Cybersecurity Threat Advisory: Active exploits of Cisco firewalls
Two vulnerabilities, CVE-2024-20353 (denial of service) and CVE-2024-20359 (persistent local code execution), were leveraged to create backdoors by a state-sponsored cyber-espionage group, ArcaneDoor, in Cisco firewalls. Review the recommendations in this Cybersecurity Threat Advisory to protect your firewall appliances now. What is...
Cybersecurity Threat Advisory: Critical vulnerability in Palo Alto PAN-OS
Palo Alto Networks has disclosed a critical vulnerability, CVE-2024-3400, impacting its PAN-OS software’s GlobalProtect feature. This flaw enables unauthenticated attackers to execute arbitrary code with root privileges on affected firewalls. Review this Cybersecurity Threat Advisory to keep your organization secure...
Cybersecurity Threat Advisory: TA558 phishing campaign
The threat actor TA558 is conducting a phishing campaign targeting various sectors in Latin America, intending to deploy the remote access tool known as Venom RAT. Barracuda MSP encourages organizations to follow the recommendations detailed in this Cybersecurity Threat Advisory...
Cybersecurity Threat Advisory: StrelaStealer malware targets organizations
A new email threat, StrelaStealer malware, is targeting Europe and United States organizations. It spreads through phishing emails with attachments that execute its dynamic-link library (DLL) payload designed to steal email login data. This Cybersecurity Threat Advisory reviews the threat...
Cybersecurity Threat Advisory: Glibc root access vulnerability
A critical security flaw in the GNU C Library (glibc) has been disclosed, tracked as CVE-2023-6246. It allows malicious attackers to gain full root access on Linux machines. Read this Cybersecurity Threat Advisory to learn how to mitigate the risks...
Cybersecurity Threat Advisory: Critical RCE vulnerability
A critical pre-authentication remote code execution (RCE) vulnerability, CVE-2024-21591, has been patched in Juniper Networks’ Junos OS on SRX firewalls and EX switches. Exploitable via an out-of-bounds write, the flaw poses risks of denial-of-service (DoS), RCE attacks, or unauthorized root...
Cybersecurity Threat Advisory: Google OAuth vulnerability
In this Cybersecurity Threat Advisory, we’re looking at a critical Google OAuth vulnerability that allows ex-employees to maintain access to applications such as Slack and Zoom. After off boarding, attackers can achieve access by creating non-Gmail accounts using corporate email...
Cybersecurity Threat Advisory: Navigating holiday cyber risks
The holiday season is here, and organizations are facing an increased risk of cyberthreats with a notable focus on the activities of access brokers. These threat actors specialize in gaining and selling unauthorized access to organization accounts by orchestrating social...
Cybersecurity Threat Advisory: WS_FTP Server vulnerabilities uncovered
Multiple vulnerabilities have been found in all versions of WS_FTP Server. The critical and high vulnerabilities include a directory traversal flaw (CVE-2023-42657) with a CVSS score of 9.9, a high-severity reflected cross-site scripting (XSS) issue (CVE-2023-40045, CVSS 8.3), a SQL...
Cybersecurity Threat Advisory: BlackCat ransomware targets Microsoft Azure
This Cybersecurity Threat Advisory reviews the latest movements of the BlackCat ransomware gang. They are using the Sphynx encryptor to target Microsoft Azure storage through a recently discovered vulnerability in Azure’s security infrastructure. The BlackCat (ALPHV) ransomware gang is using...
