Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical vulnerabilities in QNAP devices
Critical authentication bypass vulnerabilities have been identified in QNAP network attached storage (NAS) devices. These flaws pose significant risks, allowing unauthorized access to affected devices. Review the recommendations in this Cybersecurity Threat Advisory to ensure your systems are secure. What...
Cybersecurity Threat Advisory: USB attacks
There have been increasing reports of threat actors leveraging a classic malware delivery method in recent months: USB attacks. Continue reading this Cybersecurity Threat Advisory to learn how you can prevent these attacks and reduce risks for your customers. What...
Cybersecurity Threat Advisory: Cisco patches high-severity bug
Cisco has released security updates for a vulnerability affecting its Secure Client software. Successful exploitation could allow threat actors to steal a targeted user’s token and establish a virtual private network (VPN) session. The vulnerability tracked as CVE-2024-20337 has a...
Cybersecurity Threat Advisory: TeamCity’s server vulnerabilities
This Cybersecurity Threat Advisory highlights JetBrains’ TeamCity vulnerabilities found in the CI/CD Server. One vulnerability allows unauthenticated access to an instance while the other allows for unauthenticated information disclosure and modification. What is the threat? A critical-severity authentication bypass vulnerability...
Cybersecurity Threat Advisory: Critical vulnerabilities in VMware
VMware has released updates addressing four security flaws in ESXi, Workstation, and Fusion. Two out of the four flaws, CVE-2024-22252 and CVE-2024-22253, were identified as critical with CVSS scores of 9.3 for Workstation/Fusion and 8.4 for ESXi. This Cybersecurity Threat...
Cybersecurity Threat Advisory: ConnectWise critical vulnerabilities
This blog has been updated with the latest information on how Barracuda XDR has implemented detection mechanisms to help mitigate the two ConnectWise vulnerabilities. Two critical vulnerabilities have been discovered with ConnectWise ScreenConnect’s on-premises instances. These vulnerabilities could result in...
Cybersecurity Threat Advisory: Active exploitation of Microsoft vulnerability
Microsoft announced that a recently disclosed security flaw had been exploited just one day after it released fixes for the vulnerability. CVE-2024-21410, an Exchange Server vulnerability, with a CVSS score of 9.8, allows threat actors to escalate privileges of the...
Cybersecurity Threat Advisory: New Ivanti vulnerability
Ivanti has warned customers of a new security flaw that could allow attackers to bypass authentication. The vulnerability, CVE-2024-22024, has received a CVSS score of 8.3. Read this Cybersecurity Threat Advisory to learn the significant risk this threat poses to...
Cybersecurity Threat Advisory: Critical vulnerability in FortiOS
Fortinet has disclosed a critical vulnerability affecting FortiOS, the operating system that runs on Fortigate SSL VPNs. The vulnerability known as CVE-2024-21762, received a CVSS score of 9.6. Please review the following recommendations in this Cybersecurity Threat Advisory to mitigate...
Cybersecurity Threat Advisory: Patches for critical vulnerabilities
Security patches were recently released from various vendors including Cisco, Fortinet, and VMware. Read this Cybersecurity Threat Advisory as it shares the impact of each of the vulnerabilities and how to mitigate the risks they pose. What is the threat?...
