Cybersecurity Threat Advisory: TLStorm 2.0 vulnerabilities
Up to 5 vulnerabilities were uncovered within the use of the TLS protocol in multiple models of the Aruba and Avaya Network switches. These vulnerabilities, if exploited, can provide threat actors remote access to enterprise networks and to transfer confidential...
Cybersecurity Threat Advisory: Apache CouchDB critical vulnerability
Apache has released a patch for a critical remote privilege escalation vulnerability in Apache CouchDB 3.2.1 protocol. This vulnerability, if not patched, can allow threat actors to execute code on a targeted server or client without being authenticated. Barracuda MSP...
Ask an MSP Expert: What is the best way to expand my security service offering?
Q: We are finding it harder than ever to protect our customers with the security solutions we currently offer. Not only are they generating a lot of alerts, many of which turn out to be false positives once my team...
Cybersecurity Threat Advisory: GitLab vulnerability could allow account takeover
GitLab released an advisory on Thursday, March 31st regarding a new critical vulnerability found in their product, currently being tracked as CVE-2022-1162. This vulnerability can lead to vulnerable account takeover when exploited. GitLab has released a security patch, and Barracuda...
Cybersecurity Threat Advisory: Vulnerability in Spring Cloud Can Trigger Attacks
Threat Update A newly discovered critical vulnerability in Spring Cloud function (tracked as CVE-2022-22963), a Spring module used for streamlining data processing. This vulnerability can allow an unauthenticated remote attacker to send a specially crafted HTTP header to Spring Cloud...
Cybersecurity Threat Advisory: Spring Framework Zero-Day Vulnerability Can Cause RCE Attacks
Threat Update Security professionals have identified a new zero-day vulnerability in the Spring Framework, an application development framework for Java. This vulnerability (tracked as CVE-2022-22965) can allow attackers to execute unauthenticated remote code. Spring has released Spring Framework versions 5.3.18...
Cybersecurity Threat Advisory: SonicWall Releases Hotfix for RCE/DoS Vulnerability
Threat Update SonicWall has released a hotfix for a critical RCE / DoS vulnerability that affects a subset of their firewall devices. This vulnerability (tracked as CVE-2022-22274) in Sonic OS allows an unauthenticated remote attacker to perform denial of service...
Cybersecurity Threat Advisory: Threat Actors Could Target Sophos Firewall
Threat Update Sophos has disclosed a critical-level authentication bypass vulnerability (CVE-2022-1040) that impacts Sophos Firewall v18.5 and below. If this vulnerability is exploited, an attacker could get unfettered access to the firewall and execute remote code at will. Barracuda MSP’s...
Cybersecurity Threat Advisory: “TLStorm” vulnerability found in APC Smart-UPS devices
The security firm Armis has located three vulnerabilities in Schneider Electric’s APC Smart-UPS devices. These flaws are being tracked under the name “TLStorm.” This vulnerability can enable remote attackers to control the power of millions of enterprise devices to conduct...
Cybersecurity Threat Advisory: RCE in Okta Advanced Server Access Client
Threat Update The Okta Advanced Server Access Windows client is vulnerable to an unauthenticated remote code execution vulnerability. Thousands of companies rely on Okta to provide zero-trust identity and access management for cloud and on-premises infrastructure. This vulnerability can be...