Cybersecurity Threat Advisory: New remote control escalation vulnerability – updated
Fortinet recently released updates for several products utilizing SSL-VPN functionalities after discovering a critical vulnerability. The major flaw discovered gives the ability to an attacker to perform an unauthenticated remote code execution on devices. Barracuda SOC recommends updating Fortinet products...
Cybersecurity Threat Advisory: Three Apple zero-day vulnerabilities
Apple released security updates to address three new zero-day vulnerabilities being exploited in the wild. These vulnerabilities are associated with WebKit and covers different intrusion methods. Barracuda MSP recommends applying the latest security updates from Apple to resolve these vulnerabilities....
Cybersecurity Threat Advisory: Microsoft Outlook elevation of privilege vulnerability
Last week, Microsoft Threat Intelligence discovered a critical elevation of privilege (EoP) vulnerability in Microsoft Outlook that allows for New Technology LAN Manager (NTLM) credentials to be stolen. Threat actors can potentially authenticate, escalate privileges, and gain access to the...
Cybersecurity Threat Advisory: LastPass’ security incident update
LastPass provided an update to their August incident where an unauthorized access occurred in their cloud storages. The incident involved storages that contain production data and certain metadata of LastPass subscribers. LastPass recommends businesses to review and update their passwords,...
Cybersecurity Threat Advisory: New Microsoft Exchange Server zero-day vulnerability
Researchers from GTSC found a new zero-day vulnerability for Microsoft Exchange Server in the wild. Upon successful exploitation, threat actors can perform RCE (Remote Code Execution) via a backdoor onto the compromised system. GTSC has released a report outlining the...
Cybersecurity Threat Advisory: Phishing attacks targeting GitHub accounts
GitHub alerted the public that there is an ongoing phishing campaign that is targeting its users by impersonating CircleCI continuous integration and delivery platform. These phishing attacks are designed to steal the targeted user’s account credentials and authentication codes. A...
Cybersecurity Threat Advisory: Palo Alto PAN-OS vulnerability
This week, Palo Alto released a patch for PAN-OS’ vulnerability (CVE-2022-0028). This vulnerability is actively being targeted by threat actors. Firewalls running PAN-OS could permit an attacker to perform a Denial-of-Service (DoS) attack. Barracuda MSP recommends updating affected Palo Alto...
