Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: UK National Cyber Security Centre Urges Python Migration
Advisory Overview: The UK National Cyber Security Centre (NCSC) has warned developers to migrate from Python 2.X to Python 3.X based code due to an upcoming end of life date of January 1st, 2020. By continuing to use unsupported versions...
Cybersecurity Threat Advisory: Pulse Connect Secure VPN and FortiGate SSL VPN Vulnerability
Advisory Overview: Researchers have discovered critical security flaws in FortiGate and Pulse Connect Virtual Private Network (VPN) systems. VPN’s are routinely used to secure online communication, such as between a remote worker’s desktop and the corporate network, and are very...
Cybersecurity Threat Advisory: Supplemental Advisory for the BlueKeep Vulnerability
Advisory Overview: Microsoft recently undertook efforts to protect Windows desktops and servers against a threat known as BlueKeep, a vulnerability in Remote Desktop Protocol – a tool used to remotely access a Windows desktop or server. During these efforts, Microsoft...
Cybersecurity Threat Advisory: A New ‘Arbitrary File Copy’ Vulnerability Affects ProFTPD
Advisory Overview A popular and widely used server software package called ProFTPd has been found to have a vulnerability. This software runs on many different types of servers, including Windows, UNIX, and Linux; and provides File Transfer Protocol (FTP) services....
Cybersecurity Threat Advisory: Capital One Data Breach Disclosure
Overview: On Monday June 29, 2019, Capital One (a financial services company that handles credit cards for their own brand and many 3rd-Party brands) publicly disclosed a significant data breach exposing personally identifiable information for millions of their customers. The...
Cybersecurity Threat Advisory: Router Attack has Hijacked over 180,000 Brazilian routers
Advisory Overview Threat actors have been changing settings on home and small-business routers manufactured by D-Link in order to re-route users to malicious websites. The changes are made after a user loads a website that contains a “poisoned” advertisement –...
Cybersecurity Threat Advisory: Lenovo-EMC Device Storage Leak Vulnerability
Advisory Overview Several different Lenovo-EMC Network Attached Storage (NAS) devices – including those from the Iomega NAS device line – have critical vulnerabilities that must be patched. These devices, if left unpatched, have the ability to allow a threat actor...
Cybersecurity Threat Advisory: Zoom Conferencing Software Vulnerability Disclosure
What is the threat As reported by security researcher Johnathan Leitschuh via his Medium account, current Zoom Conferencing client software versions on Macintosh systems have a known vulnerability that allows a malicious actor to force-join a user to a new...
Cybersecurity Threat Advisory: Threat Actors Have Obtained Cellular Network Customer Data
What is the threat? A long-term, focused theft of call detail records from hacked cell network providers has been uncovered by a group of cybersecurity researchers. Threat actors stole massive amounts of call detail records including – but not limited...
Cybersecurity Threat Advisory: Microsoft Excel Power Query Vulnerability
What is the threat? A feature in Microsoft Excel called Power Query is vulnerable to attack by threat actors leveraging the way this feature accesses data outside the spreadsheet that it resides in. Power Query is a legitimate feature; which...
