The Information Highway

The Information Highway

Critical GitLab bug

Threat-Advisory-Banne2r

Threat update

 A critical vulnerability in GitLab, labeled CVE-2023-7028, is under active attack by threat actors to achieve account takeover, as reported by the Cybersecurity and Infrastructure Security Agency (CISA).

Continue reading
  474 Hits

R Programming Vulnerability

Threat-Advisory-Banne2r

Threat update

A critical security flaw known as CVE-2024-27322 with a CVSS score of 8.8, has been discovered within the R programming language. Attackers can craft malicious RDS files or R packages that embed arbitrary R code. 

Continue reading
  467 Hits

Active exploit of Atlassian Confluence

Threat-Advisory-Banne2r

Threat update

This Cybersecurity Threat Advisory details the exploitation of the critical vulnerability CVE-2023-22518 in the Atlassian Confluence Data Center and Server. Attackers are deploying a Linux variant of Cerber (aka C3RB3R) ransomware. This allows unauthenticated attackers to reset Confluence and create administrator accounts, granting them complete control over affected systems.

Continue reading
  578 Hits

LayerSlider SQL injection vulnerability

Threat-Advisory-Banne2r

Threat update

An unauthenticated Structured Query Language (SQL) injection vulnerability, known as CVE-2024-2879, has been found in the WordPress plugin LayerSlider.

Continue reading
  537 Hits

Critical flaws in Ivanti

Threat-Advisory-Banner

Threat update

Recent flaws found in Ivanti Connect Secure and Policy Secure Gateways can lead to remote code execution (RCE) attacks. Review this Cybersecurity Threat Advisory to learn additional details and recommendations to keep your organization secure. 

Continue reading
  603 Hits

D-Link NAS vulnerabilities

Threat-Advisory-Banner

Threat update

Two vulnerabilities were found in legacy D-Link products that have reached end-of-life (EoL) status. The vulnerabilities can cause command injection and backdoor account to these devices. This Cybersecurity Threat Advisory discusses the impact of the threat, as well as recommendations to mitigate risks these vulnerabilities may cause.

Continue reading
  520 Hits

XZ Utils supply chain vulnerability

Threat-Advisory-Banner

Threat update

A supply chain vulnerability was found in XZ Utils that creates a backdoor into OpenSSH and can lead to remote code execution (RCE). Read this Cybersecurity Threat Advisory to learn about this supply chain vulnerability and how to reduce your risks. 

Continue reading
  566 Hits

New vulnerability in Apple M-chip

Threat-Advisory-Banner

Threat update

A new security exploit, GoFetch, was found in Apple's M-chip architecture. It takes advantage of data memory-dependent prefetchers (DMPs) and could use the device as a new attack vector. Continue reading to learn how you can mitigate the risks associated with this threat.
Continue reading
  580 Hits

StrelaStealer malware targets organizations

Threat-Advisory-Banner

Threat update

A new email threat, StrelaStealer malware, is targeting European and United States organizations. It spreads through phishing emails with attachments that execute its dynamic-link library (DLL) payload designed to steal email login data. This Cybersecurity Threat Advisory reviews the threat in detail and provides recommendations on how organizations can mitigate their risks. 

Continue reading
  639 Hits

TA558 phishing campaign

Threat-Advisory-Banner

Threat update

 The threat actor TA558 is conducting a phishing campaign targeting various sectors in Latin America, intending to deploy the remote access tool known as Venom RAT. LBT Technology Group encourages organizations to follow the recommendations detailed in this Cybersecurity Threat Advisory to mitigate the potential risk of this campaign.

Continue reading
  705 Hits

AWS 'FlowFixation' vulnerabiltiy

Threat-Advisory-Banner

Threat update

The AWS "FlowFixation" vulnerability, while patched in September 2023, may still pose account hijacking risks within its Amazon Managed Workflows Apache Airflow (MWAA) service. Read this Cybersecurity Threat Advisory to learn the impact and security measures to mitigate risks associated with this vulnerability. 

Continue reading
  539 Hits

OpenEdge authentication bypass vulnerability

Threat-Advisory-Banner

Threat update

A critical vulnerability (CVE-2024-1403) affecting Progress Software OpenEdge Authentication Gateway and AdminServer impacts versions 11.7.18 and earlier, 12.2.13 and earlier, and 12.8.0. The vulnerability allows unauthorized access due to manipulation of username and password combinations during the authentication process. Review this Cybersecurity Threat Advisory to minimize the potential impact on your systems.

Continue reading
  1406 Hits

Critical Fortinet vulnerability

Threat-Advisory-Banner

Threat update

 A critical vulnerability is affecting many Fortinet devices. Approximately 150,000 Fortinet OS and FortiProxy Secure Web Gateway systems are believed to be exposed to this flaw. Continue reading this Cybersecurity Threat Advisory to learn how you can mitigate the potential risk and impact of this vulnerability.

Continue reading
  624 Hits

USB attacks

Threat-Advisory-Banner

Threat update

There have been increasing reports of threat actors leveraging a classic malware delivery method in recent months: USB attacks. Continue reading to learn how you can prevent these attacks and reduce risks for your customers. 

Continue reading
  691 Hits

Apple Watch X reportedly coming with game-changing health feature

AWX

Blood pressure reading could be on the way

An innovative device called Apple Watch X could be in the works to mark the 10th generation of Apple's smartwatch division. According to a new report, the mysterious Apple Watch X looks to usher in major upgrades, including the debut of a long-rumored health sensor.

Continue reading
  1137 Hits

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023