Critical Remote Code Execution Vulnerability in Palo Alto Networks PAN
On November 8, 2024, Palo Alto Networks issued a security advisory concerning a potential remote code execution (RCE) vulnerability affecting […]
CVE-2024-9487: Critical Vulnerability Affecting GitHub Enterprise Server
Background The most recent GitHub Enterprise Server (GHES) security update fixes three recently found vulnerabilities, one of which is a […]
CVE-2023-36553: Command Injection Vulnerability in FortiSIEM
Fortinet, a major cybersecurity company, recently published an advisory regarding a critical vulnerability affecting its FortiSIEM Report Server. Background: The […]
DarkCasino: A New Emerging APT Threat Exploiting a WinRAR Flaw
NSFOCUS researchers examined the DarkCasino attack pattern, which exploited the WinRAR zero-day vulnerability identified as CVE-2023-38831. The financially motivated APT […]
Critical Vulnerability Patched in SAP Business One Product
SAP, a well-known commercial software provider, has disclosed three new vulnerabilities in its Security Patch Day release for November 2023. […]
North Korean Attacks Exploiting JetBrains TeamCity Vulnerability
More than 30,000 clients worldwide use JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server. Background: The program can be […]
Lazarus Exploits a Zoho ManageEngine Vulnerability to Distribute QuiteRAT and CollectionRAT
A recently fixed vulnerability (CVE-2022-47966) affecting Zoho ManageEngine ServiceDesk Plus has been used by Lazarus, a North Korean state-sponsored APT […]
Cuba Ransomware Group Targets Critical Systems by Using Veeam Vulnerability
Using a mix of outdated and modern techniques, the Cuba ransomware group has been seen launching attacks against American critical […]
Alert Advisory: Citrix ADC Gateway RCE – CVE-2023-3519
In this blog post, we will explore the details of Citrix ADC vulnerability, its potential consequences, and the importance of […]
Rise in ICS Vulnerabilities
Due to concerns about interoperability, high uptime requirements, and occasionally the age of devices, patching vulnerabilities in industrial contexts has […]
CVE-2023-23397 – Critical Outlook Vulnerability
On March 14th, 2023, Microsoft released patches for approximately 80 newly found security vulnerabilities. There were two zero-day attacks among […]
ManageEngine RCE Vulnerability (CVE-2022-47966)
A remote code execution vulnerability (CVE-2022-47966) impacting a number of Zoho ManageEngine on-premise products with SAML SSO enabled has been […]
Wi-Fi Security – Monitoring Hacking Attempts
Wired Ethernet is no longer the best option for many enterprises. The preferred network access technology for users and endpoints […]
CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and Digital Forensics
Microsoft issued CVE-2022-30190 regarding a vulnerability regarding the Microsoft Support Diagnostic Tool (MSDT). This exists when MSDT is called using […]
Log4j Critical RCE
The Log4j Vulnerability commonly known as Log4Shell zero day vulnerability was made public on December 9th 2021. This vulnerability is […]