Skip to main content

IT news and trends

Latest updates and hand-picked resources.

Cyber Threat Intelligence (13)


CVE-2023-7028 - Critical GitLab Vulnerability

CVE-2023-7028 is a critical vulnerability in GitLab that allows unauthorized account takeovers through a password reset mechanism. It was assigned a CVSS score of 10.0, indicating the highest level of severity.

Read More

CVE-2023-50164 - RCE Vulnerability Apache Struts2

CVE-2023-50164 is a critical vulnerability discovered in Apache Struts 2. This vulnerability is related to a path traversal flaw that allows a remote attacker to upload malicious files to vulnerable servers, potentially leading to Remote Code Execution (RCE) on the target server.

Read More

The LinkedIn Security Breach and the Intricacies of Data Scraping

The 2023 LinkedIn security breach, initially perceived as a significant threat, turned out to be less severe due to the inclusion of many fictitious email addresses. This incident, which involved the extraction of large data sets from LinkedIn, highlights the growing concern around data scraping practices by hackers.

Read More

CVE-2023-38831 & CVE-2023-40477 - WinRAR Zero-days

CVE-2023-38831 identifies a file extension spoofing vulnerability in WinRAR, a popular Windows tool for compressing and decompressing files. This flaw allowed clever individuals to create ZIP or RAR files that appeared ordinary but were structured in a way that concealed malicious code.

    Read More

    CVE-2023-36741 – Microsoft Edge bug

    This is a vulnerability in Microsoft Edge (Chromium-based) that could allow an attacker to elevate their privileges on the affected system. The vulnerability has been assigned a high severity rating with a CVSS score of 8.3, indicating that it poses a significant risk.

    Read More

    Cyber Briefing 08/2023

    We see an increasing demand for information on current CVEs, APTs, malware, etc.. The newsletter will be our way to satisfy this demand and focus on threats, which are relevant to our customers.

    Read More

    CVE-2023-35078 - Ivanti zero-day

    The cybersecurity landscape has recently been shaken by a significant vulnerability in Ivanti Endpoint Manager Mobile (EPMM), previously known as MobileIron Core. This authentication bypass vulnerability has had a notable impact, affecting 12 ministries in Norway and illustrating its potential for widespread damage.

    Read More