Most Recent

• Security Alert: Critical Vulnerability in Windows IPv6 August 16, 2024
  A critical security vulnerability has been discovered in the Windows TCP/IP stack, which is expected to be rapidly exploited. This vulnerability affects all known Windows Operating Systems with IPv6 enabled. The attack is relatively simple and can cause a system crash or, in the worst case, allow an attacker to take control of the system […]
• Critical Security Vulnerability in ConnectWise ScreenConnect February 27, 2024
  On February 19th, ConnectWise issued a critical advisory disclosing two significant vulnerabilities (CVE-2024-1709 and CVE-2024-1708) present in all versions of on-premises ScreenConnect software prior to version 23.9.8. The severity of CVE-2024-1709, with its perfect CVSS score of 10 out of 10, underscores the gravity of the situation, necessitating immediate action to mitigate potential exploitation by […]
• Critical Security Vulnerability in Fortinet SSL VPN February 9, 2024
  In recent days, a critical security flaw has been unearthed in Fortinet SSL VPN, an integral component of Fortinet Firewall devices. This vulnerability has sent shockwaves through the cybersecurity community as it exposes systems to the risk of remote code execution by unauthenticated attackers.
• Security Alert: Phishing Attacks via QR Code June 27, 2023
  There's recently been an uptick in targeted phishing attacks attempting to steal Microsoft 365 credentials via a unique method - QR codes. We have now seen several organizations receive a version of the message copied below, which impersonates Microsoft 365 using fear-based language and encourages users to scan a QR code with their smartphone camera […]
• Service Alert: Windows Defender deletes taskbar & desktop shortcuts January 13, 2023
  As you may have seen in the news, this morning a bugged Windows Defender update deleted app shortcuts from some users’ desktops and task bars. Only the shortcuts are deleted: your data and applications are safe. Microsoft has now fixed this issue, but many users are still missing quick access to common apps and tools.
• Security Alert: FortiOS devices under active exploit December 12, 2022
  Fortinet has just announced that firewall devices running versions of its FortiOS operating system are under active exploit: CVE-2022-42475 allows an unauthenticated attacker to remotely access admin controls from outside the network, posing a serious security threat to unpatched devices.
• Security Alert: Critical vulnerability in select Fortinet products October 7, 2022
  Fortinet has recently announced a severe vulnerability in certain firewalls and web proxies: CVE-2022-40684 allows an unauthenticated attacker to remotely access admin controls from outside the network, posing a serious security threat to unpatched devices.
• Security Alert: Phishing vulnerability 'Follina' in Office files May 31, 2022
  A newly-discovered malicious exploit for Microsoft Office files has made headlines over the weekend: the “Follina” MSDT attack uses programs like Microsoft Word to execute malicious code when a prepared file is accessed, allowing an attacker significant access to a device, where they can then deploy further exploits and do even greater damage.
• Security Alert: Critical Log4j Vulnerability December 14, 2021
  Update 12.22.21. This vulnerability continues to pose a major risk for many organizations. Due to the nature of this exploit, your greatest risk likely comes through any vendor that provides software to your organization. If you have not already discussed this vulnerability with each of your vendors and confirmed that their patches are up to […]
• Security Alert: Phishing Risks from Threat Actor Nobelium Remain High October 25, 2021
  You may have heard about the recent cyberattack activity from Russian actor Nobelium, a nation-state group that was responsible for the SolarWinds breach of 2020. Experts in the cybersecurity industry expect these attacks to continue, so awareness and diligence in preventing phishing attacks and breaches is crucial – for both managed services providers like Mytech, […]