Cybersecurity Threat Advisory: New vulnerability in Apple M-chip
A new security exploit, GoFetch, was found in Apple’s M-chip architecture. It takes advantage of data memory-dependent prefetchers (DMPs) and could use the device as a new attack vector. Continue reading this Cybersecurity Threat Advisory to learn how you can...
Cybersecurity Threat Advisory: Critical Fortinet vulnerability
A critical vulnerability is affecting many Fortinet devices. Approximately 150,000 Fortinet OS and FortiProxy Secure Web Gateway systems are believed to be exposed to this flaw. Continue reading this Cybersecurity Threat Advisory to learn how you can mitigate the potential...
Cybersecurity Threat Advisory: New Ivanti vulnerability
Ivanti has warned customers of a new security flaw that could allow attackers to bypass authentication. The vulnerability, CVE-2024-22024, has received a CVSS score of 8.3. Read this Cybersecurity Threat Advisory to learn the significant risk this threat poses to...
Cybersecurity Threat Advisory: Patches for critical vulnerabilities
Security patches were recently released from various vendors including Cisco, Fortinet, and VMware. Read this Cybersecurity Threat Advisory as it shares the impact of each of the vulnerabilities and how to mitigate the risks they pose. What is the threat?...
Cybersecurity Threat Advisory: NTLM password hash leaks
This Cybersecurity Threat Advisory highlights a new Microsoft vulnerability that attackers are actively exploiting to steal NTLM (NT LAN Manager) hashes. Read the full article to learn the severity of the threat and recommendations to mitigate the organization’s risks. What...
Cybersecurity Threat Advisory: End-of-Life firewalls actively exploited
Sophos recently addressed a critical vulnerability CVE-2022-3236 involving end-of-life (EOL) firewalls that had been actively exploited. The vulnerability prompted Sophos to release patches for unsupported firewalls after reports of successful attacks on these systems surfaced. Read this Cybersecurity Threat Advisory...
Cybersecurity Threat Advisory: Urgent Veeam ONE vulnerabilities
Several serious security flaws have been found in the Veeam ONE platform for analytics and IT infrastructure monitoring. These vulnerabilities may result in data breaches, illegal access, and NTLM hash theft. To fix these problems, Veeam has published security patches...
Cybersecurity Threat Advisory: Atlassian remote code execution (RCE) bugs
This Cybersecurity Threat Advisory highlights RCE vulnerabilities discovered in Atlassian Confluence Data Center & Server and Bamboo. Atlassian has released patches to address these security flaws, which could potentially allow attackers to execute arbitrary code on affected systems. Barracuda MSP...
Cybersecurity Threat Advisory: Command injection flaw in Zyxel NAS devices
Zyxel, a networking equipment manufacturer, has released urgent security updates to address critical vulnerabilities in their network-attached storage devices. CVE-2023-27992 (CVSS score: 9.8) has been declared as a pre-authentication command injection vulnerability. What is the threat? The threat involves multiple vulnerabilities...
Cybersecurity Threat Advisory: “File Archiver in the Browser” exploits
A new skilled and clever “File Archiver in the Browser” phishing trick that utilizes ZIP domains has surfaced. Bad actors can employ this technique to deceive users into downloading malicious files, compromise systems, and potentially gaining unauthorized access. What is...