Systems Engineering is aware of the major security flaw affecting Citrix Virtual Apps and Desktops: CVE-2023-24483.

The vulnerability's severity is rated as HIGH.

Please be aware that cybercriminals are actively distributing malicious spam emails containing Microsoft OneNote attachments. The attachments are disguised to look like shipping notifications, shipping documents, invoices, and other common items.

Systems Engineering is aware of the following heap-based buffer security vulnerability in Fortinet operating systems, FortiOS: CVE-2022-42475 / FG-IR-22-398.

Systems Engineering is aware of the following security vulnerability in Fortinet operating systems, FortiOS: CVE-2022-40684 / FG-IR-22-377.

On Tuesday, August 23, an advisory notification was released by VMware, the virtualization technology software firm, announcing a local privilege escalation vulnerability (CVE-2022-31676). Updates are available to remediate this vulnerability in affected VMware products.

Several cybersecurity research groups have identified and studied the use of a Zero-Day vulnerability found in the Mitel VoIP MiConnect solution, CVE-2022-29499. The vulnerability exists due to improper input validation in the Mitel Service Appliance. A cyberattacker can send a specially crafted HTTP GET request to the application and execute arbitrary Operating System commands on the target system. Successful exploitation of this flaw may result in the complete compromise of the vulnerable system. This vulnerability has been successfully exploited by at least one ransomware group.

UPDATE: December 21, 2021- We have identified the products Systems Engineering sells and supports that are impacted by the log4j vulnerability. Affected products are listed below along with our plans to address each.