Tag: Cybersecurity Threat Advisory

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: AWS ‘FlowFixation’ vulnerability

Cybersecurity Threat Advisory: AWS ‘FlowFixation’ vulnerability

The AWS “FlowFixation” vulnerability, while patched in September 2023, may still pose account hijacking risks within its Amazon Managed Workflows Apache Airflow (MWAA) service. Read this Cybersecurity Threat Advisory to learn the impact and security measures to mitigate risks associated...

/ March 28, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: GitHub supply chain attack

Cybersecurity Threat Advisory: GitHub supply chain attack

Malicious actors have launched a software supply chain attack targeting developers on the GitHub platform. Barracuda MSP recommends taking proactive measures detailed in this Cybersecurity Threat Advisory to mitigate the risk. What is the threat? A variety of techniques were...

/ March 28, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: New vulnerability in Apple M-chip

Cybersecurity Threat Advisory: New vulnerability in Apple M-chip

A new security exploit, GoFetch, was found in Apple’s M-chip architecture. It takes advantage of data memory-dependent prefetchers (DMPs) and could use the device as a new attack vector. Continue reading this Cybersecurity Threat Advisory to learn how you can...

/ March 27, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: StrelaStealer malware targets organizations

Cybersecurity Threat Advisory: StrelaStealer malware targets organizations

A new email threat, StrelaStealer malware, is targeting Europe and United States organizations. It spreads through phishing emails with attachments that execute its dynamic-link library (DLL) payload designed to steal email login data. This Cybersecurity Threat Advisory reviews the threat...

/ March 27, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Fortinet FortiClientEMS critical vulnerability

Cybersecurity Threat Advisory: Fortinet FortiClientEMS critical vulnerability

Fortinet has released security updates for an unauthorized code execution vulnerability impacting their FortiClientEMS (Endpoint Management Server) product. The vulnerability, CVE-2023-48788, is related to a flaw that allows unauthenticated malicious actors to execute code or commands onto the server via...

/ March 18, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical Fortinet vulnerability

Cybersecurity Threat Advisory: Critical Fortinet vulnerability

A critical vulnerability is affecting many Fortinet devices. Approximately 150,000 Fortinet OS and FortiProxy Secure Web Gateway systems are believed to be exposed to this flaw. Continue reading this Cybersecurity Threat Advisory to learn how you can mitigate the potential...

/ March 14, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: OpenEdge authentication bypass vulnerability

Cybersecurity Threat Advisory: OpenEdge authentication bypass vulnerability

A critical vulnerability (CVE-2024-1403) affecting Progress Software OpenEdge Authentication Gateway and AdminServer impacts versions 11.7.18 and earlier, 12.2.13 and earlier, and 12.8.0. The vulnerability allows unauthorized access due to manipulation of username and password combinations during the authentication process. Review...

/ March 13, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical vulnerabilities in QNAP devices

Cybersecurity Threat Advisory: Critical vulnerabilities in QNAP devices

Critical authentication bypass vulnerabilities have been identified in QNAP network attached storage (NAS) devices. These flaws pose significant risks, allowing unauthorized access to affected devices. Review the recommendations in this Cybersecurity Threat Advisory to ensure your systems are secure. What...

/ March 13, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: USB attacks

Cybersecurity Threat Advisory: USB attacks

There have been increasing reports of threat actors leveraging a classic malware delivery method in recent months: USB attacks. Continue reading this Cybersecurity Threat Advisory to learn how you can prevent these attacks and reduce risks for your customers. What...

/ March 11, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Cisco patches high-severity bug

Cybersecurity Threat Advisory: Cisco patches high-severity bug

Cisco has released security updates for a vulnerability affecting its Secure Client software. Successful exploitation could allow threat actors to steal a targeted user’s token and establish a virtual private network (VPN) session. The vulnerability tracked as CVE-2024-20337 has a...

/ March 9, 2024