1. Home
  2. Cybersecurity Events

Take action on the latest cybersecurity events

Cybersecurity advisories and events as they happen, with a clear action you can take.

Microsoft fixes Azure CLI critical vulnerability that exposes credentials in logs
published: Nov. 14, 2023
Microsoft has resolved CVE-2023-36052, a critical Azure CLI vulnerability that exposed user credentials in GitHub Actions and Azure DevOps logs, urging users to update to Azure CLI version 2.53.1 or newer to mitigate the risk and adopt enhanced security practices.
Take action: If you are using Microsoft Azure CLI, make sure to upgrade to version 2.54 on all CI runners and all your developer machines to prevent any accidental logging of credentials to central logs where they can be accessed/read out and compromised.
Critical vulnerability in Johnson Controls Frick Quantum HD Unity refregiraton controller
published: Nov. 9, 2023
The FRICK Quantum HD Unity System Controller has a severe security vulnerability (CVE-2023-4804, CVSS3 score 10) that allows unauthorized debug access, impacting various versions of Johnson Controls devices which require firmware updates for mitigation.
Take action: If your Quantum HD Unity is exposed to the internet, lock it down to trusted internal networks only. Then follow the instructions to patch the system.
SysAid zero-day flaw exploited by Cl0p hacker gang
published: Nov. 9, 2023
A critical zero-day vulnerability (CVE-2023-47246) in SysAid IT support software exploited by Lace Tempest, an affiliate of the Cl0p ransomware group, has been discovered by Microsoft's Threat Intelligence team. The vulnerability enables unauthorized system access and arbitrary code execution. SysAid has released a patch and urged customers to update their systems while providing indicators of compromise to detect any suspicious activities.
Take action: If you are using SysAid IT support and management software download the patch and apply it ASAP. Such systems usually have an internet facing ticketing inteface which could be used as an attack vector. After patching, make a through review of the system for indicators of compromise. Be aggressive, don't wait for repeat of MOVEit.
Veeam reports critical flaws in Veeam ONE monitoring platform
published: Nov. 6, 2023
Veeam has issued an alert for critical vulnerabilities in its Veeam ONE monitoring platform, releasing hotfixes for two severe remote code execution risks and two less critical issues impacting all supported versions.
Take action: Check if your Veeam ONE is exposed to the internet. If it is, lock it down immediately to access only from trusted networks. Then start patching, it's not that big a deal. Don't delay, because an attacker may compromise it even if locked out from internet, by first attacking an employee's endpoint.
NAS vendor QNAP warns of critical vulnerabilities in QTS OS
published: Nov. 6, 2023
QNAP Systems addressed two critical security vulnerabilities (CVE-2023-23368 and CVE-2023-23369) in its NAS devices, providing updates to mitigate remote command execution risks and advising administrators to update their systems to protect against potential ransomware attacks.
Take action: If you are using QNAP devices, lock them from access to the public internet and patch as soon as possible
Devolutions reports critical flaw in Remote Desktop Manager
published: Nov. 4, 2023
A critical security flaw, CVE-2023-5765, in Remote Desktop Manager (RDM) could allow attackers to execute arbitrary code via malformed TCP packets, affecting all versions before 2023.2.34 and prompting urgent updates.
Take action: If you are using Devolutions Remote Desktop Manager, update your RDM to the newest release ASAP. In the meantime, lock down the accessibility of RDM only from trusted IP addresses/networks.
Cisco Issues Critical Advisory on Firepower Management Center
published: Nov. 3, 2023
A severe vulnerability with a CVSS score of 9.9, designated as CVE-2023-20048, has been identified in Cisco's FMC Software, allowing attackers with valid credentials to execute unauthorized commands on managed Cisco Firepower Threat Defense devices due to insufficient validation of user permissions.
Take action: The high CVSS score is weird because the vulnerability requires an authenticated user. It seems the issue is real but Cisco won't tell us all until a sufficient number of FMC software is patched. Limit your FMC access only from trusted networks, then plan for a quick patch.
Weintek EasyBuilder Pro reports critical vulnerability
published: Nov. 2, 2023
Weintek's EasyBuilder Pro software, used for creating HMI GUIs, is critically vulnerable (CVE-2023-5777, CVSS 9.8) due to hard-coded credentials that could allow unauthorized remote access. Updates are available to address the issue.
Take action: If you are using Weintek EasyBuilder Pro, it's good to be aware of this vulnerability. No need to rush for immediate patch since the issue is connected to a crash report. First make sure you EasyBuilder Pro is isolated from internet access, used only from secure access. Then plan a systematic patch.
INEA reports critical vulnerability in ME RTU device
published: Oct. 31, 2023
Slovenian industrial informatics company INEA identified a critical vulnerability (CVE-2023-35762, CVSS v3 score 9.9) in their ME RTU firmware versions up to 3.36b, allowing potential unauthorized remote code execution and improper "root" account authentication. The users are urged to update to version 3.37, with key sectors impacted including Energy, Water/Wastewater Treatment, and Transportation.
Take action: If you are using INEA ME RTU, make sure it's in an isolated network, not accessible from the internet. Then start updating firmware in a systematic process.
Another critical Confluence vulnerability - patch ASAP
published: Oct. 31, 2023
Atlassian urgently warns of a critical flaw (CVE-2023-22518) in its on-premise Confluence products, which can lead to significant data loss, urging upgrades to specific versions or the latest possible version.
Take action: If you are still running Confluence Server or Datacenter, lock it from the Internet and patch immediately. And start considering shutting it down in the medium term, since Atlassian stops support for the server version of Confluence on February 14th, 2024.