Category: Security
Cybersecurity Threat Advisory: Your Oracle NetSuite data may be exposed
Researchers discovered that externally-facing Oracle NetSuite e-commerce sites may expose sensitive customer information when configured inaccurately. Review the details in this Cybersecurity Threat Advisory to learn best practices to mitigate your business risk. What is the threat? It is found...
Neal Bradbury on driving innovation for the channel at Barracuda
For our long-term subscribers and those who have been in the managed services industry for the past two decades, you may be familiar with Neal Bradbury, who co-founded Intronis, a managed service provider (MSP) focused data protection company. Recently appointed...
Cybersecurity Threat Advisory: Exploited Jenkins vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability found in Jenkins, identified as CVE-2024-23897 with a CVSS score of 9.8, to its Known Exploited Vulnerabilities (KEV) catalogue. This vulnerability is a path traversal flaw within the...
Cybersecurity Threat Advisory: Exploited Microsoft zero-day flaw
The hacker group Lazarus recently exploited a patched, zero-day flaw in Microsoft Windows. The vulnerability, tracked as CVE-2024-38193 with a CVSS score of 7.8, is a Bring Your Own Vulnerable Driver (BYOVD) vulnerability for Winsock. Continue reading this Cybersecurity Threat...
Threat Spotlight: How ransomware for rent rules the threat landscape
This year’s annual review of ransomware attacks looks at the threat from two perspectives. First, for the third year running we’ve taken a global sample of reported ransomware attacks and analyzed what they tell us about ransomware attackers and their...
Cybersecurity Threat Advisory: Critical SAP vulnerabilities
SAP issued its August 2024 security patch update which included two critical flaws that enable attackers to bypass authentication and fully compromise affected systems. Review the details in this Cybersecurity Threat Advisory to learn how you can protect your SAP...
Cybersecurity Threat Advisory: EDRKillShifter, a growing threat
A cybercrime group associated with the RansomHub ransomware has been observed using a newly developed tool named “EDRKillShifter” to disable endpoint detection and response (EDR) software on compromised systems. This tool is the latest in a growing list of EDR-killing...
Cybersecurity Threat Advisory: Another zero-click Windows TCP/IP vulnerability
Another critical zero-click Windows vulnerability, identified as CVE-2024-38063, has been discovered in the Windows TCP/IP stack, affecting all systems with IPv6 enabled. Review this Cybersecurity Threat Advisory now to mitigate potential exploitation and protect your systems. What is the threat?...
Will MSPs have more license requirements in their future?
In 2019, Singapore became the first country in the world to require cybersecurity professionals to undergo a licensing and certification process. The trend has been slow to catch on. However, this year, Ghana and Malaysia joined Singapore in creating certification...
Cybersecurity Threat Advisory: Critical zero-click vulnerability in Microsoft Outlook
A critical zero-click remote code execution (RCE) vulnerability, identified as CVE-2024-30103, was recently discovered in Microsoft Outlook. This flaw allows malicious actors to execute arbitrary code on a victim’s system simply by opening a specially crafted email. Review the details...