Types of Cyberattack, Specific Risks and How to Mitigate those Risks
Please note that the list of cyberattack types is distributed by the Canadian Centre for Cyber Security and the means to mitigate is provided by third parties. This information is not meant to be exhaustive and Skyway West is not responsible for omissions or mistakes.
What is the SolarWinds Serv-U Managed File Transfer over HTTP Vulnerability, what is the risk and how can you mitigate that risk?
What is it? SolarWinds Serv-U provides Managed File Transfer over HTTP. Versions 15.4.2 HF 1 and earlier contain a programming error that makes the network vulnerable to “directory traversal” attacks. Why is it a risk? Directory traversal (aka “path traversal”) vulnerabilities allow attackers to access directories and files outside the server’s root directory. How can you mitigate the risk? SolarWinds ...What is the N-central (from N-able) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? N-central (from N-able) is commonly used by managed services providers (MSPs) and IT departments to monitor, manage, and maintain client networks and devices from a centralized web-based console. There are two simultaneous threats: – The first allows authenticated users to execute arbitrary commands – The second allows them to inject comman ds using the first weakness The ...What is the Cisco Open Secure Shell (Open SSH) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Cisco sells a wide variety of network products for voice-over-IP, routing, switching, network management, network security, video streaming and wireless services. Many of these products use Open Secure Shell (Open SSH) for network security. A vulnerability in the Open SSH software was detected by Qualys Security. The link below provides detailed information about the vulnerability. Why ...What is the Palo Alto networks PAN-OS GlobalProtect Vulnerability, what is the risk and how can you mitigate that risk?
What is it? GlobalProtect, a feature of the Palo Alto networks PAN-OS, allows remote users to access local and Internet resources. A weakness in the software allows an attacker to create arbitrary files and inject arbitrary commands. This issue is applicable to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or ...What is the ConnectWise ScreenConnect Vulnerability, what is the risk and how can you mitigate that risk?
What is it? ConnectWise ScreenConnect provides remote support (remote control) to help you support your staff. Remote Control software is naturally an attractive target for cyber attackers. ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass, using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. CyberSecurity ...What is the SSH “Terrapin Attack” Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Secure Shell (SSH) allows commands to be sent securely to computers remotely across unsecure networks (like the Internet). Certain versions of SSH allow an attacker with the ability to intercept SSH traffic, downgrade connection security and force the usage of less secure client authentication algorithms. This vulnerability is called the “Terrapin Attack”. The link below ...What is the Fortinet (cve-2022-42475) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Fortinet offers virtual private network (SSL VPN) and firewall products as part of FortiOS and FortiProxy. Why is it a risk? An attacker can overflow a buffer to allow remote, unauthorized, execution of arbitrary code. This is considered a CRITICAL problem of VERY HIGH risk. How can you mitigate the risk? The only mitigation is to upgrade to ...What is the Windows HTTP.sys (cve-2015-1635) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Microsoft Windows (versions 7, 8 and Server versions 2008-2012) HTTP.sys file could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system. The Microsoft link below provides a description and a list of specific Windows versions effected by this vulnerability. Why is it a risk? An attacker who ...What is the Microsoft Exchange Server On-premises Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Microsoft Exchange Server (2016, 2019 and Subscription) on-premises has a vulnerability allowing an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace. Why is it a risk? Users with escalated privileges can run arbitrary commands both ...What is the Microsoft Exchange Server Unapproved Code Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Microsoft Exchange Server has a number of vulnerabilities that allow attackers to infect your computer (or use your comupter to attack others). Why is it a risk? Although each is slightly different, in general these vulnerabilities allow attackers to run unapproved code on your server. That code can damage your organizational data, interrupt network traffic ...What is the SMB version 3.1.1 Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Server Message Block (SMB) is a long-standing protocol for sharing files, printers, named pipes, and other network resources. Windows Exchange Server (2016, 2019, 2022) all use SMB version 3.1.1 Why is it a risk? Certain carefully crafted commands, sent to SMB version 3.1.1 can allow execution of remote commands without authentication which can crash the target ...What is the Microsoft Exchange Server / Local Exchange Server Vulnerability, what is the risk and how can you mitigate that risk?
What is it? On 06 Aug 2025, Microsoft disclosed a vulnerability in Microsoft Exchange Server which allows an administrator of a local Exchange Server to elevate their priviledges and gain access to other users’ Exchange Online cloud accounts. Why is it a risk? Although there are no known exploits of this vulnerability as of 07 Aug 2025, he ...