Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Email Bombing
Advisory Overview Threat actors have recently increased attempts to take email servers offline by overloading the servers with thousands of email messages (known as “email bombing”). This attack is similar to a Denial of Service (DOS) attack, where hundreds of...
Cybersecurity Threat Advisory: McAfee Antivirus and Symantec Endpoint LPE Flaw
Advisory Overview Recently, both McAfee and Symantec anti-malware tools were discovered to have vulnerabilities that allowed a threat actor to overcome the protection systems that these tools typically provide. While the attack requires the threat actor to have Administrative privileges...
Cybersecurity Threat Advisory: Zombieload targeting 8th and 9th Generation Intel CPU’s
Advisory Overview As with several other exploits targeted at how Intel processors handle digital operations, “Zombieload” is an exploit used by threat actors to compromise information being processed by an Intel CPU. Some vulnerabilities allow a threat actor to steal...
Cybersecurity Threat Advisory: PHP Vulnerability Affects PHP-FPM
Advisory Overview NGINX is a highly popular website platform which utilizes many different plug-ins and add-ons to enhance its native functionality. NGINX websites which use PHP-FPM (a set of software technologies that work to improve website performance and page loading)...
Cybersecurity Threat Advisory: Exploit Found in Google Chrome
Advisory Overview Google Chrome is an extremely popular Internet Browser produced and distributed by Google for free. Within the last week, two vulnerabilities have been found in the browser that can allow an attacker to execute scripts and other actions...
Cybersecurity Threat Advisory: Adobe Creative Cloud User Data Exposed
Advisory Overview: Security researchers discovered that subscriber information for Adobe’s Creative Cloud was exposed to the public due to an unencrypted database cache. Technical detail and additional information: What is the threat? Although the database storing customer information was secured,...
Cybersecurity Threat Advisory: Adobe Out-of-Band Security Patches
Advisory Overview Adobe Creative Cloud is a popular platform for the use of many different Adobe applications and services. Recently, security researchers uncovered a database cache which was not properly secured to prevent access by unauthorized parties. A database cache...
Cybersecurity Threat Advisory: Cisco Addresses Serious Flaws in Wireless Access Points
Advisory Overview Cisco, one of the leading networking hardware manufacturers, routinely updates and patches components of their product line. Recently, one of these update sets applied to Cisco Aironet wireless access points (WAP’s). WAP’s extend the coverage of a WIFI...
Cybersecurity Threat Advisory: D-Link Routers Unauthenticated Vulnerability
Advisory Overview Several older D-Link routers have a known vulnerability that can allow an attacker to use a legitimate communications channel in illegitimate ways. Through this vulnerability, and attacker could send program code or files that can allow the attacker...
Cybersecurity Threat Advisory: New Microsoft NTLM Flaws May Allow Full Domain Compromise
Advisory Overview NTLM is one of several methods that can be used to authenticate and confirm the identity of a user within a Windows-based network. Two flaws in NTLM were recently found which could allow an attacker to trick NTLM...
