Cybersecurity Threat Advisory: Xerox printer vulnerabilities
Two vulnerabilities, CVE-2024-12510 and CVE-2024-12511, have been found in the Xerox VersaLink C7025 Multifunction Printer. Upon successful exploitation, bad actors can capture authentication credentials through pass-back attacks via lightweight directory access protocol (LDAP), server message block (SMB), and file transfer...
Cybersecurity Threat Advisory: Critical Azure vulnerabilities
Microsoft revealed two critical vulnerabilities in Microsoft Azure AI Face Service, a cloud-based facial recognition tool. They enable attackers to bypass authentication. Review the details within this Cybersecurity Threat Advisory to discover the key steps to safeguard your environment. What...
Cybersecurity Threat Advisory: Ransomware attacks on ESXi systems
New ransomware attacks were discovered targeting ESXi systems that use stealthy SSH tunnels to direct traffic to command-and-control (C2) infrastructure, enabling attackers to remain undetected. Continue reading this Cybersecurity Threat Advisory to discover the key steps to safeguard your environment....
Cybersecurity Threat Advisory: Microsoft Windows zero-click RCE vulnerability
A critical Microsoft Windows Lightweight Directory Access Protocol (LDAP) vulnerability has been discovered, identified as CVE-2024-49112. The flaw has a CVSS severity score of 9.8, representing a major threat to enterprise networks. Continue reading this Cybersecurity Threat Advisory to learn...
Cybersecurity Threat Advisory: Critical Apache Struts 2 vulnerability
The Apache Software Foundation (ASF) has issued a security update to address a critical vulnerability in both end-of-life and current versions of Apache Struts 2. Under specific conditions, this vulnerability could lead to remote code execution (RCE). Review this Cybersecurity...
Cybersecurity Threat Advisory: Microsoft MFA AuthQuake flaw
A new critical security flaw in Microsoft’s multi-factor authentication (MFA) system has been discovered. It enables attackers to easily bypass the protection and gain unauthorized access to user accounts. Review this Cybersecurity Threat Advisory to learn how to mitigate your...
Cybersecurity Threat Advisory: Active exploitation of ASA vulnerability
Cisco has confirmed that a decade-old cross-site scripting (XSS) vulnerability in its Adaptive Security Appliance (ASA) software is actively being exploited in the wild. Review this Cybersecurity Threat Advisory to learn how to mitigate your risk. What is the threat?...
Cybersecurity Threat Advisory: WordPress plugin critical vulnerabilities
Two critical security flaws have been identified in a WordPress plugin—Anti-Spam by CleanTalk. This plugin is installed on more than 200,000 websites. Review this Cybersecurity Threat Advisory to learn how to mitigate your risks from these vulnerabilities. What is...
Cybersecurity Threat Advisory: Phishing campaign spreading Remcos RAT malware
A new phishing campaign spreading a fileless variant of Remcos RAT malware has been discovered. Read this Cybersecurity Threat Advisory to learn how this could impact your organization. What is the threat? This campaign delivers malware through a phishing email...
Cybersecurity Threat Advisory: Vulnerabilities found in Microsoft Azure AI
Significant vulnerabilities in Microsoft’s Azure AI Content Safety services have been discovered. These vulnerabilities enable attackers to bypass safeguards and deploy harmful AI-generated content. Continue reading this Cybersecurity Threat Advisory to learn the implications of these flaws and which security...
