Category: Featured
Cybersecurity Threat Advisory: Fortinet vulnerability CVE-2022-40684
Fortinet has identified a critical vulnerability tracked as CVE-2022-40684. Upon a successful exploitation, a threat actor can remotely log into devices with FortiGate firewalls or FortiProxy web proxies using an authentication bypass on the administrative interface. Barracuda MSP recommends customers...
Tech Time Warp: Multi-factor authentication is more secure, but who invented it?
The theme of this year’s Cybersecurity Awareness Month is “See Yourself in Cyber,” focusing on all the ways the human touch is needed for true cybersecurity. One focus for the month is multi-factor authentication (MFA), which keeps technology secure by...
MSPs need to focus on cloud services that matter most
There’s no doubt that cloud computing services can be overwhelming to navigate, but a new survey suggests that the actual number of services regularly used by organizations is rather narrow. Civo, a provider of cloud services, recently surveyed IT leaders...
Make the most of Cybersecurity Awareness Month
Since 2004, October has been recognized by the United States government as Cybersecurity Awareness Month (CAM). You can read the most recent presidential proclamation of CAM here. For those of us whose roles require us to be aware of cybersecurity year-round,...
Ride-sharing app Uber hacked via social engineering scheme
Last month, the popular ride-sharing app Uber announced a cybersecurity incident that affected a variety of company accounts. The breach reportedly originated within Uber’s internal Slack communication channel after a hacker tricked an employee into sharing their login credentials. Those...
Cybersecurity Threat Advisory: New Microsoft Exchange Server zero-day vulnerability
Researchers from GTSC found a new zero-day vulnerability for Microsoft Exchange Server in the wild. Upon successful exploitation, threat actors can perform RCE (Remote Code Execution) via a backdoor onto the compromised system. GTSC has released a report outlining the...
Cybersecurity Threat Advisory: Zoho ManageEngine RCE bug
A critical Zoho ManageEngine Remote Code Execution (RCE) flaw is being actively exploited according to The US Cybersecurity and Infrastructure Security Agency (CISA). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Password Manager Pro, PAM360 and...
Cybersecurity Threat Advisory: Sophos Firewall critical vulnerability
Sophos has identified a remote code execution vulnerability tracked as CVE-2022-3236. This vulnerability affects the User Portal and Webadmin components of Sophos Firewalls. Upon a successful exploitation, a threat actor can gain root privileges and deploy a ransomware attack. Barracuda...
CISA warns industrial clients are vulnerable
MSPs with industrial clients in their portfolios have a set of security issues that often differ from other verticals, and each vertical brings its own baggage. With healthcare clients, for example, it’s PHI and HIPAA regulations. With finance clients, there...
Cybersecurity Threat Advisory: Phishing attacks targeting GitHub accounts
GitHub alerted the public that there is an ongoing phishing campaign that is targeting its users by impersonating CircleCI continuous integration and delivery platform. These phishing attacks are designed to steal the targeted user’s account credentials and authentication codes. A...
