Security Advisory: Citrix ADC and Gateway Authentication Bypass (Nov 2022)
Citrix has announced multiple vulnerabilities in their ADS and Gateway products that require patching to mitigate. Learn what to do in this article.
Fortinet Authentication Bypass Vulnerabilities
Duplicate this article and then edit it to create easy to complete Blog articles.
Morgan Stanley Data Breach – Lessons to be Learned
The Morgan Stanley data breach of 2022 where surplus equipment was sent to a 3rd party for data destruction but ended up on eBay is a lesson’s learned treasure trove. From Data Retention and Destruction process failures to contract failures to 3rd party risk management failures, there are plenty of improvement opportunities for SMBs and MSPs to learn from here. This article highlights how you can improve your cybersecurity program from the failures of this breach.
Security Advisory: Critical Patches in Adobe and Microsoft Products
CyberHoot Vulnerability Alert Management Process (VAMP) Rating: Critical/Red July 19th, 2022: CyberHoot has learned of multiple Microsoft and Adobe vulnerabilities that can allow for Remote Code Execution (RCE) on your devices that …
Security Advisory: Adobe Vulnerabilities Allow Code Execution
CyberHoot Vulnerability Alert Management Process Rating (VAMP): Critical/Red June 15th, 2022: CyberHoot has learned of multiple Adobe Product vulnerabilities, where the most severe of which could allow for arbitrary code …
Security Advisory: Android UNISOC Chip Vulnerability
CyberHoot Vulnerability Alert Management Process Rating (VAMP): Critical/Red June 7th, 2022: CyberHoot has learned of multiple critical Android vulnerabilities, affecting millions of Android smartphones, that have been patched today. Critical …
Security Advisory: Microsoft Office ‘Follina’ Vulnerability
CyberHoot Vulnerability Alert Management Process Rating (VAMP): Critical/Red May 31st, 2022: CyberHoot has learned of a Remote Code Execution (RCE) bug that can be exploited in Microsoft Office files. Security researcher …
Security Advisory: Chrome Vulnerabilities Allow Code Execution
CyberHoot Vulnerability Alert Management Process Rating (VAMP): Critical/Red May 25th, 2022: CyberHoot has learned of multiple Google Chrome Web Browser vulnerabilities that could allow for arbitrary code execution. Successful exploitation of …
Security Advisory: VMware Vulnerabilities Gives System Control to Hackers
CyberHoot Vulnerability Alert Management Process Rating (VAMP): Critical/Red May 19th, 2022: CyberHoot has learned of a number of VMware software vulnerabilities tracked as CVE-2022-22954 (Base score: 9.8/10) and CVE-2022-22960 (Base score: …
Security Advisory: SonicWall Authentication Vulnerability
May 16th, 2022: CyberHoot has investigated a SonicWall advisory warning of a trio of security flaws in its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability. …
Security Advisory: Critical Cryptographic Java Vulnerability
April 22nd, 2022: CyberHoot has investigated a Java Product vulnerability tracked as CVE-2022-21449 that allows accounts to be remotely exploitable without authentication. In other words, this vulnerability can be exploited …
Security Advisory: Okta Breached
March 22nd, 2022: CyberHoot is investigating a potential breach at Okta, developers of a cloud-based identity and access management solution used by thousands of companies world-wide. Okta is currently investigating, …
Security Advisory: PHP Security Flaw
February 18th, 2022: If you’re using PHP in your network, check that you’re using the latest versions, currently 7.4.28 or 8.1.3. Released yesterday [2022-02-17], this version fixes various memory mismanagement …
Security Advisory: Elementor WordPress Plugin
February 2nd, 2022: CyberHoot has investigated a WordPress vulnerability tracked as CVE-2022-0320, whereby a security flaw can lead to data leakage and more importantly remote code execution. The security gap …
Security Advisory: Critical Linux Vulnerability
January 27th, 2022: CyberHoot has investigated a Linux vulnerability tracked as CVE-2021-4034 that is part of most Linux distributions, leads to escalation of privileges up to root, and is trivial …
MalSmoke Attack: Atera RMM Tool At Risk
January 7th, 2022: CyberHoot has investigated a new form of malware known as Malsmoke. This malware is taking advantage of a vulnerability in the way Microsoft digitally signs a specific …
Advisory: Wormable Windows HTTP Bug
January 12th, 2022: Today Microsoft sent a notification of a critical risk to those who use Windows devices. The critical bug is CVE-2022-21907, also known as HTTP Protocol Stack Remote …
Vulnerability Advisory: Apache Log Binary (Log4J)
Dec 22nd 2022: UPDATES to Log4j, Log4Shell vulnerability details CISA has just released a new advisory: https://www.cisa.gov/uscert/ncas/alerts/aa21-356a I cannot remember, in a 25+ year cybersecurity career, having to deal with …
Cybersecurity Advisory – Urgent iOS Update
October 13th, 2021: CyberHoot received notification of a Zero-Day Vulnerability on Apple’s iPhone and iPad very latest iOS version 15 which shipped pre-installed on the latest iPhones released in Oct. …
Apple ‘FORCEDENTRY’ Zero-Day – Patch Now!
The Citizen Lab, a Canadian privacy and cybersecurity activist group, announced a zero-day security hole in Apple’s iPhone, iPad, and Mac operating systems. The lab gave the attack the nickname …
Apple Zero-Day Patch for Macs & iPhones
An anonymous Apple researcher found a security flaw in Macs and iPhones that hackers are actively exploiting. The vulnerability goes by CVE-2021-30807, with the researcher stating: “An application may be …
