The cybersecurity landscape has recently been shaken by a significant vulnerability in Ivanti Endpoint Manager Mobile (EPMM), previously known as MobileIron Core. This authentication bypass vulnerability has had a notable impact, affecting 12 ministries in Norway and illustrating its potential for widespread damage.
We see an increasing demand for information on current CVEs, APTs, malware, etc.. The newsletter will be our way to satisfy this demand and focus on threats, which are relevant to our customers.
This is a vulnerability in Microsoft Edge (Chromium-based) that could allow an attacker to elevate their privileges on the affected system. The vulnerability has been assigned a high severity rating with a CVSS score of 8.3, indicating that it poses a significant risk.
CVE-2023-38831 identifies a file extension spoofing vulnerability in WinRAR, a popular Windows tool for compressing and decompressing files. This flaw allowed clever individuals to create ZIP or RAR files that appeared ordinary but were structured in a way that concealed malicious code.
CVE-2023-50164 is a critical vulnerability discovered in Apache Struts 2. This vulnerability is related to a path traversal flaw that allows a remote attacker to upload malicious files to vulnerable servers, potentially leading to Remote Code Execution (RCE) on the target server.
CVE-2023-7028 is a critical vulnerability in GitLab that allows unauthorized account takeovers through a password reset mechanism. It was assigned a CVSS score of 10.0, indicating the highest level of severity.