Cybersecurity Threat Advisory: Zero-day vulnerabilities found in Apple’s PassKit
Today’s Cybersecurity Threat Advisory involves Apple, who recently released critical updates for iPhone and Mac products after two zero-day vulnerabilities were discovered in their PassKit framework via iMessage. Both vulnerabilities allow malicious actors to perform arbitrary code execution on devices...
Cybersecurity Threat Advisory: New Microsoft support scam
The latest Cybersecurity Threat Advisory highlights the new false advertisement for Amazon through Google search engine. The advertisement redirects users to a Microsoft Defender support scam that locks up their browser. Barracuda MSP recommends avoiding clicking on any “Sponsored” result...
Cybersecurity Threat Advisory: Zero-day vulnerabilities found in Atera RMM
The latest Cybersecurity Threat Advisory involves two zero-day vulnerabilities that were discovered in Atera RMM Windows installers. These two vulnerabilities are deemed critical and provide privilege escalation capabilities upon a successful exploitation. Barracuda MSP recommends updating to version 1.8.4.9 to...
Cybersecurity Threat Advisory: Critical vulnerabilities with ASUS routers
ASUS recently released critical security updates for several vulnerabilities across multiple router models. Two out of the nine vulnerabilities are categorized as Critical, including an out-of-bounds write vulnerability and a memory corruption flaw. Barracuda SOC recommends applying the latest security...
Cybersecurity Threat Advisory: New remote control escalation vulnerability – updated
Fortinet recently released updates for several products utilizing SSL-VPN functionalities after discovering a critical vulnerability. The major flaw discovered gives the ability to an attacker to perform an unauthenticated remote code execution on devices. Barracuda SOC recommends updating Fortinet products...
Cybersecurity Threat Advisory: Three Apple zero-day vulnerabilities
Apple released security updates to address three new zero-day vulnerabilities being exploited in the wild. These vulnerabilities are associated with WebKit and covers different intrusion methods. Barracuda MSP recommends applying the latest security updates from Apple to resolve these vulnerabilities....
Cybersecurity Threat Advisory: Microsoft Outlook elevation of privilege vulnerability
Last week, Microsoft Threat Intelligence discovered a critical elevation of privilege (EoP) vulnerability in Microsoft Outlook that allows for New Technology LAN Manager (NTLM) credentials to be stolen. Threat actors can potentially authenticate, escalate privileges, and gain access to the...
Cybersecurity Threat Advisory: LastPass’ security incident update
LastPass provided an update to their August incident where an unauthorized access occurred in their cloud storages. The incident involved storages that contain production data and certain metadata of LastPass subscribers. LastPass recommends businesses to review and update their passwords,...
Cybersecurity Threat Advisory: New Microsoft Exchange Server zero-day vulnerability
Researchers from GTSC found a new zero-day vulnerability for Microsoft Exchange Server in the wild. Upon successful exploitation, threat actors can perform RCE (Remote Code Execution) via a backdoor onto the compromised system. GTSC has released a report outlining the...
Cybersecurity Threat Advisory: Phishing attacks targeting GitHub accounts
GitHub alerted the public that there is an ongoing phishing campaign that is targeting its users by impersonating CircleCI continuous integration and delivery platform. These phishing attacks are designed to steal the targeted user’s account credentials and authentication codes. A...
