Cybersecurity Alert Level – courtesy of MS-ISAC


GREEN or LOW indicates a low risk. No unusual activity exists beyond the normal concern for known hacking activities, known viruses, or other malicious activity.

BLUE or GUARDED indicates a general risk of increased hacking, virus, or other malicious activity. The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.

YELLOW or ELEVATED indicates a significant risk due to increased hacking, virus, or other malicious activity that compromises systems or diminishes service. At this level, there are known vulnerabilities that are being exploited with a moderate level of damage or disruption, or the potential for significant damage or disruption is high.

ORANGE or HIGH indicates a high risk of increased hacking, virus, or other malicious cyber activity that targets or compromises core infrastructure, causes multiple service outages, causes multiple system compromises, or compromises critical infrastructure. At this level, vulnerabilities are being exploited with a high level of damage or disruption, or the potential for severe damage or disruption is high.

RED or SEVERE indicates a severe risk of hacking, virus, or other malicious activity resulting in widespread outages and/or significantly destructive compromises to systems with no known remedy or debilitates one or more critical infrastructure sectors. At this level, vulnerabilities are being exploited with a severe level or widespread level of damage or disruption of Critical Infrastructure Assets.


Cybersecurity Advisories – courtesy of MS-ISAC

  • Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
    on September 22, 2023

    Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch. iPadOS is the successor to iOS 12 and is a mobile operating system for iPads. macOS Ventura is the 19th and current major release of macOS macOS Monterey is the 18th major release of macOS watchOS is the mobile operating system for Apple Watch and is […]

  • A Vulnerability in Drupal Could Allow for Privilege Escalation
    on September 22, 2023

    A vulnerability has been discovered in Drupal that could allow for privilege escalation. Drupal is an open source content management platform supporting a variety of websites ranging from personal weblogs to large community-driven websites. Successful exploitation of this vulnerability may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.

  • UPDATED – MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution PATCH: NOW - TLP: CLEAR
    on September 22, 2023

    Additional systems were found to be affected by vulnerabilities, the most severe of which could allow for arbitrary code execution.

  • A Vulnerability in Mozilla Products Could Allow for Arbitrary Code Execution
    on September 13, 2023

    A vulnerability has been discovered in Mozilla products, which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thunderbird is an email client. Successful exploitation of this vulnerability could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then […]

  • Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
    on September 12, 2023

    Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Acrobat is used to view, create, print, and manage PDF files Adobe Reader is used to view, create, print, and manage PDF files Adobe Experience Manager is a comprehensive content management solution for building websites, mobile apps and forms Adobe Connect is a suite of software for remote training, web conferencing, presentation, and […]

  • Critical Patches Issued for Microsoft Products, September 12, 2023
    on September 12, 2023

    Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with […]

  • A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
    on September 12, 2023

    A vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user […]

  • Multiple Vulnerabilities in Notepad++ Could Allow for Arbitrary Code Execution
    on September 12, 2023

    Multiple vulnerabilities have been discovered in Notepad++, the most severe of which could result in arbitrary code execution. Notepad++ is a free and open-source text and source code editor for use with Microsoft Windows. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, […]

  • A Vulnerability in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software Could Allow for Unauthorized Access
    on September 11, 2023

    A vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) software that could allow for unauthorized access. Cisco Adaptive Security Appliance (ASA) Software is the core operating system for the Cisco ASA Family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form factors for any distributed network environment. Cisco Firepower Threat Defense (FTD) Software is an […]

  • A Vulnerability in Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Could Allow for Arbitrary Code Execution
    on September 6, 2023

    A vulnerability has been discovered in Cisco BroadWorks Application Delivery Platform and Xtended Services Platform which could allow for arbitrary code execution. Cisco BroadWorks Application Delivery Platform and Xtended Services Platform is an enterprise-grade calling and collaboration platform that integrates with Cisco Webex to meet the full range of enterprise communications and collaboration needs. Depending on the privileges associated with the user an attacker could […]

  • Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
    on September 5, 2023

    Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who […]

  • Multiple Vulnerabilities in VMware Aria Operations for Networks Could Allow for Remote Code Execution
    on August 30, 2023

    Multiple vulnerabilities have been discovered within VMware Aria Operations for Networks, the most severe of which could allow for remote code execution. VMware Aria Operations for Networks is a network monitoring tool that collects and analyzes metrics, APIs, configurations, metadata, integrations, telemetry netflow, sFlow, and IPFIX flow traffic, which traverses the infrastructure. Successful exploitation of these vulnerabilities could allow for remote code execution in […]

  • Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
    on August 29, 2023

    Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thunderbird is an email client. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges […]

  • Multiple Vulnerabilities in ChromeOS Could Allow for Arbitrary Code Execution
    on August 28, 2023

    Multiple vulnerabilities have been discovered in ChromeOS, the most severe of which could allow for arbitrary code execution. ChromeOS is a Linux-based operating system developed and designed by Google. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than […]

  • Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
    on August 23, 2023

    Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new […]

  • Multiple Vulnerabilities in Junos OS Could Allow for Remote Code Execution
    on August 19, 2023

    Multiple vulnerabilities have been discovered in Junos OS, which. when chained together. could allow for remote code execution. Junos OS is an operating system that runs across all Juniper routing, switching, and security infrastructure. Successful chain exploitation of these vulnerabilities could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install […]

  • Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
    on August 16, 2023

    Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new […]

  • Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
    on August 9, 2023

    Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Acrobat is used to view, create, print, and manage PDF files. Adobe Reader is used to view, create, print, and manage PDF files Adobe Commerce is an offering that provides companies with a flexible and scalable end-to-end plate form to manage commerce experiences of their customers. Successful exploitation of the most severe of these […]

  • Critical Patches Issued for Microsoft Products, August 08, 2023
    on August 8, 2023

    Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with […]

  • Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
    on August 7, 2023

    Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install […]