Tag: Cybersecurity Threat Advisory

Cybersecurity Threat Advisory: GitLab vulnerability could allow account takeover

Cybersecurity Threat Advisory: GitLab vulnerability could allow account takeover

GitLab released an advisory on Thursday, March 31st regarding a new critical vulnerability found in their product, currently being tracked as CVE-2022-1162. This vulnerability can lead to vulnerable account takeover when exploited. GitLab has released a security patch, and Barracuda...

/ April 8, 2022 / 7 Comments
Cybersecurity Threat Advisory: Vulnerability in Spring Cloud Can Trigger Attacks

Cybersecurity Threat Advisory: Vulnerability in Spring Cloud Can Trigger Attacks

Threat Update A newly discovered critical vulnerability in Spring Cloud function (tracked as CVE-2022-22963), a Spring module used for streamlining data processing. This vulnerability can allow an unauthenticated remote attacker to send a specially crafted HTTP header to Spring Cloud...

/ April 1, 2022
Cybersecurity Threat Advisory: Spring Framework Zero-Day Vulnerability Can Cause RCE Attacks

Cybersecurity Threat Advisory: Spring Framework Zero-Day Vulnerability Can Cause RCE Attacks

Threat Update Security professionals have identified a new zero-day vulnerability in the Spring Framework, an application development framework for Java. This vulnerability (tracked as CVE-2022-22965) can allow attackers to execute unauthenticated remote code. Spring has released Spring Framework versions 5.3.18...

/ March 31, 2022
Cybersecurity Threat Advisory: SonicWall Releases Hotfix for RCE/DoS Vulnerability

Cybersecurity Threat Advisory: SonicWall Releases Hotfix for RCE/DoS Vulnerability

Threat Update SonicWall has released a hotfix for a critical RCE / DoS vulnerability that affects a subset of their firewall devices. This vulnerability (tracked as CVE-2022-22274) in Sonic OS allows an unauthenticated remote attacker to perform denial of service...

/ March 30, 2022
Cybersecurity Threat Advisory: Threat Actors Could Target Sophos Firewall

Cybersecurity Threat Advisory: Threat Actors Could Target Sophos Firewall

Threat Update Sophos has disclosed a critical-level authentication bypass vulnerability (CVE-2022-1040) that impacts Sophos Firewall v18.5 and below. If this vulnerability is exploited, an attacker could get unfettered access to the firewall and execute remote code at will. Barracuda MSP’s...

/ March 30, 2022
Cybersecurity Threat Advisory: “TLStorm” vulnerability found in APC Smart-UPS devices

Cybersecurity Threat Advisory: “TLStorm” vulnerability found in APC Smart-UPS devices

The security firm Armis has located three vulnerabilities in Schneider Electric’s APC Smart-UPS devices. These flaws are being tracked under the name “TLStorm.” This vulnerability can enable remote attackers to control the power of millions of enterprise devices to conduct...

/ March 16, 2022
Cybersecurity Threat Advisory: Dirty pipe Linux vulnerability provides privilege escalation

Cybersecurity Threat Advisory: Dirty pipe Linux vulnerability provides privilege escalation

Security researchers have discovered and released information on new vulnerabilities and kernel level exploits to the public. The vulnerabilities: CVE-2022-049 and CVE-2022-0847 are some of the highest severity exploits and affect out-of-date Linux distros. Due to the similarities with the...

/ March 15, 2022
Cybersecurity Threat Advisory: RCE in Okta Advanced Server Access Client

Cybersecurity Threat Advisory: RCE in Okta Advanced Server Access Client

Threat Update The Okta Advanced Server Access Windows client is vulnerable to an unauthenticated remote code execution vulnerability. Thousands of companies rely on Okta to provide zero-trust identity and access management for cloud and on-premises infrastructure. This vulnerability can be...

/ March 11, 2022
Cybersecurity Threat Advisory: Cisco Nexus Series Switches Command Injection Vulnerability

Cybersecurity Threat Advisory: Cisco Nexus Series Switches Command Injection Vulnerability

Threat Update Cisco has released several patches to resolve vulnerabilities in their Cisco Nexus Series Switches. These vulnerabilities include critical flaws related to command injection, as well as three Denial of Service bugs in the NX-OS. These vulnerabilities are tracked...

/ March 7, 2022
Cybersecurity Threat Advisory: Malware and Ransomware Attacks For Ukrainian organizations

Cybersecurity Threat Advisory: Malware and Ransomware Attacks For Ukrainian organizations

Threat Update In the ongoing conflict between Russia and Ukraine, security experts have been observing cyberattacks targeting Ukrainian government departments with overwhelming levels of Internet traffic and data-wiping malware. Upon further analysis, the Ukrainian government has found software and tactics...

/ February 28, 2022