The Information Highway

The Information Highway

Critical flaws in Ivanti

Threat-Advisory-Banner

Threat update

Recent flaws found in Ivanti Connect Secure and Policy Secure Gateways can lead to remote code execution (RCE) attacks. Review this Cybersecurity Threat Advisory to learn additional details and recommendations to keep your organization secure. 

Continue reading
  603 Hits

D-Link NAS vulnerabilities

Threat-Advisory-Banner

Threat update

Two vulnerabilities were found in legacy D-Link products that have reached end-of-life (EoL) status. The vulnerabilities can cause command injection and backdoor account to these devices. This Cybersecurity Threat Advisory discusses the impact of the threat, as well as recommendations to mitigate risks these vulnerabilities may cause.

Continue reading
  520 Hits

XZ Utils supply chain vulnerability

Threat-Advisory-Banner

Threat update

A supply chain vulnerability was found in XZ Utils that creates a backdoor into OpenSSH and can lead to remote code execution (RCE). Read this Cybersecurity Threat Advisory to learn about this supply chain vulnerability and how to reduce your risks. 

Continue reading
  566 Hits

Critical vulnerabilities in QNAP devices

Threat-Advisory-Banner

Threat update

Critical authentication bypass vulnerabilities have been identified in QNAP network attached storage (NAS) devices. These flaws pose significant risks, allowing unauthorized access to affected devices. Review the recommendations in this Cybersecurity Threat Advisory to ensure your systems are secure. 

Continue reading
  2441 Hits

Active exploitation of Microsoft vulnerability

Threat-Advisory-Banner

Threat update

Microsoft announced that a recently disclosed security flaw had been exploited just one day after it released fixes for the vulnerability. CVE-2024-21410, an Exchange Server vulnerability, with a CVSS score of 9.8, allows threat actors to escalate privileges of the affected Exchange Server.

Continue reading
  624 Hits

New vulnerability in Apple M-chip

Threat-Advisory-Banner

Threat update

A new security exploit, GoFetch, was found in Apple's M-chip architecture. It takes advantage of data memory-dependent prefetchers (DMPs) and could use the device as a new attack vector. Continue reading to learn how you can mitigate the risks associated with this threat.
Continue reading
  580 Hits

StrelaStealer malware targets organizations

Threat-Advisory-Banner

Threat update

A new email threat, StrelaStealer malware, is targeting European and United States organizations. It spreads through phishing emails with attachments that execute its dynamic-link library (DLL) payload designed to steal email login data. This Cybersecurity Threat Advisory reviews the threat in detail and provides recommendations on how organizations can mitigate their risks. 

Continue reading
  639 Hits

Fortinet FortiClientEMS critical vulnerability

Threat-Advisory-Banner

Threat update

 Fortinet has released security updates for an unauthorized code execution vulnerability impacting their FortiClientEMS (Endpoint Management Server) product. The vulnerability, CVE-2023-48788, is related to a flaw that allows unauthenticated malicious actors to execute code or commands onto the server via purposely crafted requests. This Cybersecurity Threat Advisory highlights various recommendations to mitigate the potential impact on your devices.

Continue reading
  532 Hits

TA558 phishing campaign

Threat-Advisory-Banner

Threat update

 The threat actor TA558 is conducting a phishing campaign targeting various sectors in Latin America, intending to deploy the remote access tool known as Venom RAT. LBT Technology Group encourages organizations to follow the recommendations detailed in this Cybersecurity Threat Advisory to mitigate the potential risk of this campaign.

Continue reading
  705 Hits

AWS 'FlowFixation' vulnerabiltiy

Threat-Advisory-Banner

Threat update

The AWS "FlowFixation" vulnerability, while patched in September 2023, may still pose account hijacking risks within its Amazon Managed Workflows Apache Airflow (MWAA) service. Read this Cybersecurity Threat Advisory to learn the impact and security measures to mitigate risks associated with this vulnerability. 

Continue reading
  539 Hits

GitHub supply chain attack

Threat-Advisory-Banner

Threat update

Malicious actors have launched a software supply chain attack targeting developers on the GitHub platform. LBT Technology Group, LLC. recommends taking proactive measures detailed in this Cybersecurity Threat Advisory to mitigate the risk. 

Continue reading
  561 Hits

OpenEdge authentication bypass vulnerability

Threat-Advisory-Banner

Threat update

A critical vulnerability (CVE-2024-1403) affecting Progress Software OpenEdge Authentication Gateway and AdminServer impacts versions 11.7.18 and earlier, 12.2.13 and earlier, and 12.8.0. The vulnerability allows unauthorized access due to manipulation of username and password combinations during the authentication process. Review this Cybersecurity Threat Advisory to minimize the potential impact on your systems.

Continue reading
  1406 Hits

Critical Fortinet vulnerability

Threat-Advisory-Banner

Threat update

 A critical vulnerability is affecting many Fortinet devices. Approximately 150,000 Fortinet OS and FortiProxy Secure Web Gateway systems are believed to be exposed to this flaw. Continue reading this Cybersecurity Threat Advisory to learn how you can mitigate the potential risk and impact of this vulnerability.

Continue reading
  624 Hits

USB attacks

Threat-Advisory-Banner

Threat update

There have been increasing reports of threat actors leveraging a classic malware delivery method in recent months: USB attacks. Continue reading to learn how you can prevent these attacks and reduce risks for your customers. 

Continue reading
  691 Hits

iPhone 15 Pro delays — here’s the latest delivery dates

ZpiLaLBScsgFRFQPj2mWSi-1200-80

The current waiting times for all high-end iPhone 15 models

The iPhone 15's release is less than a week away, but if you're looking to get your hands on one of the high-end Pro or Pro Max models as soon as possible, you could be disappointed depending on where you shop. 

Continue reading
  988 Hits

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023