Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical security flaw in Styra’s OPA
A recent security vulnerability was found in Styra’s Open Policy Agent (OPA) that can lead to New Technology LAN Manager (NTLM) hashes exposure if exploited. Continue reading this Cybersecurity Threat Advisory to learn the implications of this flaw and the...
Cybersecurity Threat Advisory: FortiManager API vulnerability exploited
Fortinet has publicly disclosed a vulnerability in the FortiManager API. The vulnerability, tracked as CVE-2024-47575 and dubbed ‘FortiJump,’ has been exploited as a zero-day since at least June 2024. Organizations using vulnerable FortiManager versions should review this Cybersecurity Threat Advisory...
Cybersecurity Threat Advisory: Windows Kernel vulnerability used in espionage campaign
Researchers have observed the well-known cyber espionage group OilRig exploiting a now-patched privilege escalation vulnerability (CVE-2024-30088) in the Windows Kernel to conduct espionage operations. Read this Cybersecurity Threat Advisory to learn more about the espionage campaign and how to avoid...
Cybersecurity Threat Advisory: Mozilla Firefox zero-day vulnerability
A Mozilla Firefox critical zero-day vulnerability, CVE-2024-9680, has emerged. This vulnerability allows an attacker to have unauthorized access and potential remote code execution on the affected OS. Continue reading this Cybersecurity Threat Advisory for recommendations to remediate this threat. What...
Cybersecurity Threat Advisory: Critical Ivanti CSA flaw actively exploited
Three Ivanti Cloud Service Appliance (CSA) vulnerabilities are being exploited and weaponized in the wild. Read this Cybersecurity Threat Advisory to learn how you can mitigate your risk of being targeted. What is the threat? The Ivanti CSA vulnerabilities, catalogued...
Cybersecurity Threat Advisory: ‘Salt Typhoon’ causing damage in North America
Salt Typhoon, a highly sophisticated Chinese hacking group, has breached significant sectors in North America and Southeast Asia. Continue reading this Cybersecurity Threat Advisory to learn more about this notorious group and how to prevent your organization to become the...
Cybersecurity Threat Advisory: New critical vulnerability in Palo Alto Expedition
A vulnerability identified as CVE-2024-5910, has been disclosed by Palo Alto. With a CVSS score of 9.3, this vulnerability can lead to authentication bypass, enabling attackers to manipulate network configurations and launch further attacks. Read this Cybersecurity Threat Advisory for...
Cybersecurity Threat Advisory: Critical Fortinet RCE vulnerability exploited
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a remote code execution (RCE) vulnerability being actively exploited in Fortinet products. If you are using Fortinet, please read this Cybersecurity Threat Advisory to learn how to...
Cybersecurity Threat Advisory: New critical GitLab SAML vulnerability
A new critical GitLab vulnerability within RUBY-SAML and OmniAuth-SAML libraries to bypass SAML authentication was disclosed. If you are using GitLab, read this Cybersecurity Threat Advisory to learn how to mitigate your risk. What is the threat? This vulnerability allows...
Cybersecurity Threat Advisory: Apache Avro SDK vulnerability
A critical security flaw in the Apache Avro Java Software Development Kit (SDK), tracked as CVE-2024-47561, poses a significant threat to systems using this data serialization framework. A successful exploitation allows an attacker to execute arbitrary code on vulnerable instances....
