Follina in the Wild
Summary Microsoft published guidance for a vulnerability impacting the Microsoft Support Diagnostic Tool (MSDT). This vulnerability is also known as
Read more
Author: Chris Stewart
VMware Threats being Exploited in the Wild
Summary CISA issued a warning today that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and
Read more
Perimeter Security and Threat Model
Feature Article CISA recently posted an article regarding Cyber actors routinely exploiting poor security configurations (either misconfigured or left unsecured),
Read more
Sonicwall Unauthenticated Access Exploitation
We encourage all users of SonicWall appliances to review patch strategy and address this immediately. Edge appliances have been used
Read more
Risk Authentication failures from Patch Tuesday
CISA has issues bulletin where it is temporarily removing CVE-2022-26925 from its Known Exploited Vulnerability Catalog due to a risk of authentication
Read more
Patch Tuesday, May 2022
May 2022 Patch Tuesday update, including an important-rated zero-day bug that’s being actively exploited in the wild and several that
Read more
F5 Security Advisory CVE-2022-1388 Update
Summary F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to
Read more
Avaya Aruba Critical RCE
Security researchers have discovered five vulnerabilities in network equipment from Aruba (owned by HP) and Avaya (owned by ExtremeNetworks), that
Read more
Another Series of Critical CVE for QNAP
Three of the other bugs QNAP warned its customers about also received 9.8/10 severity ratings (i.e., CVE-2022-23125, CVE-2022-23122, CVE-2022-0194), all of them also
Read more
Atlassian Authentication Bypass
Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a
Read more