Recent flaws found in Ivanti Connect Secure and Policy Secure Gateways can lead to remote code execution (RCE) attacks. Review this Cybersecurity Threat Advisory to learn additional details and recommendations to keep your organization secure.
Two vulnerabilities were found in legacy D-Link products that have reached end-of-life (EoL) status. The vulnerabilities can cause command injection and backdoor account to these devices. This Cybersecurity Threat Advisory discusses the impact of the threat, as well as recommendations to mitigate risks these vulnerabilities may cause.
A supply chain vulnerability was found in XZ Utils that creates a backdoor into OpenSSH and can lead to remote code execution (RCE). Read this Cybersecurity Threat Advisory to learn about this supply chain vulnerability and how to reduce your risks.
Critical authentication bypass vulnerabilities have been identified in QNAP network attached storage (NAS) devices. These flaws pose significant risks, allowing unauthorized access to affected devices. Review the recommendations in this Cybersecurity Threat Advisory to ensure your systems are secure.
Microsoft announced that a recently disclosed security flaw had been exploited just one day after it released fixes for the vulnerability. CVE-2024-21410, an Exchange Server vulnerability, with a CVSS score of 9.8, allows threat actors to escalate privileges of the affected Exchange Server.
| A new security exploit, GoFetch, was found in Apple's M-chip architecture. It takes advantage of data memory-dependent prefetchers (DMPs) and could use the device as a new attack vector. Continue reading to learn how you can mitigate the risks associated with this threat. |
A new email threat, StrelaStealer malware, is targeting European and United States organizations. It spreads through phishing emails with attachments that execute its dynamic-link library (DLL) payload designed to steal email login data. This Cybersecurity Threat Advisory reviews the threat in detail and provides recommendations on how organizations can mitigate their risks.
Fortinet has released security updates for an unauthorized code execution vulnerability impacting their FortiClientEMS (Endpoint Management Server) product. The vulnerability, CVE-2023-48788, is related to a flaw that allows unauthenticated malicious actors to execute code or commands onto the server via purposely crafted requests. This Cybersecurity Threat Advisory highlights various recommendations to mitigate the potential impact on your devices.
The threat actor TA558 is conducting a phishing campaign targeting various sectors in Latin America, intending to deploy the remote access tool known as Venom RAT. LBT Technology Group encourages organizations to follow the recommendations detailed in this Cybersecurity Threat Advisory to mitigate the potential risk of this campaign.
The AWS "FlowFixation" vulnerability, while patched in September 2023, may still pose account hijacking risks within its Amazon Managed Workflows Apache Airflow (MWAA) service. Read this Cybersecurity Threat Advisory to learn the impact and security measures to mitigate risks associated with this vulnerability.
Malicious actors have launched a software supply chain attack targeting developers on the GitHub platform. LBT Technology Group, LLC. recommends taking proactive measures detailed in this Cybersecurity Threat Advisory to mitigate the risk.
A critical vulnerability (CVE-2024-1403) affecting Progress Software OpenEdge Authentication Gateway and AdminServer impacts versions 11.7.18 and earlier, 12.2.13 and earlier, and 12.8.0. The vulnerability allows unauthorized access due to manipulation of username and password combinations during the authentication process. Review this Cybersecurity Threat Advisory to minimize the potential impact on your systems.
A critical vulnerability is affecting many Fortinet devices. Approximately 150,000 Fortinet OS and FortiProxy Secure Web Gateway systems are believed to be exposed to this flaw. Continue reading this Cybersecurity Threat Advisory to learn how you can mitigate the potential risk and impact of this vulnerability.
There have been increasing reports of threat actors leveraging a classic malware delivery method in recent months: USB attacks. Continue reading to learn how you can prevent these attacks and reduce risks for your customers.
The iPhone 15's release is less than a week away, but if you're looking to get your hands on one of the high-end Pro or Pro Max models as soon as possible, you could be disappointed depending on where you shop.