Malware exploits braille characters to breach Windows security flaws

The Windows operating system (OS) had a vulnerability that allowed people to hide a file’s true extension, which hackers were able to use and distribute files that looked like .PDF documents, but were in fact weaponized .HTA files. In the Read More …

New Windows Cyber Attacks Confirmed – CISA Says Update By September 3

Microsoft has released the monthly round of Patch Tuesday security updates, with fixes for a total of 90 vulnerabilities across the Windows ecosystem. Of these, the Microsoft Security Response Center warns that five Windows vulnerabilities have confirmed and active cyber Read More …

July Patch Tuesday Unleashes a Torrent of Updates

With the information security industry’s two largest conferences (Black Hat Briefings and Def Con) set to happen in less than a month, Microsoft pulled out all the stops and, for July, nearly tripled the number of patches they released in Read More …

High-Risk Path Traversal in SolarWinds Serv-U

The SonicWall Capture Labs threat research team became aware of a path traversal vulnerability in SolarWinds Serv-U, assessed its impact and developed mitigation measures. Serv-U server is a solution that provides a secure file transfer facility and control inside and Read More …

Progress Software Releases Critical Security Updates for MOVEit Transfer and MOVEit Gateway

Progress (formerly Ipswitch) has released a security update for two critical vulnerabilities found in the SFTP module of the MOVEit Transfer (CVE-2024-5806) and MOVEit Gateway (CVE-2024-5805) applications. MOVEit is a managed secure file transfer tool. The improper authentication vulnerability known Read More …

Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919)

The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is more severe than it initially appears. Read More …

The impact of legacy vulnerabilities in today’s cybersecurity landscape

Of the top five most widely used network attacks against SMBs, the ‘newest’ vulnerability represented were nearly three years old, while the oldest were over a decade old – which is primitive when considering the modern threat environment. The results Read More …

Confluence Data Center and Server Remote Code Execution Vulnerability

The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in the Atlassian Confluence Data Center and Server, assessed its impact and developed mitigation measures. Confluence Server is a software to manage documentation and knowledge Read More …