Tag: zero-day
Cybersecurity Threat Advisory: Chrome zero-day vulnerability
A critical zero-day vulnerability in Chrome has been identified, allowing unauthorized access and potential remote code execution on affected systems. Continue reading this Cybersecurity Threat Advisory for more information and to safeguard your systems now. What is the threat? The...
Cybersecurity Threat Advisory: Exploited Microsoft zero-day flaw
The hacker group Lazarus recently exploited a patched, zero-day flaw in Microsoft Windows. The vulnerability, tracked as CVE-2024-38193 with a CVSS score of 7.8, is a Bring Your Own Vulnerable Driver (BYOVD) vulnerability for Winsock. Continue reading this Cybersecurity Threat...
Cybersecurity Threat Advisory: Check Point zero-day vulnerability
Check Point has issued a warning regarding a critical zero-day vulnerability known as CVE-2024-24919. The vulnerability has a CVSS score of 7.5 and is being actively exploited by threat actors in the wild. This can potentially allow attackers to read...
Tech Time Warp: The history of Patch Tuesday
Mondays are manic, Wednesday is Hump Day, Thursdays are thirsty, and TGIF. What about poor Tuesday? Well, for the past 20 years, Tuesday has been the responsible workday, thanks to Microsoft. In this edition of Tech Time Warp, we see...
Cybersecurity Threat Advisory: Active exploitation of Microsoft vulnerability
Microsoft announced that a recently disclosed security flaw had been exploited just one day after it released fixes for the vulnerability. CVE-2024-21410, an Exchange Server vulnerability, with a CVSS score of 9.8, allows threat actors to escalate privileges of the...
Cybersecurity Threat Advisory: Ivanti zero-day vulnerabilities
Two vulnerabilities have been identified in Ivanti Connect Secure and Ivanti Policy Secure Gateways, CVE-2023-46805 and CVE-2024-21887 respectively, which when exploited together allow for unauthenticated remote code execution. These CVEs affect all supported versions of the products. Continue reading this...
Cybersecurity Threat Advisory: HTTP/2 vulnerability
Amazon Web Services (AWS), Cloudflare, and Google announced measures to mitigate unprecedented distributed denial-of-service (DDoS) attacks that utilize an innovative HTTP/2 Rapid Reset technique. In this Cybersecurity Threat Advisory, learn the details of this threat, what the risks are, and...
Cybersecurity Threat Advisory: Cisco IOS XE zero-day vulnerability
This latest Cybersecurity Threat Advisory involves a critical authentication bypass zero-day vulnerability (CVE-2023-20198) discovered in Cisco IOS XE software, allowing unauthenticated attackers to gain full administrator privileges over affected routers and switches. This vulnerability is of utmost concern as it...
Cybersecurity Threat Advisory: New Microsoft Word vulnerability
A new Microsoft Word vulnerability, CVE-2023-36761, was disclosed by Microsoft. This new vulnerability is rated 5.3 by NIST, a medium-level vulnerability but Microsoft has rated this as “Important”. Barracuda MSP recommends reviewing this Cybersecurity Threat Advisory in detail and follow...
Cybersecurity Threat Advisory: New Android zero-day exploit found
This Cybersecurity Threat Advisory involves a critical zero-day vulnerability affecting Android devices, tracked as CVE-2023-35674, posing a significant threat to Android users. This vulnerability allows malicious actors to execute arbitrary code remotely, potentially compromising sensitive user data and device functionality....