Cybersecurity Threat Advisory: GitHub supply chain attack
Malicious actors have launched a software supply chain attack targeting developers on the GitHub platform. Barracuda MSP recommends taking proactive measures detailed in this Cybersecurity Threat Advisory to mitigate the risk. What is the threat? A variety of techniques were...
Cybersecurity Threat Advisory: Fortinet FortiClientEMS critical vulnerability
Fortinet has released security updates for an unauthorized code execution vulnerability impacting their FortiClientEMS (Endpoint Management Server) product. The vulnerability, CVE-2023-48788, is related to a flaw that allows unauthenticated malicious actors to execute code or commands onto the server via...
Cybersecurity Threat Advisory: Citrix Bleed vulnerability actively exploited
Recently, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a cybersecurity advisory warning that ransomware groups are actively exploiting the ‘Citrix Bleed’ vulnerability. In this Cybersecurity Threat Advisory, we look at the Citrix...
Cybersecurity Threat Advisory: Significant increase of cyber incidents
This Cybersecurity Threat Advisory sheds light on the recent global events between Israel and Hamas that have caused a surge in cyber incidents from hacker activists, also known as “hacktivists”. These attacks have been experienced on both sides of the...
Cybersecurity Threat Advisory: Apple releases patches for zero-day vulnerabilities
Apple has released more security patches after three zero-day vulnerabilities were discovered in iOS, iPadOS, MacOS, WatchOS, and Safari. These vulnerabilities are actively being exploited in the wild against several frameworks and systems of Apple products, making sixteen total zero-days...
Cybersecurity Threat Advisory: Critical security patches for GitLab
This Cybersecurity Threat Advisory highlights GitLab’s recent critical vulnerability, which security update have been released for. A successful exploitation can allow threat actors to mask themselves as other users during scheduled security scans while they run automated tasks (also known...
Cybersecurity Threat Advisory: Zero-day vulnerabilities found in Apple’s PassKit
Today’s Cybersecurity Threat Advisory involves Apple, who recently released critical updates for iPhone and Mac products after two zero-day vulnerabilities were discovered in their PassKit framework via iMessage. Both vulnerabilities allow malicious actors to perform arbitrary code execution on devices...
Cybersecurity Threat Advisory: New Microsoft support scam
The latest Cybersecurity Threat Advisory highlights the new false advertisement for Amazon through Google search engine. The advertisement redirects users to a Microsoft Defender support scam that locks up their browser. Barracuda MSP recommends avoiding clicking on any “Sponsored” result...
Cybersecurity Threat Advisory: Zero-day vulnerabilities found in Atera RMM
The latest Cybersecurity Threat Advisory involves two zero-day vulnerabilities that were discovered in Atera RMM Windows installers. These two vulnerabilities are deemed critical and provide privilege escalation capabilities upon a successful exploitation. Barracuda MSP recommends updating to version 1.8.4.9 to...
Cybersecurity Threat Advisory: Critical vulnerabilities with ASUS routers
ASUS recently released critical security updates for several vulnerabilities across multiple router models. Two out of the nine vulnerabilities are categorized as Critical, including an out-of-bounds write vulnerability and a memory corruption flaw. Barracuda SOC recommends applying the latest security...
