Cybersecurity Threat Advisory: Adobe ColdFusion vulnerability
A vulnerability within Adobe ColdFusion could result in arbitrary system file reads and writes. Continue reading this Cybersecurity Threat Advisory to learn how to mitigate your risk. What is the threat? The vulnerability, tracked as CVE-2024-20767, was found within the...
Cybersecurity Threat Advisory: Critical Windows kernel vulnerability
A pointer dereference weakness was discovered within the Microsoft Kernel Streaming Service that would allow an attacker to escalate their privileges to SYSTEM without any user interaction being required. Review the details in this Cybersecurity Threat Advisory to learn how...
Cybersecurity Threat Advisory: Okta username flaw
Researchers have discovered a critical vulnerability in Okta which allows an user to authenticate to an account with a username longer than 52 characters without multi-factor authentication (MFA) enabled. Read this Cybersecurity Threat Advisory to learn how this may impact...
Cybersecurity Threat Advisory: New critical GitLab SAML vulnerability
A new critical GitLab vulnerability within RUBY-SAML and OmniAuth-SAML libraries to bypass SAML authentication was disclosed. If you are using GitLab, read this Cybersecurity Threat Advisory to learn how to mitigate your risk. What is the threat? This vulnerability allows...
Cybersecurity Threat Advisory: Windows SAC and SmartScreen design flaws
A design flaw within Windows Smart App Control (SAC) and SmartScreen has allowed attackers to launch programs without triggering a security warning. Review this Cybersecurity Threat Advisory to find out how to prevent attackers from exploiting this flaw and keep...
Cybersecurity Threat Advisory: Critical GitLab vulnerabilities
GitLab has released multiple security updates that address a total of 14 vulnerabilities. Attackers can exploit one of the vulnerabilities to run pipelines as any user. Read this Cybersecurity Threat Advisory in detail to learn more about how you can...
Cybersecurity Threat Advisory: Fluent Bit critical vulnerability
This Cybersecurity Threat Advisory highlights a critical vulnerability discovered within a popular logging and metric solution called Fluent Bit. CVE-2024-4323, a new memory corruption vulnerability, has the potential to cause denial of service (DOS), information leakage, and code execution (RCE)....
Cybersecurity Threat Advisory: XZ Utils supply chain vulnerability
A supply chain vulnerability was found in XZ Utils that creates a backdoor into OpenSSH and can lead to remote code execution (RCE). Read this Cybersecurity Threat Advisory to learn about this supply chain vulnerability and how to reduce your...
Cybersecurity Threat Advisory: TeamCity’s server vulnerabilities
This Cybersecurity Threat Advisory highlights JetBrains’ TeamCity vulnerabilities found in the CI/CD Server. One vulnerability allows unauthenticated access to an instance while the other allows for unauthenticated information disclosure and modification. What is the threat? A critical-severity authentication bypass vulnerability...