Don’t Hold Down The Ctrl Key – New Warning As Cyber Attacks Confirmed

Just as security professionals will tell you that layered defensive strategies are the best when it comes to staving off successful attacks, so attackers will often look to precisely the same when executing their cyber attacks. Two-step phishing attacks have, Read More …

Ivanti Releases Security Updates for Multiple Products

Ivanti has released the following three security advisories addressing vulnerabilities in multiple products. Security Advisory Ivanti Avalanche (Multiple CVEs) – Q4 2024 Release Ivanti Avalanche is a mobile device management solution and is used to remotely manage, deploy software, and Read More …

Microsoft Releases November 2024 Security Updates

Microsoft has released security updates to address 89 vulnerabilities in Microsoft products. The security updates include four critical vulnerabilities, two vulnerabilities that are under zero-day exploitation, and four vulnerabilities that are publicly disclosed. Vulnerability details CVE-2024-43451 – NTLM Hash Disclosure Read More …

Fortinet Releases Multiple Security Advisories

Fortinet has released 18 security advisories to address a range of security vulnerabilities in multiple products. Three of the advisories address two high severity vulnerabilities in FortiClient for Windows and one high severity vulnerability in FortiOS affecting SSLVPN sessions. FortiClient Read More …

FBI: 2023 Top Routinely Exploited Vulnerabilities

In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a Read More …

Amazon Confirms Employee Data Was Exposed Through MOVEit Breach

In a significant development that underscores the lasting impact of 2023’s MOVEit vulnerability, Amazon has confirmed that employee data was compromised through a third-party property management vendor. The breach, revealed by a threat actor known as “Nam3L3ss,” exposes the continuing Read More …

New Google Chrome Warning As ‘No 0-Day’ Drive-By Cyber Attack Confirmed

The cost of zero-day exploits has always been high, especially if they allow an attacker to remotely execute code on a host machine. But why pay hundreds of thousands of dollars for an 0-day when a relatively simple drive-by attack Read More …

Critical CyberPanel Vulnerability (CVE-2024-51378): How to Stay Protected

The SonicWall Capture Labs threat research team became aware of CVE-2024-51378, assessed its impact and developed mitigation measures for the vulnerability. CVE-2024-51378 is a critical vulnerability with a CVSS score of 9.8 in CyberPanel versions 2.3.6 and 2.3.7 that allows Read More …

Cisco Releases Security Advisories for Multiple Products

Cisco has released 15 security advisories addressing multiple vulnerabilities, including one critical and two high severity vulnerabilities affecting various products. The critical vulnerability affects Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point, a software that uses wireless Read More …

Update your Android: Google patches two zero-day vulnerabilities

Google has announced patches for several high severity vulnerabilities. In total, 51 vulnerabilities have been patched in November’s updates, two of which are under limited, active exploitation by cybercriminals. If your Android phone shows patch level 2024-11-05 or later then Read More …