All posts by Doris Au

Doris is a product marketing manager at Barracuda MSP. In this position, she is responsible for connecting managed service providers with multi-layered security and data protection products that can protect their customers from today’s advanced cyber threats.

Barracuda extends email security services with 24×7 SOC 

Barracuda extends email security services with 24×7 SOC 

With many small businesses using MSPs as their IT and security providers, it’s imperative for MSPs to partner with vendors that can provide them with security services that can prevent, detect and respond to the increasingly sophisticated cyberthreat landscape. In...

/ May 26, 2022
Cybersecurity Threat Advisory: Apple macOS Critical Privilege Escalation Vulnerability

Cybersecurity Threat Advisory: Apple macOS Critical Privilege Escalation Vulnerability

Apple has released an emergency update for a critical kernel privilege escalation vulnerability in macOS Big Sur 11. This vulnerability allows an attacker to utilize the app to execute arbitrary code with kernel privileges. Barracuda MSP recommends updating to the...

/ May 24, 2022
Cybersecurity Threat Advisory: Zyxel Firewall vulnerability

Cybersecurity Threat Advisory: Zyxel Firewall vulnerability

Zyxel’s ATP, VPN, and USG FLEX series business firewalls are affected by a Remote Code Execution (RCE) vulnerability that allows unauthenticated malicious attackers to execute arbitrary commands on the affected devices. Over 20,800 devices have been affected by this vulnerability,...

/ May 20, 2022
Cybersecurity Threat Advisory: Threat actors targeting VoIP provides with DDoS attacks

Cybersecurity Threat Advisory: Threat actors targeting VoIP provides with DDoS attacks

F5 has released a set of vulnerabilities including 17 high and 1 critical which affect the users of BIG-IP application delivery controller. The vulnerabilities provide malicious actors the ability to deploy crypto mining, ransomware, or other malicious files to the...

/ May 11, 2022
Cybersecurity Threat Advisory: TLStorm 2.0 vulnerabilities

Cybersecurity Threat Advisory: TLStorm 2.0 vulnerabilities

Up to 5 vulnerabilities were uncovered within the use of the TLS protocol in multiple models of the Aruba and Avaya Network switches. These vulnerabilities, if exploited, can provide threat actors remote access to enterprise networks and to transfer confidential...

/ May 11, 2022
Cybersecurity Threat Advisory: Apache CouchDB critical vulnerability

Cybersecurity Threat Advisory: Apache CouchDB critical vulnerability

Apache has released a patch for a critical remote privilege escalation vulnerability in Apache CouchDB 3.2.1 protocol. This vulnerability, if not patched, can allow threat actors to execute code on a targeted server or client without being authenticated. Barracuda MSP...

/ April 29, 2022
Ask an MSP Expert: What is the best way to expand my security service offering? 

Ask an MSP Expert: What is the best way to expand my security service offering? 

Q: We are finding it harder than ever to protect our customers with the security solutions we currently offer. Not only are they generating a lot of alerts, many of which turn out to be false positives once my team...

/ April 18, 2022
Cybersecurity Threat Advisory: GitLab vulnerability could allow account takeover

Cybersecurity Threat Advisory: GitLab vulnerability could allow account takeover

GitLab released an advisory on Thursday, March 31st regarding a new critical vulnerability found in their product, currently being tracked as CVE-2022-1162. This vulnerability can lead to vulnerable account takeover when exploited. GitLab has released a security patch, and Barracuda...

/ April 8, 2022 / 7 Comments
Cybersecurity Threat Advisory: Vulnerability in Spring Cloud Can Trigger Attacks

Cybersecurity Threat Advisory: Vulnerability in Spring Cloud Can Trigger Attacks

Threat Update A newly discovered critical vulnerability in Spring Cloud function (tracked as CVE-2022-22963), a Spring module used for streamlining data processing. This vulnerability can allow an unauthenticated remote attacker to send a specially crafted HTTP header to Spring Cloud...

/ April 1, 2022
Cybersecurity Threat Advisory: Spring Framework Zero-Day Vulnerability Can Cause RCE Attacks

Cybersecurity Threat Advisory: Spring Framework Zero-Day Vulnerability Can Cause RCE Attacks

Threat Update Security professionals have identified a new zero-day vulnerability in the Spring Framework, an application development framework for Java. This vulnerability (tracked as CVE-2022-22965) can allow attackers to execute unauthenticated remote code. Spring has released Spring Framework versions 5.3.18...

/ March 31, 2022