Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, July 13, 2024.
CISA Intrudes One of FCEB and remains Persisted for five months
The US CISA led red team exercise at one of federal agencies (unnamed) in 2023 revealed a string of security failings that exposed its most critical assets.
CISA calls this assessment as SILENTSHIELD, in which the red team picks an FCEB agency to probe and does so without prior notice, where it simulates the maneuvers of a long term hostile nation-state threat group…..
Citrix Security Advisory July 2024
Citrix has released a security advisory to address vulnerabilities discovered in their widely-used NetScaler products. The vulnerabilities, tracked as CVE-2024-6235 and CVE-2024-6236, could allow unauthorized access to sensitive information and even cause denial-of-service (DoS) attacks…….
ServiceNow Fixes Critical Vulnerabilities -CVE-2024-4879 and CVE-2024-5217
ServiceNow, has recently disclosed three critical security vulnerabilities that could have severe consequences for organizations worldwide.
These vulnerabilities, identified as CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178, affect various versions of the Now Platform, including Washington D.C., Vancouver, and Utah releases…….
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Node.Js Fixes Multiple Vulnerabilities -CVE-2024-27980
The Node.js Project has released a security update to address multiple vulnerabilities, including a high-severity flaw that could allow attackers to bypass security measures and execute arbitrary code.
The most severe vulnerability, CVE-2024-36138, is a bypass of an incomplete fix for a previous issue, CVE-2024-27980, dubbed the BatBadBut vulnerability. This flaw could allow attackers to inject and execute arbitrary commands on Windows systems, even when shell options are disabled. This vulnerability affects all active Node.js release lines (v18.x, v20.x, and v22.x) and poses a significant risk to Windows users……
Gitlab Fixes Critical Vulnerability -CVE-2024-6385
GitLab disclosed several critical vulnerabilities affecting various versions of their Community Edition (CE) and Enterprise Edition (EE) products. The most severe of these, CVE-2024-6385, carries a CVSS score of 9.6 and could allow an attacker to execute pipeline jobs as any user, potentially compromising sensitive data and systems…..
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
