Tag: critical vulnerability

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Fluent Bit critical vulnerability

Cybersecurity Threat Advisory: Fluent Bit critical vulnerability

This Cybersecurity Threat Advisory highlights a critical vulnerability discovered within a popular logging and metric solution called Fluent Bit. CVE-2024-4323, a new memory corruption vulnerability, has the potential to cause denial of service (DOS), information leakage, and code execution (RCE)....

/ May 22, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical GitLab bug

Cybersecurity Threat Advisory: Critical GitLab bug

A critical vulnerability in GitLab, labelled CVE-2023-7028, is under active attack by threat actors to achieve account takeover, as reported by the Cybersecurity and Infrastructure Security Agency (CISA). Barracuda MSP recommends GitLab users review this Cybersecurity Threat Advisory now to...

/ May 10, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Active exploits of Cisco firewalls

Cybersecurity Threat Advisory: Active exploits of Cisco firewalls

Two vulnerabilities, CVE-2024-20353 (denial of service) and CVE-2024-20359 (persistent local code execution), were leveraged to create backdoors by a state-sponsored cyber-espionage group, ArcaneDoor, in Cisco firewalls. Review the recommendations in this Cybersecurity Threat Advisory to protect your firewall appliances now. What is...

/ April 25, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Active exploit of Atlassian Confluence

Cybersecurity Threat Advisory: Active exploit of Atlassian Confluence

This Cybersecurity Threat Advisory details the exploitation of the critical vulnerability CVE-2023-22518 in the Atlassian Confluence Data Center and Server. Attackers are deploying a Linux variant of Cerber (aka C3RB3R) ransomware. This allows unauthenticated attackers to reset Confluence and create...

/ April 18, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical vulnerability in Palo Alto PAN-OS

Cybersecurity Threat Advisory: Critical vulnerability in Palo Alto PAN-OS

Palo Alto Networks has disclosed a critical vulnerability, CVE-2024-3400, impacting its PAN-OS software’s GlobalProtect feature. This flaw enables unauthenticated attackers to execute arbitrary code with root privileges on affected firewalls. Review this Cybersecurity Threat Advisory to keep your organization secure...

/ April 15, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical flaws in Ivanti

Cybersecurity Threat Advisory: Critical flaws in Ivanti

Recent flaws found in Ivanti Connect Secure and Policy Secure Gateways can lead to remote code execution (RCE) attacks. Review this Cybersecurity Threat Advisory to learn additional details and recommendations to keep your organization secure. What is the threat? Ivanti...

/ April 11, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Two vulnerabilities found in D-Link NAS devices

Cybersecurity Threat Advisory: Two vulnerabilities found in D-Link NAS devices

Two vulnerabilities were found in legacy D-Link products that have reached end-of-life (EoL) status. The vulnerabilities can cause command injection and backdoor account to these devices. This Cybersecurity Threat Advisory discusses the impact of the threat, as well as recommendations...

/ April 10, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical Fortinet vulnerability

Cybersecurity Threat Advisory: Critical Fortinet vulnerability

A critical vulnerability is affecting many Fortinet devices. Approximately 150,000 Fortinet OS and FortiProxy Secure Web Gateway systems are believed to be exposed to this flaw. Continue reading this Cybersecurity Threat Advisory to learn how you can mitigate the potential...

/ March 14, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: OpenEdge authentication bypass vulnerability

Cybersecurity Threat Advisory: OpenEdge authentication bypass vulnerability

A critical vulnerability (CVE-2024-1403) affecting Progress Software OpenEdge Authentication Gateway and AdminServer impacts versions 11.7.18 and earlier, 12.2.13 and earlier, and 12.8.0. The vulnerability allows unauthorized access due to manipulation of username and password combinations during the authentication process. Review...

/ March 13, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: TeamCity’s server vulnerabilities

Cybersecurity Threat Advisory: TeamCity’s server vulnerabilities

This Cybersecurity Threat Advisory highlights JetBrains’ TeamCity vulnerabilities found in the CI/CD Server. One vulnerability allows unauthenticated access to an instance while the other allows for unauthenticated information disclosure and modification. What is the threat? A critical-severity authentication bypass vulnerability...

/ March 9, 2024