Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Microsoft zero-day exploit
This Cybersecurity Threat Advisory highlights a high-severity Microsoft Office and Windows HTML remote code execution vulnerability, CVE-2023-36884, with a base CVSS score of 8.3 has been discovered. Through this vulnerability attackers can execute arbitrary code on affected systems, leading to...
Cybersecurity Threat Advisory: Atlassian remote code execution (RCE) bugs
This Cybersecurity Threat Advisory highlights RCE vulnerabilities discovered in Atlassian Confluence Data Center & Server and Bamboo. Atlassian has released patches to address these security flaws, which could potentially allow attackers to execute arbitrary code on affected systems. Barracuda MSP...
Cybersecurity Threat Advisory: OpenSSH vulnerability on Linux systems
In this Cybersecurity Threat Advisory, a critical security flaw in OpenSSH, CVE-2023-38408 has been discovered. This vulnerability could potentially lead to remote code execution in OpenSSH’s forwarded SSH agent, affecting Linux systems and posing a significant threat to organizations’ cybersecurity posture....
Cybersecurity Threat Advisory: Zero-day vulnerabilities found in Atera RMM
The latest Cybersecurity Threat Advisory involves two zero-day vulnerabilities that were discovered in Atera RMM Windows installers. These two vulnerabilities are deemed critical and provide privilege escalation capabilities upon a successful exploitation. Barracuda MSP recommends updating to version 1.8.4.9 to...
Critical Adobe ColdFusion vulnerability
The latest cybersecurity threat advisory highlights vulnerabilities affecting Adobe ColdFusion versions 2018, 2021, and 2023, which are actively being exploited by threat actors in the wild. A successful exploitation can lead to arbitrary code execution and security feature bypass. Barracuda...
Critical vulnerabilities found in Fortinet and SonicWall products
In this cybersecurity threat advisory, Fortinet and SonicWall both advised of vulnerabilities found in their products. Fortinet shared that FortiOS and FortiProxy has a critical vulnerability where successful exploitation of the vulnerability allows an attacker to perform remote arbitrary code...
Cybersecurity Threat Advisory: New malware campaign targets banking institutions
A sophisticated malware campaign known as “Toitoin” is targeting banking firms in Latin America. The campaign employs evasive techniques, including the use of custom-built modules, encryption methods, and hosting malware on Amazon EC2 instances to evade detection. It is crucial...
Cybersecurity Threat Advisory: Critical VMware Aria Operations vulnerabilities
Two vulnerabilities were discovered in older versions of VMware Aria Operations for Networks and VMware Aria Operations for Logs. The vulnerabilities allow bad actors to perform remote code execution as the root user. Remote code execution can lead to system...
Cybersecurity Threat Advisory: Critical MOVEit vulnerability discovered
A critical vulnerability has been discovered in the MOVEit Transfer software, prompting urgent action from customers to patch their systems. This flaw, identified as CVE-2023-36934, allows an attacker to execute arbitrary commands on the affected system with elevated privileges without...
Cybersecurity Threat Advisory: New FortiNAC critical vulnerability update released
A critical remote code execution vulnerability (CVE-2023-33299) with a CVSS score of 9.6 has been discovered in Fortinet’s FortiNAC product. This vulnerability poses a significant risk as it could allow an unauthenticated user to execute unauthorized code or commands by...
