Cybersecurity Threat Advisory: Exploited Jenkins vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability found in Jenkins, identified as CVE-2024-23897 with a CVSS score of 9.8, to its Known Exploited Vulnerabilities (KEV) catalogue. This vulnerability is a path traversal flaw within the...
Cybersecurity Threat Advisory: EDRKillShifter, a growing threat
A cybercrime group associated with the RansomHub ransomware has been observed using a newly developed tool named “EDRKillShifter” to disable endpoint detection and response (EDR) software on compromised systems. This tool is the latest in a growing list of EDR-killing...
Cybersecurity Threat Advisory: Cisco Smart Install vulnerability
There has been a surge in malicious cyber activities exploiting the Cisco Smart Install (SMI) legacy feature. This legacy feature if enabled by default on many Cisco devices, allowing threat actors to gain unauthorized access to network devices, allowing them...
Cybersecurity Threat Advisory: Critical Cisco vulnerability
Cisco has disclosed a critical vulnerability, CVE-2024-20419, that affects the Smart Software Manager On-Prem (SSM On-Prem). Successful exploitation of this flaw allows unauthenticated remote threat actors to change administrative passwords. Review the details in this Cybersecurity Threat Advisory to mitigate...
Cybersecurity Threat Advisory: MOVEit Transfer vulnerability exploit
Progress Software has released a patch for a high-severity vulnerability in MOVEit Transfer, identified as CVE-2024-5806. This vulnerability is currently under active attack and allows attackers to bypass authentication mechanisms. Organizations using MOVEit Transfer should review this Cybersecurity Threat Advisory...
Cybersecurity Threat Advisory: VMware privilege escalation vulnerabilities
VMware has released patches to address critical vulnerabilities impacting Cloud Foundation, vCenter Server, and vSphere ESXi, which could be exploited to achieve privilege escalation and remote code execution. The flaws, identified as CVE-2024-37079, CVE-2024-37080, and CVE-2024-37081, have high CVSS scores....
Cybersecurity Threat Advisory: Foxit PDF Reader vulnerability
A critical Foxit PDF Reader vulnerability are generating unusual pattern of behaviors. This exploit triggers security warnings designed to deceive users to execute harmful commands. Read this Cybersecurity Threat Advisory to learn recommendations to minimize your risks. What is the...
Cybersecurity Threat Advisory: R programming vulnerability
A critical security flaw known as CVE-2024-27322 with a CVSS score of 8.8, has been discovered within the R programming language. Attackers can craft malicious RDS files or R packages that embed arbitrary R code. Barracuda MSP recommends reading this...
Cybersecurity Threat Advisory: Two vulnerabilities found in D-Link NAS devices
Two vulnerabilities were found in legacy D-Link products that have reached end-of-life (EoL) status. The vulnerabilities can cause command injection and backdoor account to these devices. This Cybersecurity Threat Advisory discusses the impact of the threat, as well as recommendations...
Cybersecurity Threat Advisory: Critical vulnerability in FortiOS
Fortinet has disclosed a critical vulnerability affecting FortiOS, the operating system that runs on Fortigate SSL VPNs. The vulnerability known as CVE-2024-21762, received a CVSS score of 9.6. Please review the following recommendations in this Cybersecurity Threat Advisory to mitigate...