CVE-2024-20360: SQL injection vulnerability affecting Cisco Firepower Management Center
Cisco fixed a vulnerability in the web-based management interface of the Firepower Management Center (FMC) Software, identified as CVE-2024-20360 (CVSS […]
Ivanti Fixes Several vulnerabilities Affecting Endpoint Manager (EPM)
Ivanti Endpoint Manager consists of a wide variety of powerful and easy-to-use tools that allaAll clients, devices and user profiles […]
CVE-2024-4985: GitHub Enterprise Server Authentication Bypass Vulnerability
GitHub Enterprise Server is a self-hosted platform that facilitates software development, scaling, and delivery for enterprises. For businesses needing greater […]
CVE-2024-29849: Critical Veeam Vulnerability Leads to Authentication Bypass
Veeam Backup Enterprise Manager, An administrative console is intended to assist in managing the tasks associated with Veeam Backup & […]
May 2024 – Microsoft Patch Tuesday Highlights
Microsoft has fixed two zero-day vulnerabilities that are known to be exploited in the wild in this month’s security patches. […]
Zscaler Capabilities and Its Use in Threat Detection and Response
Background The emergence of cloud-based services has changed how businesses approach network security in the always changing field of cybersecurity. […]
CVE-2024-3400: Palo Alto PAN-OS Command Injection Vulnerability
Background Palo Alto Networks discovered a significant vulnerability in PAN-OS software used in security appliances such as next-generation firewalls on […]
Latrodectus: A New Malware Emerges in Phishing Campaigns
Key Points Latrodectus, an evolution of the IcedID loader, was discovered in malicious email campaigns since November 2023. Researchers at […]
Critical Vulnerabilities Affecting FortiOS, FortiProxy, and FortiClientEMS
Background Five Fortinet advisories that address vulnerabilities in a variety of products, such as FortiOS and FortiProxy SSLVPN, FortiWLM MEA […]
Critical Fixes for March 2024 Patch Tuesday
Background Microsoft has issued Patch Tuesday for March 2024, fixing 61 security flaws. Two vulnerabilities are categorized as critical in […]
ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)
ConnectWise released a major advisory on February 19, 2024, addressing two extremely serious vulnerabilities affecting ScreenConnect versions 23.9.7 and earlier: […]
CVE-2024-22245: VMware Requests EAP Uninstall ASAP
This week, VMware published a security advisory addressing two vulnerabilities detected in the VMware Enhanced Authentication Plug-in (EAP): one recorded […]
CVE-2024-21413: Critical MonikerLink Vulnerability in Outlook
An intriguing vulnerability in how Outlook handles particular hyperlinks has been found, and threat actors have been known to use […]
Living-Off-the-Land (LOTL) Attack
LOTL Attack: In a LOTL attack, the hacker uses features and tools already available in the target system to continue […]
CVE-2024-21762: Critical Fortinet FortiOS Vulnerability
Background Two serious FortiOS vulnerabilities were discovered by Fortinet’s FortiGuard on February 8, 2024. Unauthenticated threat actors may be able […]
Alert Advisory: Customer Advice Regarding the AnyDesk Incident
Remote Desktop Software AnyDesk recently faced a cyberattack. On February 1st, 2024, AnyDesk revealed that a cyber attack had allowed […]
CVE-2024-21893: New Ivanti Zero-Day Vulnerability Actively Exploited
Employees, partners, and clients may access business data and apps securely and under control with the help of Ivanti Connect […]
CVE-2024-21591: Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches
Junos OS simplifies and fine-tunes network operations, increasing operational efficiency and vital time and resources for top-line growth. Many of […]
JinxLoader Loader Used to Spread Formbook and XLoader
Based on the Go programming language, JinxLoader is a recently found malware loader that fraud-related actors are now using to […]
CVE-2024-20272: Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability
Cisco recently resolved a significant security vulnerability in the Unity Connection. Unity Connection is a fully virtualized messaging and voicemail […]
CVE-2023-39336: SQL Injection Vulnerability in Ivanti Endpoint Manager
Ivanti Endpoint Manager is an all-in-one endpoint management solution. It provides a unified solution for managing user profiles and all […]
CVE-2023-7028: A Critical Vulnerability Affecting GitLab
GitLab is a web-based DevOps lifecycle solution developed by GitLab Inc. that provides unparalleled visibility and productivity throughout the whole […]
CVE-2023-50164: Apache Struts Path Traversal Vulnerability
Threat actors began attempting to exploit CVE-2023-50164, a critical-severity remote code execution (RCE) vulnerability affecting Apache Struts, an open-source framework […]