Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Your Oracle NetSuite data may be exposed
Researchers discovered that externally-facing Oracle NetSuite e-commerce sites may expose sensitive customer information when configured inaccurately. Review the details in this Cybersecurity Threat Advisory to learn best practices to mitigate your business risk. What is the threat? It is found...
Cybersecurity Threat Advisory: Exploited Jenkins vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability found in Jenkins, identified as CVE-2024-23897 with a CVSS score of 9.8, to its Known Exploited Vulnerabilities (KEV) catalogue. This vulnerability is a path traversal flaw within the...
Cybersecurity Threat Advisory: Exploited Microsoft zero-day flaw
The hacker group Lazarus recently exploited a patched, zero-day flaw in Microsoft Windows. The vulnerability, tracked as CVE-2024-38193 with a CVSS score of 7.8, is a Bring Your Own Vulnerable Driver (BYOVD) vulnerability for Winsock. Continue reading this Cybersecurity Threat...
Cybersecurity Threat Advisory: Critical SAP vulnerabilities
SAP issued its August 2024 security patch update which included two critical flaws that enable attackers to bypass authentication and fully compromise affected systems. Review the details in this Cybersecurity Threat Advisory to learn how you can protect your SAP...
Cybersecurity Threat Advisory: EDRKillShifter, a growing threat
A cybercrime group associated with the RansomHub ransomware has been observed using a newly developed tool named “EDRKillShifter” to disable endpoint detection and response (EDR) software on compromised systems. This tool is the latest in a growing list of EDR-killing...
Cybersecurity Threat Advisory: Another zero-click Windows TCP/IP vulnerability
Another critical zero-click Windows vulnerability, identified as CVE-2024-38063, has been discovered in the Windows TCP/IP stack, affecting all systems with IPv6 enabled. Review this Cybersecurity Threat Advisory now to mitigate potential exploitation and protect your systems. What is the threat?...
Cybersecurity Threat Advisory: Critical zero-click vulnerability in Microsoft Outlook
A critical zero-click remote code execution (RCE) vulnerability, identified as CVE-2024-30103, was recently discovered in Microsoft Outlook. This flaw allows malicious actors to execute arbitrary code on a victim’s system simply by opening a specially crafted email. Review the details...
Cybersecurity Threat Advisory: Cisco Smart Install vulnerability
There has been a surge in malicious cyber activities exploiting the Cisco Smart Install (SMI) legacy feature. This legacy feature if enabled by default on many Cisco devices, allowing threat actors to gain unauthorized access to network devices, allowing them...
Cybersecurity Threat Advisory: Windows SAC and SmartScreen design flaws
A design flaw within Windows Smart App Control (SAC) and SmartScreen has allowed attackers to launch programs without triggering a security warning. Review this Cybersecurity Threat Advisory to find out how to prevent attackers from exploiting this flaw and keep...
Cybersecurity Threat Advisory: Critical zero-day vulnerability in Apache OFBiz
CVE-2024-38856 is a new Apache OFBiz ERP system critical zero-day vulnerability. If you are using this system, please continue reading this Cybersecurity Threat Advisory to learn which steps you should take to mitigate your risk. What is the threat? Researchers...
