Category: Security
Cybersecurity Threat Advisory: Ransomware turning off EDR with vulnerable drivers
Qilin and Warlock (also known as “Water Manaul”) ransomware groups are using bring your own vulnerable driver (BYOVD) techniques to disable endpoint security tools on Windows systems. These actors can shut down more than 300 EDR drivers across multiple security...
Cybersecurity Threat Advisory: Storm-1175 exploits zero-days to deploy Medusa ransomware
Storm-1175 is a threat actor using a rapid sequence of zero-day and N-day exploits to deploy Medusa ransomware against internet-facing assets. This high-velocity attack pattern has been highlighted by security researchers, who emphasize the heightened risk posed by exposed perimeter...
Increased open source software reliance creates MSP opportunities
A survey of 712 IT professionals suggests that as organizations rely more on open source software, they are struggling with security updates and patches (39 percent), installations, upgrades, and configurations (30 percent), and technical support (29 percent). Nearly half (47...
What does a “right-size” incident response plan look like?
Often, when a cyber incident occurs, the response is ad hoc—a reactive, seat‑of‑the‑pants scramble. After all, every incident is different, so how can you plan for what you don’t know? But just as every building fire is different, there are...
Cybersecurity Threat Advisory: Active exploitation of Fortinet SQL injection vulnerability
Fortinet has issued urgent security guidance following the active exploitation of a critical SQL injection vulnerability affecting FortiClient Enterprise Management Server (EMS). The flaw allows unauthenticated attackers to achieve remote code execution through specially crafted HTTP requests sent to the...
Cybersecurity Threat Advisory: Axios NPM compromised by supply chain attack
The widely used HTTP client Axios was compromised recently in an incident that many researchers are attributing to a North Korean–linked cyberattack. Attackers gained access to the NPM account of an Axios maintainer, “jasonsaayman,” and published two malicious versions of...
Cybersecurity Threat Advisory: RoadK1ll Node.js WebSocket implant
Recent reporting has identified a Node.js–based post-exploitation implant known as RoadK1ll, observed in real-world intrusions as a lateral movement and network pivoting tool. Read this Cybersecurity Threat Advisory to protect you and your clients’ environments. What is the threat? RoadK1ll...
World Backup Day: A timely reminder for MSPs to lead with resilience
It’s World Backup Day! This is a global reminder that data loss is far more common—and more damaging—than many organizations realize. In fact, 21 percent of people have never backed up their data, while 29 percent of data loss incidents...
Making the case for a layered email security approach
MSPs have a lot of ground to cover with their clients. In addition to providing protection, there’s also persuasion. Many MSPs find themselves needing to justify additional cybersecurity investments at a time when budgets are under scrutiny—and that can make...
Cybersecurity Threat Advisory: Apple security updates for iOS vulnerabilities
Apple has released urgent security updates for older iPhones and iPads to address multiple vulnerabilities actively exploited in the wild via the Coruna exploit kit—a sophisticated attack framework used by both espionage groups and cybercriminals. Read this Cybersecurity Threat Advisory...
