Review the latest advisories
The Incident Response team sends advisories about security vulnerabilities to U of T’s technical staff. If you have questions or concerns, contact security.response@utoronto.ca.
The advisories published here focus on those we feel are most relevant to the university environment but should not be considered an exhaustive list. The Canadian Centre for Cyber Security publishes advisories on potential and imminent cyber threats and vulnerabilities and provides a more comprehensive list of advisories.
July 9, 2024
A critical unauthenticated remote code execution (RCE) vulnerability in OpenSSH, identified as CVE-2024-6387 and dubbed "regreSSHion" has been discovered, which allows attackers to gain root privileges on glibc-based Linux systems.
May 23, 2024
Veeam has notified one of our units about the vulnerabilities in their Backup Enterprise Manager product listed below. The worst of them, CVE-2024-29849, allows an attacker to log in to the web interface as any user.
March 8, 2024
On March 8, QNAP published a security bulletin disclosing three security flaws in its NAS software products. Exploitation of these vulnerabilities can lead to an authentication bypass, command injection and SQL injection.
