Tag: critical vulnerability

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: New FortiNAC critical vulnerability update released

Cybersecurity Threat Advisory: New FortiNAC critical vulnerability update released

A critical remote code execution vulnerability (CVE-2023-33299) with a CVSS score of 9.6 has been discovered in Fortinet’s FortiNAC product. This vulnerability poses a significant risk as it could allow an unauthenticated user to execute unauthorized code or commands by...

/ June 27, 2023
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Command injection flaw in Zyxel NAS devices

Cybersecurity Threat Advisory: Command injection flaw in Zyxel NAS devices

Zyxel, a networking equipment manufacturer, has released urgent security updates to address critical vulnerabilities in their network-attached storage devices. CVE-2023-27992 (CVSS score: 9.8) has been declared as a pre-authentication command injection vulnerability. What is the threat? The threat involves multiple vulnerabilities...

/ June 26, 2023
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical MOVEit transfer vulnerability

Cybersecurity Threat Advisory: Critical MOVEit transfer vulnerability

A critical vulnerability has been discovered in MOVEit Transfer, a commonly used managed file transfer (MFT) solution developed by Progress Software. This vulnerability allows remote attackers to execute arbitrary code on affected systems. The vulnerability is actively exploited in the...

/ June 2, 2023

Cybersecurity Threat Advisory: Apple zero-day vulnerability

This week, Apple has released security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. This vulnerability could potentially allow threat actors to bypass...

/ December 15, 2022
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Citrix Zero-Day Vulnerability

Cybersecurity Threat Advisory: Citrix Zero-Day Vulnerability

Today, Citrix has released a critical security update to address a zero-day vulnerability. Upon a successful exploitation, an unauthenticated remote attacker could perform code execution leading to system takeover. Both Citrix and the NSA stated they are aware of targeted...

/ December 13, 2022
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: ConnectWise critical security release

Cybersecurity Threat Advisory: ConnectWise critical security release

A critical vulnerability was discovered within the ConnectWise Recover and R1Soft Server Backup Manager. The vulnerability is described by ConnectWise as “improper neutralization of special elements in output used by a downstream component”. Successful exploitation of the vulnerability would allow...

/ October 31, 2022
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Apache CouchDB critical vulnerability

Cybersecurity Threat Advisory: Apache CouchDB critical vulnerability

Apache has released a patch for a critical remote privilege escalation vulnerability in Apache CouchDB 3.2.1 protocol. This vulnerability, if not patched, can allow threat actors to execute code on a targeted server or client without being authenticated. Barracuda MSP...

/ April 29, 2022