Cybersecurity Blog

Warning: Zyxel Vulnerability Poses Serious Risk to Network Security

Your Business Solutions (YBS) is issuing a security alert regarding a critical Zyxel vulnerability that could significantly impact network security. This improper privilege management vulnerability, identified as CVE-2024-12398 with a CVSS score of 8.8, affects the web management interface of specific Zyxel firmware versions: WBE530 (up to 7.00(ACLE.3)) and WBE660S (up to 6.70(ACGG.2)).
Understanding the Risk
This vulnerability enables an authenticated user with limited privileges to escalate their access to administrator-level privileges.

Important Security Alert: Ivanti Vulnerabilities and Immediate Actions Required

At Your Business Solutions, your security is our top priority. We want to alert you to two critical Ivanti vulnerabilities recently discovered in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. These vulnerabilities, if left unaddressed, allow remote, unauthenticated attackers to exploit affected devices, leading to potential remote code execution, unauthorized data access, and full network compromise.

Fortinet FortiWLM Vulnerability (CVE-2023-34990): What You Need to Know to Protect Your Business

Cybersecurity threats are escalating, and the recently identified Fortinet FortiWLM vulnerability (CVE-2023-34990) is a stark reminder of the importance of staying vigilant. This critical vulnerability, which carries a CVSS score of 9.6, affects Fortinet's Wireless LAN Manager (FortiWLM) systems and demands immediate action to protect your business.

Critical Advisory: Cleo Software Security Vulnerability and Recommended Mitigations

Your Business Solutions is issuing a warning about a critical Cleo software security vulnerability (CVE-2024-50623) that impacts the following products:

Cleo Harmony® (versions prior to 5.8.0.23)
Cleo VLTrader® (versions prior to 5.8.0.23)
Cleo LexiCom® (versions prior to 5.8.0.23)

While Cleo has released a patch for this issue, the patch is currently incomplete and may allow attackers to bypass it.