Tag: zero-day vulnerability
Cybersecurity Threat Advisory: Ivanti zero-day vulnerabilities
Two vulnerabilities have been identified in Ivanti Connect Secure and Ivanti Policy Secure Gateways, CVE-2023-46805 and CVE-2024-21887 respectively, which when exploited together allow for unauthenticated remote code execution. These CVEs affect all supported versions of the products. Continue reading this...
Cybersecurity Threat Advisory: Critical Outlook vulnerability exploited
Microsoft recently discovered Russian state-sponsored hacker group APT28 (“Fancybear” or “Strontium”) exploiting a critical Outlook flaw to gain access to Microsoft Exchange accounts and steal their critical information. This Cybersecurity Threat Advisory looks at the threat and recommendations to protect...
Cybersecurity Threat Advisory: Atlassian confluence vulnerability
This Cybersecurity Threat Advisory highlights a new security flaw that has recently been discovered in Atlassian’s Confluence Data Center and Server, which could result in significant data loss if exploited. Tracked as CVE-2023-22518, this vulnerability is rated 9.1 out of...
Cybersecurity Threat Advisory: Cisco IOS XE zero-day vulnerability
This latest Cybersecurity Threat Advisory involves a critical authentication bypass zero-day vulnerability (CVE-2023-20198) discovered in Cisco IOS XE software, allowing unauthenticated attackers to gain full administrator privileges over affected routers and switches. This vulnerability is of utmost concern as it...
Cybersecurity Threat Advisory: Critical Acrobat and Reader zero-day vulnerability
This Cybersecurity Threat Advisory shares information on the new Adobe zero-day vulnerability detected in Acrobat and Reader. Adobe has taken proactive measures by issuing security updates to this zero-day vulnerability, which has been exploited in attacks. While comprehensive details about...
Cybersecurity Threat Advisory: Microsoft .NET vulnerability
This Cybersecurity Threat Advisory highlights a patched security flaw in Microsoft .NET and Visual Studio products that has been cited for active exploitation. To mitigate this vulnerability, users are advised to apply security updates as soon as possible. What is...
Cybersecurity Threat Advisory: Citrix Zero-Day Vulnerability
Today, Citrix has released a critical security update to address a zero-day vulnerability. Upon a successful exploitation, an unauthenticated remote attacker could perform code execution leading to system takeover. Both Citrix and the NSA stated they are aware of targeted...
Cybersecurity Threat Advisory: New Microsoft Exchange Server zero-day vulnerability
Researchers from GTSC found a new zero-day vulnerability for Microsoft Exchange Server in the wild. Upon successful exploitation, threat actors can perform RCE (Remote Code Execution) via a backdoor onto the compromised system. GTSC has released a report outlining the...
Cybersecurity Threat Advisory: critical vulnerability affecting Atlassian Confluence Server
A zero-day exploit has been discovered in all versions of Atlassian Confluence Server and Data Center products. This vulnerability is actively being exploited by cyberattackers. It allows threat actors to gain full control of vulnerable systems without using credentials and...