Doris Au

All posts by Doris Au

Doris is a product marketing manager at Barracuda MSP. In this position, she is responsible for connecting managed service providers with multi-layered security and data protection products that can protect their customers from today’s advanced cyber threats.

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Access-Token-Harvesting Attack Affects Facebook

Cybersecurity Threat Advisory: Access-Token-Harvesting Attack Affects Facebook

What is the Issue? Many applications typically require an email verification step to authenticate identity before logging the user in. If a person signs up for any app using Facebook Login, an account is created for them, and the authentication...

/ May 19, 2019
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Newegg Data Breach Left Customer Credit Cards Exposed

Cybersecurity Threat Advisory: Newegg Data Breach Left Customer Credit Cards Exposed

What is the Issue? The online retailer Newegg confirmed on Wednesday that credit card information from customers had been stolen using a sophisticated attack. Hackers injected 15 lines of card skimming code on the online retailer’s payments page; the code...

/ May 18, 2019
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Data Theft Risks from “Cold Boot Attack” Variation

Cybersecurity Threat Advisory: Data Theft Risks from “Cold Boot Attack” Variation

What is the Issue? Researchers have discovered that a new exploit built on the foundations of the cold boot attack leaves nearly all laptops and desktops; both Windows and Mac users vulnerable. Attackers can meddle with a computer’s firmware to...

/ May 17, 2019
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Infection on E-commerce Platform Magento

Cybersecurity Threat Advisory: Infection on E-commerce Platform Magento

What is the Issue? Security researchers have discovered that a massive hacking campaign is targeting the ecommerce platform Magento. Hackers are infecting stores that use the platform with a skimmer script in the source code, dubbed MagentoCore that siphon’s payment...

/ May 16, 2019
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Qualcomm’s Medical Gateway Critical Vulnerability

Cybersecurity Threat Advisory: Qualcomm’s Medical Gateway Critical Vulnerability

What is the Issue? Recently, an undocumented vulnerability in the Qualcomm Life’s Capsule Datacaptor Terminal Server (DTS) medical device gateway was found to be exposed to the “misfortune Cookie” vulnerability CVE-2014-9222. This opens the possibility for remote attackers to gain...

/ May 15, 2019
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Apache Struts Framework Remote Code Execution Vulnerability

Cybersecurity Threat Advisory: Apache Struts Framework Remote Code Execution Vulnerability

What is the Issue? Apache Struts web framework versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from a critical Remote Code Execution vulnerability that could be exploited by attackers to fully control the application. Apache Struts 2 is a...

/ April 29, 2019
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Trickbot Trojan Continues to Evolve

Cybersecurity Threat Advisory: Trickbot Trojan Continues to Evolve

What is the Issue: A new Trickbot iteration features a sneaky method of performing process-hollowing using direct system calls, anti-analysis techniques and the disabling of security tools. Process-hollowing is a technique used by malware in which a legitimate process is...

/ April 28, 2019
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: DoS Vulnerability in Cisco Web Security Appliance

Cybersecurity Threat Advisory: DoS Vulnerability in Cisco Web Security Appliance

What is the Issue? There exists a vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances. This happens because of the improper handling of memory resources by this software for TCP connections on any...

/ April 27, 2019
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Microsoft ADFS Multi-Factor Authentication Bypass

Cybersecurity Threat Advisory: Microsoft ADFS Multi-Factor Authentication Bypass

What is the Issue? A vulnerability was discovered in the way multi factor authentication requests are handled by Microsoft’s Active Directory Federation Services (ADFS). It appears that an attacker can compromise a user’s account by bypassing the multi-factor token request....

/ April 26, 2019
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Bitcoin Blackmail Ransom Emails

Cybersecurity Threat Advisory: Bitcoin Blackmail Ransom Emails

What is the Issue? Cyber criminals are sending Bitcoin ransom emails that are attempting to blackmail users into paying ransoms based on leaked password being exposed. These cyber criminals create false narratives that attempt to blackmail you by claiming they...

/ April 25, 2019