Late yesterday, DigiCert announced a critical incident involving the revocation of a subset of TLS/SSL certificates due to a domain control verification (DCV) issue. While necessary to maintain security standards, this action could potentially disrupt services for some organizations that rely on DigiCert certificates to secure public and private web services.

In the past few months, the security operations team of Systems Engineering has detected a significant increase in unauthorized attempts to access devices via remote networks among our monitored client base. This type of intrusion is commonly referred to as a brute-force attack.

Systems Engineering is aware of the group of Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities, CVE: CVE-2024-20252.  

Systems Engineering is aware of the Cisco Unified Communications Products Remote Code Execution Vulnerability, CVE: CVE-2024-20253. 

Systems Engineering is aware of the Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability, CVE: CVE-2024-20272.