On June 30, 2024, CentOS 7 and CloudLinux 7 will reach End-of-Life (EOL) and will no longer be supported. After this date, servers with these operating systems will not receive critical security updates leaving them at greater risk from vulnerabilities and security threats. Our recommendation is to migrate to a new operating system as soon […]

Read More →

Last week, Lucee released new stable versions to address multiple security vulnerabilities affecting all previous software versions. The Lucee team advises updating to the latest stable release, version 5.4.3.2, immediately.  If you’re running an older version of Lucee, the following versions have backported stable releases:     • 5.3.9.173    • 5.3.8.237    • 5.3.7.59 The Lucee […]

Read More →

TLDR: Verify that the hotfix has been applied to your Sophos Firewall v18.5 MR3 (18.5.3) and older. Vulnerability Name: CVE-2022-1040 What does it do? An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code. What operating systems/software versions are affected? Sophos Firewall v18.5 MR3 (18.5.3) and older. Why […]

Read More →

TLDR: Verify that you’re running a secure Linux kernel version. Vulnerability Name: CVE-2022-0847 or “Dirty Pipe” What does it do? This flaw in the Linux Kernel can be easily exploited, giving a local user the ability to overwrite data in read-only files. What operating systems/software versions are affected? Linux Kernel 5.8 and later versions are affected, but it’s […]

Read More →

What is Ransomware? Ransomware is malicious encryption software used to take control over an organization’s data. After the data is encrypted, the attacker will demand payment in exchange for the decryption key, usually in the form of cryptocurrency. Why is it so difficult to prevent ransomware attacks? Ransomware is a highly-competitive industry and continually evolving […]

Read More →

TL;DR: If you’re using the plugin, Starter Templates on your WordPress site, make sure you’re using version 2.7.5 or higher. Vulnerability in the Starter Templates Plugin Last month, Wordfence disclosed a vulnerability in the plugin, Starter Templates allowing contributor-level WordPress users the capability of overwriting any page on the website. This vulnerability has been given […]

Read More →

On July 6th, Windows released a critical security patch for the known printer spooling exploit that security researchers call PrintNightmare. When exploited on a vulnerable system, “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” This exploit applies to all versions of Windows, and everyone […]

Read More →