TZ-CERT) continues to carry out technical capacity building programs to it’s constituents.

Between 14^th and 18^th  September 2020, TZ-CERT conducted a technical capacity building program in Network and Systems Monitoring. A total of fifteen (15) ICT officers from various public institutions benefited from the program.

The objective of the training was to enhance technical capacity of TZ-CERT Constituencies to be able to respond proactively to cybersecurity incidents in their systems and network infrastructure.

The training included hands-on exercises in a customized virtual lab environment. Topics covered were webservers security, Intrusion detection systems, Network Traffic Analysis, and Log forensic.

Pictures Below: Participants during the Network and Systems Monitoring Training conducted from 14^th to 18^th September 2020, at Kidongo Chekundu Hospital, Zanzibar