Tag: zero-day

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Fortinet authentication vulnerability

Cybersecurity Threat Advisory: Fortinet authentication vulnerability

A critical Fortinet authentication bypass vulnerability, CVE-2024-55591, is actively exploited in the wild. This vulnerability impacts FortiOS and FortiProxy, with a CVSS score of 9.6. Continue reading this Cybersecurity Threat Advisory to learn the necessary steps to protect your environment....

/ January 27, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: SonicWall SMA1000 vulnerability

Cybersecurity Threat Advisory: SonicWall SMA1000 vulnerability

A pre-authentication deserialization vulnerability has been discovered in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) and is already being used in zero-day attacks. Review the details within this Cybersecurity Threat Advisory to protect your organization. What...

/ January 24, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Active exploitation of Ivanti’s Connect Secure VPN

Cybersecurity Threat Advisory: Active exploitation of Ivanti’s Connect Secure VPN

A critical Ivanti Connect Secure VPN vulnerability, identified as CVE-2025-0282, was disclosed. Threat actors are actively exploiting it in the wild, primarily targeting organizations relying on Ivanti’s Zero Trust Access (ZTA) solutions. Review this Cybersecurity Threat Advisory to see how...

/ January 13, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: RomCom exploits vulnerabilities

Cybersecurity Threat Advisory: RomCom exploits vulnerabilities

Recent reports have uncovered that a threat actor known as RomCom has been exploiting two zero-day vulnerabilities, one in Mozilla Firefox and another in Microsoft Windows, to deploy their proprietary backdoor malware. These vulnerabilities, CVE-2024-9680 and CVE-2024-49039, have been actively...

/ November 28, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Chrome zero-day vulnerability

Cybersecurity Threat Advisory: Chrome zero-day vulnerability

A critical zero-day vulnerability in Chrome has been identified, allowing unauthorized access and potential remote code execution on affected systems. Continue reading this Cybersecurity Threat Advisory for more information and to safeguard your systems now. What is the threat? The...

/ September 5, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Exploited Microsoft zero-day flaw

Cybersecurity Threat Advisory: Exploited Microsoft zero-day flaw

The hacker group Lazarus recently exploited a patched, zero-day flaw in Microsoft Windows. The vulnerability, tracked as CVE-2024-38193 with a CVSS score of 7.8, is a Bring Your Own Vulnerable Driver (BYOVD) vulnerability for Winsock. Continue reading this Cybersecurity Threat...

/ August 21, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Check Point zero-day vulnerability

Cybersecurity Threat Advisory: Check Point zero-day vulnerability

Check Point has issued a warning regarding a critical zero-day vulnerability known as CVE-2024-24919. The vulnerability has a CVSS score of 7.5 and is being actively exploited by threat actors in the wild. This can potentially allow attackers to read...

/ June 3, 2024
patchwork
Tech Time Warp: The history of Patch Tuesday

Tech Time Warp: The history of Patch Tuesday

Mondays are manic, Wednesday is Hump Day, Thursdays are thirsty, and TGIF. What about poor Tuesday? Well, for the past 20 years, Tuesday has been the responsible workday, thanks to Microsoft. In this edition of Tech Time Warp, we see...

/ February 23, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Active exploitation of Microsoft vulnerability

Cybersecurity Threat Advisory: Active exploitation of Microsoft vulnerability

Microsoft announced that a recently disclosed security flaw had been exploited just one day after it released fixes for the vulnerability. CVE-2024-21410, an Exchange Server vulnerability, with a CVSS score of 9.8, allows threat actors to escalate privileges of the...

/ February 21, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Ivanti zero-day vulnerabilities

Cybersecurity Threat Advisory: Ivanti zero-day vulnerabilities

Two vulnerabilities have been identified in Ivanti Connect Secure and Ivanti Policy Secure Gateways, CVE-2023-46805 and CVE-2024-21887 respectively, which when exploited together allow for unauthenticated remote code execution. These CVEs affect all supported versions of the products. Continue reading this...

/ January 16, 2024