Advisories
Critical Vulnerability in CheckPoint Quantum (CVE-2024-24919)
On May 27th, the Check Point Research Division reported a vulnerability in certain Check Point Quantum Security Gateway devices. The vulnerability is being tracked as CVE-2024-24919, which provides a remote attacker the ability to access protected information on an affected device without credentials.
May 29, 2024 - 2 Min Read
Critical Vulnerability In Veeam Service Provider Console (VSPC) (CVE-2024-29212)
On May 7th, Veeam Software reported a critical vulnerability they found during internal testing of their Veeam Service Provider Console (VSPC) product. The vulnerability allows a remote attacker with low level access credentials the ability to carry out arbitrary remote code execution (RCE) on a victim machine.
May 9, 2024 - 2 Min Read
Sophisticated Attacks Against Cisco ASA and FTD software Leveraging Multiple Vulnerabilities (CVE-2024-20353, CVE-2024-20358, and CVE-2024-20359)
On April 24th, Cisco reported on an attack campaign against certain Cisco devices running Cisco Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) Software. The report detailed three vulnerabilities: CVE-2024-20353, CVE-2024-20358, and CVE-2024-20359.
Apr 25, 2024 - 5 Min Read
Critical Command Injection Vulnerability In Palo Alto Network Global Protect (CVE-2024-3400)
On April 12, 2024, Palo Alto Networks disclosed a critical command injection vulnerability identified as CVE-2024-3400, impacting certain configurations of its PAN-OS software. This vulnerability allows unauthenticated attackers to execute arbitrary commands with root privileges.
Apr 13, 2024 - 3 Min Read
JetBrains TeamCity Critical Vulnerability (CVE-2024-27198 and CVE-2024-27199)
On March 4th, 2024, software development company JetBrains disclosed two critical vulnerabilities (CVE-2024-27198 and CVE-2024-27199) in their Continuous Integration / Continuous Deliver (CI/CD) product, TeamCity.
Mar 8, 2024 - 1 Min Read
Severe ConnectWise ScreenConnect Vulnerability (CVE-2024-1709 & CVE-2024-1708)
On February 19th, 2024, ConnectWise published a security bulletin reporting two impactful vulnerabilities in their product ConnectWise. One of these vulnerabilities is particularly severe, with a critical rating of 10.0 on the CVSS scale, indicating the highest level of risk when successfully exploited.
Feb 20, 2024 - 2 Min Read
Microsoft Outlook Critical Vulnerability Under Active Exploitation (CVE-2024-21410)
On February 13th, 2024, Microsoft addressed several vulnerabilities as part of its monthly Patch Tuesday. One of those vulnerabilities was in Microsoft Exchange Server and was reported as critical because the attack vector is 1) remote, 2) unauthenticated, and 3) low complexity.
Feb 14, 2024 - 2 Min Read
Ivanti Critical Vulnerabilities Under Active Exploitation (CVE-2023-46805, CVE-2024-21887)
On January 10th, 2024, Ivanti published a vulnerability report for two products: Ivanti Connect Secure and Ivanti Policy Secure Gateways. The two vulnerabilities (CVE-2023-46805, CVE-2024-21887) are reported to be under active exploitation at this time, according to joint reporting from Volexity who discovered the attacks.
Jan 24, 2024 - 1 Min Read