Types of Cyberattack, Specific Risks and How to Mitigate those Risks
Please note that the list of cyberattack types is distributed by the Canadian Centre for Cyber Security and the means to mitigate is provided by third parties. This information is not meant to be exhaustive and Skyway West is not responsible for omissions or mistakes.
What is the CentreStack and TrioFox file sharing Vulnerability (cve-2025-11371), what is the risk and how can you mitigate that risk?
What is it? Gladinet CentreStack and TrioFox are parts of a file sharing service that does not rely on a traditional VPN (Virtual Private Network). There is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. You can learn more about the threat at the Huntress link below. Why is it a risk? By accessing ...What is the Cisco Secure Firewall Vulnerability (cve-2025-20333, cve-2025-20362 and cve-2025-10363), what is the risk and how can you mitigate that risk?
What is it? Cisco provides VPN firewall software (Cisco Secure Firewall). Three components of this product: Adaptive Security Appliance (ASA), Firewall Management Center (FMC) and Firewall Threat Defence (FTD) contain a vulnerability that could allow an authenticated, remote attacker to execute arbitrary code on an affected server. Why is it a risk? This is a CRITICAL vulnerability. This vulnerability is currently ...What is the HTTP Vulnerability, what is the risk and how can you mitigate that risk?
What is it? HyperText Transfer Protocol (HTTP) is the protocol used to transfer web pages. It is the “language” that an HTTP Server speaks and a Web Browser understands. HTTP does not include any security measures. HyperText Transfer Protocol Secure (HTTPS) is exactly the same protocol, but with security added. All communications between the server and the ...What is the Basic Access Authentication Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Basic Access Authentication is used by web browsers to allow users to login using HTTP (HyperText Transfer Protocol) with a username and password. This is done by combining username and password separated by a colon and then encoding the result in base 64 (printable characters). By default, the username and password are not encrypted. The ...What is the Exposed CWMP Vulnerability, what is the risk and how can you mitigate that risk?
What is it? CPE WAN Management Protocol (CWMP, also known as TR-069) allows a remote computer to manage broadband routers, VoIP phones, etc. If Universal Plug and Play (UPnP) is supported and configured, CWMP can be used to manage devices inside the local area network. By default, CWMP uses ports 7547-7550. A Man in The Middle (MiTM) ...What is the Microsoft Office SharePoint Service authorized user Vulnerability, what is the risk and how can you mitigate that risk?
What is it? A bug in Microsoft Office SharePoint Service (2016, 2019 and Subscription) allows an authorized attacker to execute code over a network. Why is it a risk? Although authorized users are generally more trusted than the the population at large, they should not be allowed to execute arbirary code on your server. https://cve.org rates the severity of this ...What is the Plex Media Server Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Plex Media Server is a media streaming platform similar to NetFlix or Jellyfin. Plex has a “bug bounty” system that rewards people who report vulnerabilities in their software. Versions 1.41.7.x through 1.42.0.x are affected by an unspecified security vulnerability reported via the bug bounty system. Why is it a risk? According to CVEdetails.com (link below), there is ...What is the Gladinet CentreStack Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Gladinet CentreStack is a file sharing service that does not rely on a traditional VPN (Virtual Private Network). YA version of Gladinet CentreStack that uses a hard-coded key stored in the IIS web.config file. You can learn more about the threat at the CISA (Cybersecurity & Infrastructure Security Agency) link below. Why is it a risk? The ...What is the Microsoft Sharepoint (Subscription Edition) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Microsoft Sharepoint (Subscription Edition) servers are vulnerable to attackers gaining access to, reading and writing critical data on your server installation. Why is it a risk? Using this vulnerability, an attacker can execute arbitrary code on your server from a remote location. This is considered a CRITICAL vulnerability. How can you mitigate the risk? Follow the directions provided ...What is the Fortinet Node.js websocket module Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Fortinet offers virtual private network (SSL VPN) and firewall products as part of FortiOS and FortiProxy. Why is it a risk? An attacker gain super-admin privileges via crafted requests to Node.js websocket module. More details about the threat may be available from the NIST link below. This is considered a CRITICAL problem of VERY HIGH risk. How ...What is the Zimbra RCE flaw Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Zimbra is an email server/client suite that integrates web and email clients and calendars. A vulnerablity has been found that allows specially crafted emails that contain server commands in the CC: field. The Bleeping Computer article “Critical Zimbra RCE flaw exploited to backdoor servers using emails,” linked below, provides details about how the vulnerability ...What is the SharePoint Enterprise Server Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Microsoft Sharepoint (Enterprise, 2019 and 2016) servers are being actively attacked (as of 2025-07-19). Why is it a risk? Using this vulnerability, an attacker can execute arbitrary code on your server from a remote location. This is considered a HIGH risk vulnerability. How can you mitigate the risk? Update your Sharepoint installation using the directions provided in the ...