The Information Highway

The Information Highway

Palo Alto PAN-OS RCE vulnerability

Threat-Advisory-Banner3

Threat update

A threat advisory was issued to Palo Alto customers notifying them of a vulnerability in the PAN-OS interface that can lead to remote code execution (RCE).

Continue reading
  92 Hits

Microsoft SharePoint RCE bug exploited to breach corporate network

SharePoint

A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks.

Continue reading
  89 Hits

CISA says critical Fortinet RCE flaw now exploited in attacks

Fortinet

Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild.

Continue reading
  151 Hits

Critical flaw in NVIDIA Container Toolkit allows full host takeover

0_NVIDIA_headpic

 A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premises environment that rely on it to access GPU resources.

Continue reading
  257 Hits

SolarWinds ARM vulnerabilities

Threat-Advisory-Banner3

Threat update

SolarWinds has issued patches to address two vulnerabilities in its Access Rights Manager (ARM) software. Out of the two, one is a critical vulnerability that can lead to remote code execution (RCE).



Continue reading
  272 Hits

Researchers find SQL injection to bypass airport TSA security checks

Airport

 Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to aircraft cockpits.

Continue reading
  280 Hits

Critical SonicOS Vulnerability

Threat-Advisory-Banner3

Threat update

A critical vulnerability has been identified in the SonicWall SonicOS management access. 

Continue reading
  238 Hits

Atlassian Confluence RCE vulnerability

Threat-Advisory-Banner3

Threat update

A new high-severity remote code execution (RCE) vulnerability known as CVE-2024-21683 has been discovered in Atlassian's Confluence Data Center and Server. This vulnerability permits an attacker with an account on the service to gain server control. Review this Cybersecurity Threat Advisory for more information and to limit your risk now.

Continue reading
  363 Hits

Phoenix UEFI vulnerability impacts hundreds of Intel PC models

cpu-motherboard

A newly discovered vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts devices running numerous Intel CPUs, with Lenovo already releasing new firmware updates to resolve the flaw.

Continue reading
  443 Hits

New Microsoft Outlook client vulnerability

Threat-Advisory-Banner3

Threat update

A recent Microsoft Outlook client zero-click remote code execution (RCE) vulnerability, CVE-2024-30103, has a CVSS score of 8.8. 

Continue reading
  540 Hits

Critical GitLab bug

Threat-Advisory-Banne2r

Threat update

 A critical vulnerability in GitLab, labeled CVE-2023-7028, is under active attack by threat actors to achieve account takeover, as reported by the Cybersecurity and Infrastructure Security Agency (CISA).

Continue reading
  487 Hits

AWS 'FlowFixation' vulnerabiltiy

Threat-Advisory-Banner

Threat update

The AWS "FlowFixation" vulnerability, while patched in September 2023, may still pose account hijacking risks within its Amazon Managed Workflows Apache Airflow (MWAA) service. Read this Cybersecurity Threat Advisory to learn the impact and security measures to mitigate risks associated with this vulnerability. 

Continue reading
  558 Hits

OpenEdge authentication bypass vulnerability

Threat-Advisory-Banner

Threat update

A critical vulnerability (CVE-2024-1403) affecting Progress Software OpenEdge Authentication Gateway and AdminServer impacts versions 11.7.18 and earlier, 12.2.13 and earlier, and 12.8.0. The vulnerability allows unauthorized access due to manipulation of username and password combinations during the authentication process. Review this Cybersecurity Threat Advisory to minimize the potential impact on your systems.

Continue reading
  1422 Hits

Critical Fortinet vulnerability

Threat-Advisory-Banner

Threat update

 A critical vulnerability is affecting many Fortinet devices. Approximately 150,000 Fortinet OS and FortiProxy Secure Web Gateway systems are believed to be exposed to this flaw. Continue reading this Cybersecurity Threat Advisory to learn how you can mitigate the potential risk and impact of this vulnerability.

Continue reading
  648 Hits

Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware

back

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code.

Continue reading
  622 Hits

KeyTrap attack: Internet access disrupted with one DNS packet

world-internet-network

A serious vulnerability named KeyTrap in the Domain Name System Security Extensions (DNSSEC) feature could be exploited to deny internet access to applications for an extended period.


Continue reading
  690 Hits

Multiple NFT collections at risk by flaw in open-source library

Thirdweb

A vulnerability in an open-source library that is common across the Web3 space impacts the security of pre-built smart contracts, affecting multiple NFT collections, including Coinbase. 

Continue reading
  882 Hits

Hackers breach US govt agencies using Adobe ColdFusion exploit

CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. 

Continue reading
  800 Hits

Over 640 Citrix servers backdoored with web shells in ongoing attacks

citrix

Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting a critical remote code execution (RCE) vulnerability tracked as CVE-2023-3519. 

Continue reading
  1384 Hits

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023