Month: September 2024
How CISOs can leverage generative AI to improve email, application security
In an era where digital threats evolve at an unprecedented pace, the integration of generative AI into cybersecurity operations has become essential. From content creation to behavior prediction and knowledge articulation, generative AI is reshaping the landscape of security practices, offering immense...
Cybersecurity Threat Advisory: Veeam Backup security flaws
There were recently six vulnerabilities discovered in Veeam Backup and Replication. One of them is an unauthenticated remote code execution (RCE), while the other five include authenticated RCE, arbitrary file deletion, low-privileged multi-factor authentication (MFA) setting modification and MFA bypass,...
Summer Roundup: Cyber risks for MSPs to monitor
As summer begins its swan song and thoughts begin to turn toward autumn, the Cybersecurity and Infrastructure Security Agency (CISA) has a fresh batch of advisories. Released in August, these advisories highlight the various cyber risks lurking out there, many...
Generative AI inference engines create MSP opportunities
More organizations are beginning to operationalize generative artificial intelligence (AI). Along with this, many of them will be looking to managed service providers (MSPs) to help them optimally deploy the inference engines that are needed to analyze data in production...
Tech Time Warp: Back to school and back to hacks
Now that we are past Labor Day, school is back in session across the United States—which means summer vacation is over for cybercriminals, too. Let’s dive into this week’s edition of Tech Time Warp. The education sector is increasingly a...
Cybersecurity Threat Advisory: Cicada3301 ransomware variant
A new ransomware variant has been found, known as Cicada3301. It exhibits similarities to the defunct BlackCat (ALPHV) operation, and it targets both Windows and Linux systems. Review the details in this Cybersecurity Threat Advisory to learn how this variant...
Cybersecurity Threat Advisory: Chrome zero-day vulnerability
A critical zero-day vulnerability in Chrome has been identified, allowing unauthorized access and potential remote code execution on affected systems. Continue reading this Cybersecurity Threat Advisory for more information and to safeguard your systems now. What is the threat? The...
Three new reports from ITRC: H1 breaches, 2023 trends, and a new toll scam
As longtime readers of this space already know, I’m a big fan of the Identity Theft Resource Center (ITRC). Their regular breach reports provide lots of highly detailed statistics, their trend reporting is invaluable to help project the future of...
Cybersecurity Threat Advisory: VMware ESXi vulnerability exploited by BlackByte ransomware
BlackByte ransomware group is actively exploiting CVE-2024-37085, a recently patched authentication bypass vulnerability in VMware ESXi hypervisors. The exploitation of this flaw has led to the deployment of ransomware across victim networks. BlackByte ransomware group has marked it as a...
Data migration expertise: A must-have for MSPs
Managed service providers (MSPs) that have data migration expertise are finding their services are in more demand than ever. A survey of 300 application and software development, IT, and security leaders conducted on behalf of Onymos, found that more than...