Security – Page 89 – TheCyberThrone

CISA SCuBA Initiative for Microsoft 365 tenants

The Cybersecurity and Infrastructure Security Agency (CISA) has developed Secure Configuration Baselines (SCBs) to enhance the security and resilience of Microsoft 365 (M365) and Azure Active Directory (AAD) environments. These…

PravinKarthik December 21, 2024

CISA releases draft NCIRP

The U.S. Cybersecurity and Infrastructure Agency (CISA) has released a draft update to the National Cyber Incident Response Plan (NCIRP), addressing significant changes in policy and cyber operations since its…

PravinKarthik December 20, 2024

Sophos fixes Triple Critical Vulnerabilities in its Firewall

Sophos released patches for three critical security vulnerabilities in their widely-used network security tool, Sophos Firewall that posed significant risks, including remote code execution and privilege escalation. CVE-2024-12727: Pre-Authentication SQL…

PravinKarthik December 20, 2024

CISA adds BeyondTrust CVE-2024-12356 to its KEV Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12356: Command Injection Vulnerability in BeyondTrust PRA and RS Overview: CVE-2024-12356 is a…

PravinKarthik December 20, 2024

Fortinet fixes several vulnerabilities including CVE-2023-34990

Fortinet has released patches for vulnerabilities affecting its popular products, including FortiClient VPN, FortiManager, and FortiWLM. These flaws range from password exposure to remote code execution and unauthorized file access,…

PravinKarthik December 19, 2024

Microsoft Teams was leaveraged to spread DarkGate malware

A sophisticated cyberattack using DarkGate malware was discovered being distributed through a vishing (voice phishing) technique via Microsoft Teams. This method marked a significant evolution in the distribution of DarkGate,…

PravinKarthik December 19, 2024

CISA KEV Catalog Update Part V – December 2024

The US CISA has added the following vulnerabilities to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation CVE-2018-14933 CVE-2018-14933 with a CVSS score of 9.8 and…

PravinKarthik December 19, 2024

Apache Tomcat fixes CVE-2024-50379 and CVE-2024-54677

The Apache Software Foundation has released patches to mitigate two newly discovered vulnerabilities in Apache Tomcat, an extensively used open-source web server and servlet container. These vulnerabilities could potentially jeopardize…

PravinKarthik December 18, 2024