Matthew Russo

All posts by Matthew Russo

Matthew is a Cybersecurity Analyst at Barracuda MSP. He's a security expert, working on our Blue Team within our Security Operations Center. Matthew supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: GitHub supply chain attack

Cybersecurity Threat Advisory: GitHub supply chain attack

Malicious actors have launched a software supply chain attack targeting developers on the GitHub platform. Barracuda MSP recommends taking proactive measures detailed in this Cybersecurity Threat Advisory to mitigate the risk. What is the threat? A variety of techniques were...

/ March 28, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Fortinet FortiClientEMS critical vulnerability

Cybersecurity Threat Advisory: Fortinet FortiClientEMS critical vulnerability

Fortinet has released security updates for an unauthorized code execution vulnerability impacting their FortiClientEMS (Endpoint Management Server) product. The vulnerability, CVE-2023-48788, is related to a flaw that allows unauthenticated malicious actors to execute code or commands onto the server via...

/ March 18, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Citrix Bleed vulnerability actively exploited

Cybersecurity Threat Advisory: Citrix Bleed vulnerability actively exploited

Recently, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a cybersecurity advisory warning that ransomware groups are actively exploiting the ‘Citrix Bleed’ vulnerability. In this Cybersecurity Threat Advisory, we look at the Citrix...

/ November 29, 2023
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Significant increase of cyber incidents

Cybersecurity Threat Advisory: Significant increase of cyber incidents

This Cybersecurity Threat Advisory sheds light on the recent global events between Israel and Hamas that have caused a surge in cyber incidents from hacker activists, also known as “hacktivists”. These attacks have been experienced on both sides of the...

/ October 16, 2023
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Apple releases patches for zero-day vulnerabilities

Cybersecurity Threat Advisory: Apple releases patches for zero-day vulnerabilities

Apple has released more security patches after three zero-day vulnerabilities were discovered in iOS, iPadOS, MacOS, WatchOS, and Safari. These vulnerabilities are actively being exploited in the wild against several frameworks and systems of Apple products, making sixteen total zero-days...

/ September 26, 2023
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical security patches for GitLab

Cybersecurity Threat Advisory: Critical security patches for GitLab

This Cybersecurity Threat Advisory highlights GitLab’s recent critical vulnerability, which security update have been released for. A successful exploitation can allow threat actors to mask themselves as other users during scheduled security scans while they run automated tasks (also known...

/ September 22, 2023
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Zero-day vulnerabilities found in Apple’s PassKit

Cybersecurity Threat Advisory: Zero-day vulnerabilities found in Apple’s PassKit

Today’s Cybersecurity Threat Advisory involves Apple, who recently released critical updates for iPhone and Mac products after two zero-day vulnerabilities were discovered in their PassKit framework via iMessage. Both vulnerabilities allow malicious actors to perform arbitrary code execution on devices...

/ September 12, 2023
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: New Microsoft support scam

Cybersecurity Threat Advisory: New Microsoft support scam

The latest Cybersecurity Threat Advisory highlights the new false advertisement for Amazon through Google search engine. The advertisement redirects users to a Microsoft Defender support scam that locks up their browser. Barracuda MSP recommends avoiding clicking on any “Sponsored” result...

/ August 24, 2023
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Zero-day vulnerabilities found in Atera RMM

Cybersecurity Threat Advisory: Zero-day vulnerabilities found in Atera RMM

The latest Cybersecurity Threat Advisory involves two zero-day vulnerabilities that were discovered in Atera RMM Windows installers. These two vulnerabilities are deemed critical and provide privilege escalation capabilities upon a successful exploitation. Barracuda MSP recommends updating to version 1.8.4.9 to...

/ July 26, 2023
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical vulnerabilities with ASUS routers

Cybersecurity Threat Advisory: Critical vulnerabilities with ASUS routers

ASUS recently released critical security updates for several vulnerabilities across multiple router models. Two out of the nine vulnerabilities are categorized as Critical, including an out-of-bounds write vulnerability and a memory corruption flaw. Barracuda SOC recommends applying the latest security...

/ June 21, 2023