Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: GitLab vulnerability could allow account takeover
GitLab released an advisory on Thursday, March 31st regarding a new critical vulnerability found in their product, currently being tracked as CVE-2022-1162. This vulnerability can lead to vulnerable account takeover when exploited. GitLab has released a security patch, and Barracuda...
Cybersecurity Threat Advisory: Vulnerability in Spring Cloud Can Trigger Attacks
Threat Update A newly discovered critical vulnerability in Spring Cloud function (tracked as CVE-2022-22963), a Spring module used for streamlining data processing. This vulnerability can allow an unauthenticated remote attacker to send a specially crafted HTTP header to Spring Cloud...
Cybersecurity Threat Advisory: Spring Framework Zero-Day Vulnerability Can Cause RCE Attacks
Threat Update Security professionals have identified a new zero-day vulnerability in the Spring Framework, an application development framework for Java. This vulnerability (tracked as CVE-2022-22965) can allow attackers to execute unauthenticated remote code. Spring has released Spring Framework versions 5.3.18...
Cybersecurity Threat Advisory: SonicWall Releases Hotfix for RCE/DoS Vulnerability
Threat Update SonicWall has released a hotfix for a critical RCE / DoS vulnerability that affects a subset of their firewall devices. This vulnerability (tracked as CVE-2022-22274) in Sonic OS allows an unauthenticated remote attacker to perform denial of service...
Cybersecurity Threat Advisory: Threat Actors Could Target Sophos Firewall
Threat Update Sophos has disclosed a critical-level authentication bypass vulnerability (CVE-2022-1040) that impacts Sophos Firewall v18.5 and below. If this vulnerability is exploited, an attacker could get unfettered access to the firewall and execute remote code at will. Barracuda MSP’s...
Cybersecurity Threat Advisory: “TLStorm” vulnerability found in APC Smart-UPS devices
The security firm Armis has located three vulnerabilities in Schneider Electric’s APC Smart-UPS devices. These flaws are being tracked under the name “TLStorm.” This vulnerability can enable remote attackers to control the power of millions of enterprise devices to conduct...
Cybersecurity Threat Advisory: Dirty pipe Linux vulnerability provides privilege escalation
Security researchers have discovered and released information on new vulnerabilities and kernel level exploits to the public. The vulnerabilities: CVE-2022-049 and CVE-2022-0847 are some of the highest severity exploits and affect out-of-date Linux distros. Due to the similarities with the...
Cybersecurity Threat Advisory: RCE in Okta Advanced Server Access Client
Threat Update The Okta Advanced Server Access Windows client is vulnerable to an unauthenticated remote code execution vulnerability. Thousands of companies rely on Okta to provide zero-trust identity and access management for cloud and on-premises infrastructure. This vulnerability can be...
Cybersecurity Threat Advisory: Cisco Nexus Series Switches Command Injection Vulnerability
Threat Update Cisco has released several patches to resolve vulnerabilities in their Cisco Nexus Series Switches. These vulnerabilities include critical flaws related to command injection, as well as three Denial of Service bugs in the NX-OS. These vulnerabilities are tracked...
Cybersecurity Threat Advisory: Malware and Ransomware Attacks For Ukrainian organizations
Threat Update In the ongoing conflict between Russia and Ukraine, security experts have been observing cyberattacks targeting Ukrainian government departments with overwhelming levels of Internet traffic and data-wiping malware. Upon further analysis, the Ukrainian government has found software and tactics...
