Types of Cyberattack, Specific Risks and How to Mitigate those Risks
Please note that the list of cyberattack types is distributed by the Canadian Centre for Cyber Security and the means to mitigate is provided by third parties. This information is not meant to be exhaustive and Skyway West is not responsible for omissions or mistakes.
What is the Cisco Open Secure Shell (Open SSH) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Cisco sells a wide variety of network products for voice-over-IP, routing, switching, network management, network security, video streaming and wireless services. Many of these products use Open Secure Shell (Open SSH) for network security. A vulnerability in the Open SSH software was detected by Qualys Security. The link below provides detailed information about the vulnerability. Why ...What is the Palo Alto networks PAN-OS GlobalProtect Vulnerability, what is the risk and how can you mitigate that risk?
What is it? GlobalProtect, a feature of the Palo Alto networks PAN-OS, allows remote users to access local and Internet resources. A weakness in the software allows an attacker to create arbitrary files and inject arbitrary commands. This issue is applicable to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or ...What is the ConnectWise ScreenConnect Vulnerability, what is the risk and how can you mitigate that risk?
What is it? ConnectWise ScreenConnect provides remote support (remote control) to help you support your staff. Remote Control software is naturally an attractive target for cyber attackers. ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass, using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. CyberSecurity ...What is the SSH “Terrapin Attack” Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Secure Shell (SSH) allows commands to be sent securely to computers remotely across unsecure networks (like the Internet). Certain versions of SSH allow an attacker with the ability to intercept SSH traffic, downgrade connection security and force the usage of less secure client authentication algorithms. This vulnerability is called the “Terrapin Attack”. The link below ...What is the Fortinet (cve-2022-42475) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Fortinet offers virtual private network (SSL VPN) and firewall products as part of FortiOS and FortiProxy. Why is it a risk? An attacker can overflow a buffer to allow remote, unauthorized, execution of arbitrary code. This is considered a CRITICAL problem of VERY HIGH risk. How can you mitigate the risk? The only mitigation is to upgrade to ...What is the Windows HTTP.sys (cve-2015-1635) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Microsoft Windows (versions 7, 8 and Server versions 2008-2012) HTTP.sys file could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system. The Microsoft link below provides a description and a list of specific Windows versions effected by this vulnerability. Why is it a risk? An attacker who ...What is the Microsoft Exchange Server On-premises Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Microsoft Exchange Server (2016, 2019 and Subscription) on-premises has a vulnerability allowing an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace. Why is it a risk? Users with escalated privileges can run arbitrary commands both ...What is the Microsoft Exchange Server Unapproved Code Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Microsoft Exchange Server has a number of vulnerabilities that allow attackers to infect your computer (or use your comupter to attack others). Why is it a risk? Although each is slightly different, in general these vulnerabilities allow attackers to run unapproved code on your server. That code can damage your organizational data, interrupt network traffic ...What is the SMB version 3.1.1 Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Server Message Block (SMB) is a long-standing protocol for sharing files, printers, named pipes, and other network resources. Windows Exchange Server (2016, 2019, 2022) all use SMB version 3.1.1 Why is it a risk? Certain carefully crafted commands, sent to SMB version 3.1.1 can allow execution of remote commands without authentication which can crash the target ...What is the Microsoft Exchange Server / Local Exchange Server Vulnerability, what is the risk and how can you mitigate that risk?
What is it? On 06 Aug 2025, Microsoft disclosed a vulnerability in Microsoft Exchange Server which allows an administrator of a local Exchange Server to elevate their priviledges and gain access to other users’ Exchange Online cloud accounts. Why is it a risk? Although there are no known exploits of this vulnerability as of 07 Aug 2025, he ...What is the Exim “21nails” smtp Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Exim is a very popular mail transfer agent (MTA). In 2020, researchers found 21 unique vulnerabilities in Exim. Collectively, these threats are called “21nails.” Why is it a risk? While each of the 21 vulnerabilities is a threat, some of the vulnerabilities can be chained together to obtain a full remote unauthenticated code execution and ...What is the Microsoft Sharepoint (Subscription Edition, 2019 and 2016) on-premises servers Attack, what is the risk and how can you mitigate that risk?
What is it? Microsoft Sharepoint (Subscription Edition, 2019 and 2016) on-premises servers are being actively attacked (as of 2025-07-19). Why is it a risk? Using this vulnerability, an attacker can execute arbitrary code on your server from a remote location. This is considered a CRITICAL vulnerability. How can you mitigate the risk? Follow the directions provided in the Microsoft link below. The ...