Month: October 2024
Expert advice to proactively mitigate insider threats for MSPs
Managed services providers (MSPs) must constantly defend their clients from hackers, cybercriminals, malware, and state-sponsored cyber warfare. However, sometimes the threat is much closer to home – perhaps right in the office. Welcome to the era of insider threats, an...
Cybersecurity Threat Advisory: New critical GitLab SAML vulnerability
A new critical GitLab vulnerability within RUBY-SAML and OmniAuth-SAML libraries to bypass SAML authentication was disclosed. If you are using GitLab, read this Cybersecurity Threat Advisory to learn how to mitigate your risk. What is the threat? This vulnerability allows...
Cybersecurity Threat Advisory: Apache Avro SDK vulnerability
A critical security flaw in the Apache Avro Java Software Development Kit (SDK), tracked as CVE-2024-47561, poses a significant threat to systems using this data serialization framework. A successful exploitation allows an attacker to execute arbitrary code on vulnerable instances....
Take action! 30 Essential tips to boost your cybersecurity
October, declared as Cybersecurity Awareness Month, is the perfect time to revisit and reinforce your cybersecurity strategies, ensuring both you and your customers stay safe from the latest digital threats. Since 2004, the National Cybersecurity Division of the Department of...
Unlock new opportunities: How cloud services can fuel MSP growth
A report from Synergy Research Group finds total global spending on cloud services and infrastructure reached $427 billion in the first half of 2024, a 23 percent year-over-year increase. During this time, consumption of infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service...
Tech Time Warp: Time for pumpkins, ghosts, and cybersecurity awareness
If you’re reading this, you know it’s important to be cyber-aware 365 days a year, but for more than 20 years, October has been as synonymous in the tech world with cybersecurity as it is with pumpkins and ghosts. In...
Cybersecurity Threat Advisory: Exploited cryptojacking campaign impacting Docker
A new cryptojacking campaign exploiting the Docker Engine API has been discovered. The large-scale hacking campaign is targeting Docker Swarm, Kubernetes, and Secure Socket Shell (SSH) servers. Continue reading this Cybersecurity Threat Advisory to learn how to mitigate your risk...
Social engineering attacks: What MSPs need to know
As we kick off Cybersecurity Awareness Month, we are highlighting one danger that managed service providers (MSPs) must constantly monitor: social engineering. According to Verizon’s 2024 Data Breach Investigations Report: Social engineering incidents have increased from the previous year largely...
Cybersecurity Threat Advisory: Critical RCE vulnerability in ZCS
There is a critical remote code execution (RCE) vulnerability in Zimbra Collaboration Suite (ZCS) version 9.0, tracked as CVE-2024-45519. The vulnerability allows unauthenticated attackers to remotely execute arbitrary commands by exploiting weaknesses in Zimbra’s SMTP PostJournal service. Review the details...