Collaborate Disseminate
A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited. The US Cybersec… Continue reading NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)
Sydney, Australia, 19th March 2025, CyberNewsWire Continue reading Knocknoc Raises Seed Funding to Scale Its Just-In-Time Network Access Control Technology
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has published a guidance document titled Choosing Secure and Verifiable Technologies, compiled to assist organizations in making informed decisions when procuring softwa… Continue reading How to choose secure, verifiable technologies?
Veeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC), one of which (CVE-2024-42448) may allow remote attackers to achieve code exection on the VSPC server machine. The vulnerabilities Veeam Service Provider Console is a cloud-en… Continue reading Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449)
Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. About CVE-2024-47575 CVE-2024-47575 is a vulnerability stemming from missing authentication for a crit… Continue reading Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)
Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remotely read and modify all help desk ticket details, are… Continue reading PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)
There are approximately 163 devices worldwide that are still exposed to attack via the CVE-2024-39717 vulnerability. Continue reading Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs
Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentials… Continue reading Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out… Continue reading Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been unabl… Continue reading Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)