Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Active exploitation of Ivanti CSA vulnerability
A new vulnerability known as CVE-2024-8190 is affecting Ivanti Cloud Services Appliance (CSA) and is being actively exploited. This OS command injection vulnerability allows a remote, authenticated attacker to execute arbitrary commands on the system. Review the details in this...
Cybersecurity Threat Advisory: Veeam Backup security flaws
There were recently six vulnerabilities discovered in Veeam Backup and Replication. One of them is an unauthenticated remote code execution (RCE), while the other five include authenticated RCE, arbitrary file deletion, low-privileged multi-factor authentication (MFA) setting modification and MFA bypass,...
Cybersecurity Threat Advisory: Cicada3301 ransomware variant
A new ransomware variant has been found, known as Cicada3301. It exhibits similarities to the defunct BlackCat (ALPHV) operation, and it targets both Windows and Linux systems. Review the details in this Cybersecurity Threat Advisory to learn how this variant...
Cybersecurity Threat Advisory: Chrome zero-day vulnerability
A critical zero-day vulnerability in Chrome has been identified, allowing unauthorized access and potential remote code execution on affected systems. Continue reading this Cybersecurity Threat Advisory for more information and to safeguard your systems now. What is the threat? The...
Cybersecurity Threat Advisory: VMware ESXi vulnerability exploited by BlackByte ransomware
BlackByte ransomware group is actively exploiting CVE-2024-37085, a recently patched authentication bypass vulnerability in VMware ESXi hypervisors. The exploitation of this flaw has led to the deployment of ransomware across victim networks. BlackByte ransomware group has marked it as a...
Cybersecurity Threat Advisory: Critical SonicOS vulnerability
A critical vulnerability has been identified in the SonicWall SonicOS management access. Continue reading this Cybersecurity Threat Advisory to learn about this vulnerability and recommendations to secure your environment. What is the threat? CVE-2024-40766, a critical vulnerability in the management...
Cybersecurity Threat Advisory: Your Oracle NetSuite data may be exposed
Researchers discovered that externally-facing Oracle NetSuite e-commerce sites may expose sensitive customer information when configured inaccurately. Review the details in this Cybersecurity Threat Advisory to learn best practices to mitigate your business risk. What is the threat? It is found...
Cybersecurity Threat Advisory: Exploited Jenkins vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability found in Jenkins, identified as CVE-2024-23897 with a CVSS score of 9.8, to its Known Exploited Vulnerabilities (KEV) catalogue. This vulnerability is a path traversal flaw within the...
Cybersecurity Threat Advisory: Exploited Microsoft zero-day flaw
The hacker group Lazarus recently exploited a patched, zero-day flaw in Microsoft Windows. The vulnerability, tracked as CVE-2024-38193 with a CVSS score of 7.8, is a Bring Your Own Vulnerable Driver (BYOVD) vulnerability for Winsock. Continue reading this Cybersecurity Threat...
Cybersecurity Threat Advisory: Critical SAP vulnerabilities
SAP issued its August 2024 security patch update which included two critical flaws that enable attackers to bypass authentication and fully compromise affected systems. Review the details in this Cybersecurity Threat Advisory to learn how you can protect your SAP...
