Skip to main content

Cyber alerts

We issue cyber security alert notifications to health and care organisations, ranging from weekly threat bulletins to immediate high-severity alerts.

News article

December 2019

CC-3324

Drupal Releases Security Updates

Published: Friday 20 December 2019, Last updated: Tuesday 29 June 2021

Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.7.x, and 8.8.x. An attacker could exploit some of these vulnerabilities to modify data on an affected website.

  • Severity: Information only
  • Type: Vulnerability
CC-3325

Philips Healthcare C-arm X-Ray Router Encryption Vulnerability

Published: Friday 20 December 2019, Last updated: Tuesday 29 June 2021

Philips Healthcare has released details of an encryption vulnerability present across Veradius Unity, Pulsera, and Endura C-Arm. An unauthorised user could exploit this vulnerability to impact data transfer.

  • Severity: Low
  • Type: Vulnerability
CC-3322

Google Releases Security Updates for Chrome for Windows, Mac, and Linux

Published: Thursday 19 December 2019, Last updated: Tuesday 29 June 2021

Google has released security updates for Chrome version 79.0.3945.88 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

  • Severity: Information only
  • Type: Vulnerability
CC-3323

Microsoft Releases Out-of-Band Security Updates

Published: Thursday 19 December 2019, Last updated: Tuesday 29 June 2021

Microsoft has released out-of-band security updates to address a vulnerability in SharePoint Server. An attacker could exploit this vulnerability to obtain sensitive information.

  • Severity: Information only
  • Type: Vulnerability
CC-3320

Dacls Remote Access Trojan

Published: Thursday 19 December 2019, Last updated: Tuesday 29 June 2021

First observed in October 2019, Dacls is a multi-platform modular remote access trojan believed to have been created by the Hidden Cobra advanced persistent threat group.

  • Severity: Medium
  • Type: Malware
CC-3321

Manager APT Toolkit

Published: Thursday 19 December 2019, Last updated: Tuesday 29 June 2021

First observed in late 2019, the Manager toolkit is a set of three C++ based tools; NewManager, AmpManager, and DDoSManager, created by the ChinaZ advanced persistent threat to primarily target Linux web servers.

  • Severity: Low
  • Type: Malware
CC-3319

TP-Link Releases Security Update

Published: Wednesday 18 December 2019, Last updated: Tuesday 29 June 2021

TP-Link has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Severity: Information only
  • Type: Vulnerability
CC-3318

Avaya Releases Security Update

Published: Wednesday 18 December 2019, Last updated: Tuesday 29 June 2021

Avaya has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Severity: Information only
  • Type: Vulnerability
CC-3317

Momentum Botnet

Published: Wednesday 18 December 2019, Last updated: Tuesday 29 June 2021

First observed in late 2018, Momentum is a worm and botnet targeting Linux-based web servers, Internet-of-Things and SOHO devices. The group operating Momentum are believed to be selling the botnet's services through a number of dark web forums.

  • Severity: Low
  • Type: Malware
CC-3316

WordPress Releases Security and Maintenance Updates

Published: Tuesday 17 December 2019, Last updated: Tuesday 29 June 2021

WordPress 5.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website.

  • Severity: Information only
  • Type: Vulnerability