Types of Cyberattack, Specific Risks and How to Mitigate those Risks
Please note that the list of cyberattack types is distributed by the Canadian Centre for Cyber Security and the means to mitigate is provided by third parties. This information is not meant to be exhaustive and Skyway West is not responsible for omissions or mistakes.
What is the HTTP Vulnerability, what is the risk and how can you mitigate that risk?
What is it? HyperText Transfer Protocol (HTTP) is the protocol used to transfer web pages. It is the “language” that an HTTP Server speaks and a Web Browser understands. HTTP does not include any security measures. HyperText Transfer Protocol Secure (HTTPS) is exactly the same protocol, but with security added. All communications between the server and the ...What is the Basic Access Authentication Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Basic Access Authentication is used by web browsers to allow users to login using HTTP (HyperText Transfer Protocol) with a username and password. This is done by combining username and password separated by a colon and then encoding the result in base 64 (printable characters). By default, the username and password are not encrypted. The ...What is the Exposed CWMP Vulnerability, what is the risk and how can you mitigate that risk?
What is it? CPE WAN Management Protocol (CWMP, also known as TR-069) allows a remote computer to manage broadband routers, VoIP phones, etc. If Universal Plug and Play (UPnP) is supported and configured, CWMP can be used to manage devices inside the local area network. By default, CWMP uses ports 7547-7550. A Man in The Middle (MiTM) ...What is the Microsoft Office SharePoint Service authorized user Vulnerability, what is the risk and how can you mitigate that risk?
What is it? A bug in Microsoft Office SharePoint Service (2016, 2019 and Subscription) allows an authorized attacker to execute code over a network. Why is it a risk? Although authorized users are generally more trusted than the the population at large, they should not be allowed to execute arbirary code on your server. https://cve.org rates the severity of this ...What is the Plex Media Server Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Plex Media Server is a media streaming platform similar to NetFlix or Jellyfin. Plex has a “bug bounty” system that rewards people who report vulnerabilities in their software. Versions 1.41.7.x through 1.42.0.x are affected by an unspecified security vulnerability reported via the bug bounty system. Why is it a risk? According to CVEdetails.com (link below), there is ...What is the Gladinet CentreStack Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Gladinet CentreStack is a file sharing service that does not rely on a traditional VPN (Virtual Private Network). YA version of Gladinet CentreStack that uses a hard-coded key stored in the IIS web.config file. You can learn more about the threat at the CISA (Cybersecurity & Infrastructure Security Agency) link below. Why is it a risk? The ...What is the Microsoft Sharepoint (Subscription Edition) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Microsoft Sharepoint (Subscription Edition) servers are vulnerable to attackers gaining access to, reading and writing critical data on your server installation. Why is it a risk? Using this vulnerability, an attacker can execute arbitrary code on your server from a remote location. This is considered a CRITICAL vulnerability. How can you mitigate the risk? Follow the directions provided ...What is the Fortinet Node.js websocket module Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Fortinet offers virtual private network (SSL VPN) and firewall products as part of FortiOS and FortiProxy. Why is it a risk? An attacker gain super-admin privileges via crafted requests to Node.js websocket module. More details about the threat may be available from the NIST link below. This is considered a CRITICAL problem of VERY HIGH risk. How ...What is the Zimbra RCE flaw Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Zimbra is an email server/client suite that integrates web and email clients and calendars. A vulnerablity has been found that allows specially crafted emails that contain server commands in the CC: field. The Bleeping Computer article “Critical Zimbra RCE flaw exploited to backdoor servers using emails,” linked below, provides details about how the vulnerability ...What is the SharePoint Enterprise Server Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Microsoft Sharepoint (Enterprise, 2019 and 2016) servers are being actively attacked (as of 2025-07-19). Why is it a risk? Using this vulnerability, an attacker can execute arbitrary code on your server from a remote location. This is considered a HIGH risk vulnerability. How can you mitigate the risk? Update your Sharepoint installation using the directions provided in the ...What is the SolarWinds Serv-U Managed File Transfer over HTTP Vulnerability, what is the risk and how can you mitigate that risk?
What is it? SolarWinds Serv-U provides Managed File Transfer over HTTP. Versions 15.4.2 HF 1 and earlier contain a programming error that makes the network vulnerable to “directory traversal” attacks. Why is it a risk? Directory traversal (aka “path traversal”) vulnerabilities allow attackers to access directories and files outside the server’s root directory. How can you mitigate the risk? SolarWinds ...What is the N-central (from N-able) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? N-central (from N-able) is commonly used by managed services providers (MSPs) and IT departments to monitor, manage, and maintain client networks and devices from a centralized web-based console. There are two simultaneous threats: – The first allows authenticated users to execute arbitrary commands – The second allows them to inject comman ds using the first weakness The ...