Information Security Alerts

The following products have discovered critical security vulnerabilities recently. These vulnerabilities could allow remote attackers to invade your devices. It is strongly recommended updating your following product versions to the latest immediately.

For General Users

Phishing Alerts
- Phishing emails reported by CUHK users

Active Vulnerabilities to be concerned

Product	Affected product version	Publish Date
Microsoft Windows ^[new]	Windows Servers: – Windows Server 2022, 23H2 Edition (Server Core installation) – Windows Server 2019 & 2022 (Server Core installation) – Windows Server 2019 & 2022 Windows Clients: – Windows 11 version 21H2/22H2/23H2 for x64-based Systems – Windows 11 version 21H2/22H2/23H2 for ARM64-based Systems – Windows 10 Version 21H2/22H2 for x64-based Systems – Windows 10 Version 21H2/22H2 for ARM64-based Systems – Windows 10 Version 21H2/22H2 for 32-bit Systems – Windows 10 Version 1809 for x64-based Systems – Windows 10 Version 1809 for ARM64-based Systems – Windows 10 Version 1809 for 32-bit Systems	1 Mar 2024
Apple	– iOS and iPadOS: before 16.6.1 / before 15.7.9 – watchOS: before 9.6.2 – macOS: Ventura before 13.5.2 / Monterey before 12.6.9 / Big Sur before 11.7.10	14 Sep 2023
Android	Android OS: prior to version 11, 12, and 13	14 Sep 2023
Google Chrome, Firefox, Thunderbird	– Google Chrome prior to 116.0.5845.187/.188 (Windows) – Google Chrome prior to 116.0.5845.187 (Linux / Mac) – Google Chrome prior to 117.0.5938.60 (Android) – Firefox prior to 117.0.1 – Firefox prior to ESR 102.15.1, 115.2.1 – Thunderbird prior to 102.15.1, 115.2.2	14 Sep 2023
Adobe	– Acrobat DC 23.003.20284 and earlier – Acrobat Reader DC 23.003.20284 and earlier – Acrobat 2020 20.005.30516 and earlier (Mac) – Acrobat 2020 20.005.30514 and earlier (Win) – Acrobat Reader 2020 20.005.30516 and earlier (Mac) – Acrobat Reader 2020 20.005.30514 and earlier (Win)	14 Sep 2023
WinRAR	WinRAR	22 Aug 2023

Active Ransomware Attack to be concerned
- Trigona ^[new]
- LockBit

Other Alerts
- Beware of WhatsApp Account Hijacking ^[new]

Archived Information
- Vulnerabilities Concerned in past years
- Ransomware Variants in past years

For Technical Professionals

Active Vulnerabilities to be concerned

Product	Vulnerabilities	Affected product version	Publish Date
Palo Alto	PAN-OS Command Injection Vulnerability (CVE-2024-3400) ^[new]	PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1	13 Apr 2024
Linux	Supply Chain Compromise Affecting XZ Utils impacting multiple Linux Distributions (CVE-2024-3094)	Major Linux distributions	02 Apr 2024
Fortinet	Fortinet Remote Code Execution Vulnerability (CVE-2024-21762)	FortiOS: – 7.4.0 through 7.4.2, – 7.2.0 through 7.2.6, – 7.0.0 through 7.0.13, – 6.4.0 through 6.4.14, – 6.2.0 through 6.2.15, – 6.0.0 through 6.0.17 FortiProxy: – 7.4.0 through 7.4.2, – 7.2.0 through 7.2.8, – 7.0.0 through 7.0.14, – 2.0.0 through 2.0.13, – 1.2 all versions, – 1.1 all versions, – 1.0 all versions	25 Mar 2024
Barracuda Email Security Gateway (ESG)	Remote Command Injection Vulnerability (CVE-2023-2868)	Barracuda Email Security Gateway (appliance form factor only): versions 5.1.3.001-9.2.0.006	31 May 2023

Reference Information
Enquiry
- For enquiries, please contact infosec@cuhk.edu.hk. Thanks a lot.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.