Oracle Releases October 2020 Security Bulletin

Original release date: October 20, 2020

Oracle has released its Critical Patch Update for October 2020 to address 402 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle October 2020 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

NSA Releases Advisory on Chinese State-Sponsored Actors Exploiting Publicly Known Vulnerabilities

Original release date: October 20, 2020

The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages critical system administrators to prioritize the immediate patching of the CVEs in NSA’s advisory and to review CISA’s Alert Potential for China Cyber Response to Heightened U.S.–China Tensions, which details potential cyber response to heightened tensions between the United States and China and provides specific tactics, techniques, and procedures (TTPs) and recommended mitigations to the cybersecurity community to assist in the protection of our Nation’s critical infrastructure.

Review the CISA's Chinese Malicious Cyber Activity page for more information on Chinese malicious cyber activity.

This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Updates for Multiple Products

Original release date: October 20, 2020

VMware has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0023 and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.