Supply Chain Attack on 3CX: digital attack on popular enterprise VoIP software. (CVE-2023-29059)
On March 30, Cybersecurity firm CrowdStrike said it had observed a digital attack on users of the software package 3CX. This attack is also called […]
On March 30, Cybersecurity firm CrowdStrike said it had observed a digital attack on users of the software package 3CX. This attack is also called […]
Update January 2, 2023 Microsoft has released Nov. 8, 2022 security updates for Exchange Server 2013, 2016 and 2019. These protect against CVE-2022-41040 and CVE-2022-41082.
Citrix Applicaton Delivery Controller, or ADC (formerly NetScaler ADC) is a solution for application delivery and load balancing. It is used to facilitate applications within enterprise environments. Citrix Gateway is an on-premise solution that facilitates remote access and provides access to apps and resources.
NFIR Threat Intelligence Report on critical vulnerability in Citrix Read More »
On Oct. 18/19, 2022, a blog published by GHSL1 researcher Alvaro Muñoz (@pwntester) found vulnerabilities in Apache Commons Text. A bug in the Apache Commons
New vulnerabilities in Apache Commons Text (CVE-2022-42889) – Text2Shell Read More »
On June 2 and 3, 2022, information was published about a vulnerability in Atlassian’s Confluence products that could allow attackers to gain full access to
NFIR Threat Intelligence Report on vulnerability in Confluence (CVE-2022-26134) Read More »
On May 9, 2022, additional information was published about a vulnerability in the iControl REST API of F5’s BIG-IP firewall products that could allow attackers
Threat Intelligence Report regarding BIG-IP F5 Firewall vulnerability (CVE-2022-1388) Read More »
On Tuesday, April 25, 2022, the Dutch National Cyber Security Center (NCSC) published a security advisory in response to published security patches for WSO2 products.
Threat Intelligence Report regarding WSO2 vulnerability (CVE-2022-29464) Read More »
On Tuesday, April 12, 2022, Microsoft published patches for several vulnerabilities.The specific vulnerabilities for which this Threat Intelligence Report is written are thevulnerabilities (CVE-2022-26809/ CVE-2022-24491)
The Spring Core Framework vulnerability (CVE-2022-22965) allows attackers to execute unauthorized code and gain access to systems without required authentication.
In recent days, many organizations have asked for our help in making the right decisions around applications in response to the Spring4Shell vulnerability. More and
This Spring4Shell flow chart helps you make the right decisions Read More »