Cybersecurity Threat Advisory: Veeam Backup vulnerability exploit
The Veeam Backup & Replication vulnerability, CVE-2023-27532, which was patched in March 2023 is still being exploited. Attackers have managed to exploit unpatched systems to launch ransomware attacks since April 2024. Barracuda MSP recommends reviewing this Cybersecurity Threat Advisory in...
Cybersecurity Threat Advisory: New Microsoft Outlook client vulnerability
A recent Microsoft Outlook client zero-click remote code execution (RCE) vulnerability, CVE-2024-30103, has a CVSS score of 8.8. Review this Cybersecurity Threat Advisory to limit the impact this vulnerability may have on your organization. What is the threat? CVE-2024-30103 allows...
Cybersecurity Threat Advisory: New ShrinkLocker ransomware strains
ShrinkLocker is a recent ransomware strain that leverages a legitimate Windows encryption feature, BitLocker, to lock victims out of their devices. It shrinks the partition, increasing the impact of the attack. Review this Cybersecurity Threat Advisory in detail to prevent...
Cybersecurity Threat Advisory: F5 BIG-IP Next Central Manager vulnerabilities
Two high-severity vulnerabilities were discovered in the F5 BIG-IP Next Central Manager API allowing attackers to gain full administrative control and create hidden, persistent backdoors on managed devices. Barracuda MSP recommends reading this Cybersecurity Threat Advisory to learn which steps...
Cybersecurity Threat Advisory: RCE vulnerabilities in HPE Aruba Networking devices
HPE Aruba Networking has disclosed that critical remote code execution (RCE) vulnerabilities are impacting multiple versions of ArubaOS. Out of the ten vulnerabilities found, four pose critical risks of unauthenticated buffer overflows in various services. Read this Cybersecurity Threat Advisory...
Cybersecurity Threat Advisory: Active exploit of Atlassian Confluence
This Cybersecurity Threat Advisory details the exploitation of the critical vulnerability CVE-2023-22518 in the Atlassian Confluence Data Center and Server. Attackers are deploying a Linux variant of Cerber (aka C3RB3R) ransomware. This allows unauthenticated attackers to reset Confluence and create...
Cybersecurity Threat Advisory: OpenEdge authentication bypass vulnerability
A critical vulnerability (CVE-2024-1403) affecting Progress Software OpenEdge Authentication Gateway and AdminServer impacts versions 11.7.18 and earlier, 12.2.13 and earlier, and 12.8.0. The vulnerability allows unauthorized access due to manipulation of username and password combinations during the authentication process. Review...
Cybersecurity Threat Advisory: AnyDesk production system breach
AnyDesk confirmed that a cyberattack on their production systems has taken place. This has caused AnyDesk users to become vulnerable to data breaches, phishing attacks, and malware. Barracuda MSP recommends updating to the latest version of Windows (8.0.8) immediately and...