Category: Security

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Vulnerability in Spring Cloud Can Trigger Attacks

Cybersecurity Threat Advisory: Vulnerability in Spring Cloud Can Trigger Attacks

Threat Update A newly discovered critical vulnerability in Spring Cloud function (tracked as CVE-2022-22963), a Spring module used for streamlining data processing. This vulnerability can allow an unauthenticated remote attacker to send a specially crafted HTTP header to Spring Cloud...

/ April 1, 2022
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Spring Framework Zero-Day Vulnerability Can Cause RCE Attacks

Cybersecurity Threat Advisory: Spring Framework Zero-Day Vulnerability Can Cause RCE Attacks

Threat Update Security professionals have identified a new zero-day vulnerability in the Spring Framework, an application development framework for Java. This vulnerability (tracked as CVE-2022-22965) can allow attackers to execute unauthenticated remote code. Spring has released Spring Framework versions 5.3.18...

/ March 31, 2022
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: SonicWall Releases Hotfix for RCE/DoS Vulnerability

Cybersecurity Threat Advisory: SonicWall Releases Hotfix for RCE/DoS Vulnerability

Threat Update SonicWall has released a hotfix for a critical RCE / DoS vulnerability that affects a subset of their firewall devices. This vulnerability (tracked as CVE-2022-22274) in Sonic OS allows an unauthenticated remote attacker to perform denial of service...

/ March 30, 2022
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Threat Actors Could Target Sophos Firewall

Cybersecurity Threat Advisory: Threat Actors Could Target Sophos Firewall

Threat Update Sophos has disclosed a critical-level authentication bypass vulnerability (CVE-2022-1040) that impacts Sophos Firewall v18.5 and below. If this vulnerability is exploited, an attacker could get unfettered access to the firewall and execute remote code at will. Barracuda MSP’s...

/ March 30, 2022
Lost and hopefully not found (by a hacker)

Lost and hopefully not found (by a hacker)

The combination of people gradually returning to offices and corporate campuses and the proliferation of BYOD (bring your own device) during the pandemic is not only causing headaches for CISOs and MSPs, but it’s also resulting in cybersecurity problems. “We...

/ March 30, 2022 / 10 Comments
Tip Tuesday: 5 MSP marketing tips for World Backup Day

Tip Tuesday: 5 MSP marketing tips for World Backup Day

Most MSPs have run into customers or prospects that refuse to add a backup solution or upgrade from their current one to another that better meets their needs. They believe that their current set-up is satisfactory because the decision makers...

/ March 29, 2022
Preparing for a state-sponsored attack

Preparing for a state-sponsored attack

As the conflict in Ukraine drags on, some experts fear that the chance of cybersecurity-related incidents will only increase in the USA. Managed Service Providers (MSPs) are well-positioned as the guardians at the gate for many companies and should play...

/ March 24, 2022 / 5 Comments
Data Center security
The important role MSPs play in keeping the data center safe

The important role MSPs play in keeping the data center safe

Data is currency to hackers. “For a hacker, there’s no difference between a stack of $50 bills and a bunch of unguarded PHI (personal health information) or credit card numbers,” says Phil Jefferson, an independent cybersecurity consultant in Fort Worth,...

/ March 21, 2022
spear-phishing report
Spear-phishing report: Social engineering and growing complexity of attacks

Spear-phishing report: Social engineering and growing complexity of attacks

As cybercriminals step up social engineering attacks against employees at small businesses, organizations of all sizes need to be prepared for spear-phishing attacks. Between January 2021 and December 2021, Barracuda researchers analyzed millions of spear-phishing and social engineering attacks impacting mailboxes at thousands of organizations. They share...

/ March 18, 2022
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: “TLStorm” vulnerability found in APC Smart-UPS devices

Cybersecurity Threat Advisory: “TLStorm” vulnerability found in APC Smart-UPS devices

The security firm Armis has located three vulnerabilities in Schneider Electric’s APC Smart-UPS devices. These flaws are being tracked under the name “TLStorm.” This vulnerability can enable remote attackers to control the power of millions of enterprise devices to conduct...

/ March 16, 2022