The Information Highway

The Information Highway

Critical Veeam RCE bug now used in Frag ransomware attacks

Veeam

After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware.

Continue reading
  181 Hits

VMware critical vulnerability

Threat-Advisory-Banner3

Threat update

VMware has recently released software updates to address a security flaw believed to have already been patched in vCenter Server. The vulnerability, known as CVE-2024-38812 with a CVSS score of 9.8, is a heap-overflow vulnerability. Continue reading this Cybersecurity Threat Advisory to mitigate your risk.

Continue reading
  131 Hits

Apache Avro SDK vulnerability

Threat-Advisory-Banner3

Threat update

A critical security flaw in the Apache Avro Java Software Development Kit (SDK), tracked as CVE-2024-47561, poses a significant threat to systems using this data serialization framework. A successful exploitation allows an attacker to execute arbitrary code on vulnerable instances. Continue reading this Cybersecurity Threat Advisory to learn how you can mitigate your risk.

Continue reading
  187 Hits

Ivanti warns of another critical CSA flaw exploited in attacks

ivanti-headpic

 Today, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers.

Continue reading
  274 Hits

R Programming Vulnerability

Threat-Advisory-Banne2r

Threat update

A critical security flaw known as CVE-2024-27322 with a CVSS score of 8.8, has been discovered within the R programming language. Attackers can craft malicious RDS files or R packages that embed arbitrary R code. 

Continue reading
  549 Hits

Active exploitation of Microsoft vulnerability

Threat-Advisory-Banner

Threat update

Microsoft announced that a recently disclosed security flaw had been exploited just one day after it released fixes for the vulnerability. CVE-2024-21410, an Exchange Server vulnerability, with a CVSS score of 9.8, allows threat actors to escalate privileges of the affected Exchange Server.

Continue reading
  676 Hits

Google Chrome emergency update fixes 6th zero-day exploited in 2023

Google_Chrome

Google has fixed the sixth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks. 

Continue reading
  769 Hits

Exploit released for Microsoft SharePoint Server auth bypass flaw

SharePoint

Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation. 

Continue reading
  1080 Hits

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023