Types of Cyberattack, Specific Risks and How to Mitigate those Risks
Please note that the list of cyberattack types is distributed by the Canadian Centre for Cyber Security and the means to mitigate is provided by third parties. This information is not meant to be exhaustive and Skyway West is not responsible for omissions or mistakes.
What is the Microsoft Office SharePoint Service authorized user Vulnerability, what is the risk and how can you mitigate that risk?
What is it? A bug in Microsoft Office SharePoint Service (2016, 2019 and Subscription) allows an authorized attacker to execute code over a network. Why is it a risk? Although authorized users are generally more trusted than the the population at large, they should not be allowed to execute arbirary code on your server. https://cve.org rates the severity of this ...What is the Plex Media Server Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Plex Media Server is a media streaming platform similar to NetFlix or Jellyfin. Plex has a “bug bounty” system that rewards people who report vulnerabilities in their software. Versions 1.41.7.x through 1.42.0.x are affected by an unspecified security vulnerability reported via the bug bounty system. Why is it a risk? According to CVEdetails.com (link below), there is ...What is the Gladinet CentreStack Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Gladinet CentreStack is a file sharing service that does not rely on a traditional VPN (Virtual Private Network). YA version of Gladinet CentreStack that uses a hard-coded key stored in the IIS web.config file. You can learn more about the threat at the CISA (Cybersecurity & Infrastructure Security Agency) link below. Why is it a risk? The ...What is the Microsoft Sharepoint (Subscription Edition) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Microsoft Sharepoint (Subscription Edition) servers are vulnerable to attackers gaining access to, reading and writing critical data on your server installation. Why is it a risk? Using this vulnerability, an attacker can execute arbitrary code on your server from a remote location. This is considered a CRITICAL vulnerability. How can you mitigate the risk? Follow the directions provided ...What is the Fortinet Node.js websocket module Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Fortinet offers virtual private network (SSL VPN) and firewall products as part of FortiOS and FortiProxy. Why is it a risk? An attacker gain super-admin privileges via crafted requests to Node.js websocket module. More details about the threat may be available from the NIST link below. This is considered a CRITICAL problem of VERY HIGH risk. How ...What is the Zimbra RCE flaw Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Zimbra is an email server/client suite that integrates web and email clients and calendars. A vulnerablity has been found that allows specially crafted emails that contain server commands in the CC: field. The Bleeping Computer article “Critical Zimbra RCE flaw exploited to backdoor servers using emails,” linked below, provides details about how the vulnerability ...What is the SharePoint Enterprise Server Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Microsoft Sharepoint (Enterprise, 2019 and 2016) servers are being actively attacked (as of 2025-07-19). Why is it a risk? Using this vulnerability, an attacker can execute arbitrary code on your server from a remote location. This is considered a HIGH risk vulnerability. How can you mitigate the risk? Update your Sharepoint installation using the directions provided in the ...What is the SolarWinds Serv-U Managed File Transfer over HTTP Vulnerability, what is the risk and how can you mitigate that risk?
What is it? SolarWinds Serv-U provides Managed File Transfer over HTTP. Versions 15.4.2 HF 1 and earlier contain a programming error that makes the network vulnerable to “directory traversal” attacks. Why is it a risk? Directory traversal (aka “path traversal”) vulnerabilities allow attackers to access directories and files outside the server’s root directory. How can you mitigate the risk? SolarWinds ...What is the N-central (from N-able) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? N-central (from N-able) is commonly used by managed services providers (MSPs) and IT departments to monitor, manage, and maintain client networks and devices from a centralized web-based console. There are two simultaneous threats: – The first allows authenticated users to execute arbitrary commands – The second allows them to inject comman ds using the first weakness The ...What is the Cisco Open Secure Shell (Open SSH) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Cisco sells a wide variety of network products for voice-over-IP, routing, switching, network management, network security, video streaming and wireless services. Many of these products use Open Secure Shell (Open SSH) for network security. A vulnerability in the Open SSH software was detected by Qualys Security. The link below provides detailed information about the vulnerability. Why ...What is the Palo Alto networks PAN-OS GlobalProtect Vulnerability, what is the risk and how can you mitigate that risk?
What is it? GlobalProtect, a feature of the Palo Alto networks PAN-OS, allows remote users to access local and Internet resources. A weakness in the software allows an attacker to create arbitrary files and inject arbitrary commands. This issue is applicable to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or ...What is the ConnectWise ScreenConnect Vulnerability, what is the risk and how can you mitigate that risk?
What is it? ConnectWise ScreenConnect provides remote support (remote control) to help you support your staff. Remote Control software is naturally an attractive target for cyber attackers. ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass, using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. CyberSecurity ...