Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Cicada3301 ransomware variant
A new ransomware variant has been found, known as Cicada3301. It exhibits similarities to the defunct BlackCat (ALPHV) operation, and it targets both Windows and Linux systems. Review the details in this Cybersecurity Threat Advisory to learn how this variant...
Cybersecurity Threat Advisory: Chrome zero-day vulnerability
A critical zero-day vulnerability in Chrome has been identified, allowing unauthorized access and potential remote code execution on affected systems. Continue reading this Cybersecurity Threat Advisory for more information and to safeguard your systems now. What is the threat? The...
Cybersecurity Threat Advisory: VMware ESXi vulnerability exploited by BlackByte ransomware
BlackByte ransomware group is actively exploiting CVE-2024-37085, a recently patched authentication bypass vulnerability in VMware ESXi hypervisors. The exploitation of this flaw has led to the deployment of ransomware across victim networks. BlackByte ransomware group has marked it as a...
Cybersecurity Threat Advisory: Critical SonicOS vulnerability
A critical vulnerability has been identified in the SonicWall SonicOS management access. Continue reading this Cybersecurity Threat Advisory to learn about this vulnerability and recommendations to secure your environment. What is the threat? CVE-2024-40766, a critical vulnerability in the management...
Cybersecurity Threat Advisory: Your Oracle NetSuite data may be exposed
Researchers discovered that externally-facing Oracle NetSuite e-commerce sites may expose sensitive customer information when configured inaccurately. Review the details in this Cybersecurity Threat Advisory to learn best practices to mitigate your business risk. What is the threat? It is found...
Cybersecurity Threat Advisory: Exploited Jenkins vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability found in Jenkins, identified as CVE-2024-23897 with a CVSS score of 9.8, to its Known Exploited Vulnerabilities (KEV) catalogue. This vulnerability is a path traversal flaw within the...
Cybersecurity Threat Advisory: Exploited Microsoft zero-day flaw
The hacker group Lazarus recently exploited a patched, zero-day flaw in Microsoft Windows. The vulnerability, tracked as CVE-2024-38193 with a CVSS score of 7.8, is a Bring Your Own Vulnerable Driver (BYOVD) vulnerability for Winsock. Continue reading this Cybersecurity Threat...
Cybersecurity Threat Advisory: Critical SAP vulnerabilities
SAP issued its August 2024 security patch update which included two critical flaws that enable attackers to bypass authentication and fully compromise affected systems. Review the details in this Cybersecurity Threat Advisory to learn how you can protect your SAP...
Cybersecurity Threat Advisory: EDRKillShifter, a growing threat
A cybercrime group associated with the RansomHub ransomware has been observed using a newly developed tool named “EDRKillShifter” to disable endpoint detection and response (EDR) software on compromised systems. This tool is the latest in a growing list of EDR-killing...
Cybersecurity Threat Advisory: Another zero-click Windows TCP/IP vulnerability
Another critical zero-click Windows vulnerability, identified as CVE-2024-38063, has been discovered in the Windows TCP/IP stack, affecting all systems with IPv6 enabled. Review this Cybersecurity Threat Advisory now to mitigate potential exploitation and protect your systems. What is the threat?...
