Category: Security
Podcast: Securing a remote workforce with RMM, Episode 5
In our previous episode, we turned our focus to managed security services, including zero-trust network access (ZTNA), which is quickly becoming a layer of protection used to bolster a security services offering. In the fifth episode of the SmarterMSP Podcast,...
Q&A: Barracuda named 2021 RMM Vendor of the Year
Each year, the very best service offerings and the top vendors are recognized at the annual North American MSP Innovation Awards, hosted by Channel Partner Insight. This year, Barracuda is being honored as the RMM Vendor of the Year for...
Cybersecurity Threat Advisory: RCE Vulnerability in Siemens PLCs
Threat Update An unauthenticated remote code execution vulnerability has been detected in several Siemens PLC devices. An unauthenticated remote attacker with access to TCP port 102 could exploit this to read or write arbitrary code to protected memory areas. This...
Cybersecurity Threat Advisory: Increased Spear Phishing Activity of Nobelium Group
Threat Update Microsoft has actively been tracking a surge in spear phishing activity conducted by ‘Nobelium,’ the group behind the SUNBURST backdoor, TEARDROP and GoldMax malware. Technical Detail & Additional Information WHAT IS THE THREAT? The threat group ‘Nobelium’ has...
Ransomware causes critical damage for businesses around the world
With a rash of ransomware attacks on high-profile American companies in recent weeks, the government is urging businesses to fortify their defenses across all verticals. Ransomware has recently gone beyond holding a single business’s data hostage and is now creating mayhem...
Cybersecurity Threat Advisory: Critical Zero-Day in HPE SIM Patched
Threat Update An extremely critical zero-day vulnerability has been found in Hewlett Packard Enterprise’s Systems Insight Manager for Windows. This exploit allows attackers to remotely execute code without being authenticated to the software. SKOUT recommends that companies apply the latest...
Cybersecurity Threat Advisory: Critical Zero-Day in WordPress Fancy Product Designer Plugin
Threat Update On May 31, 2021, a critical file upload vulnerability in Fancy Product Designer—a WordPress plugin installed on over 17,000 websites—was discovered to be under active exploitation by threat actors. Technical Detail & Additional Information WHAT IS THE THREAT?...
Ask an MSP Expert: Bridging the BYOD security gap
Q: BYOD has become a requirement for many of my customers. With the growth of cyberattacks, we need to implement an official BYOD policy that is flexible yet protects our customers. We are finding this to be a hard balance...
Cybersecurity Threat Advisory: VMWare vCenter Critical RCE Vulnerability
Threat Update VMware is a virtualization and cloud computing vendor which is used worldwide by many different companies. Recently, VMware announced that they were informed of two vulnerabilities which affect certain versions of its vCenter service. Successful exploitation of these...
Cybersecurity Threat Advisory: Increase in Activity from Sophisticated Threat Actors
Threat Update A large increase of activity has been seen from malicious threat actors. Many different vectors have been combined to facilitate targeted and widespread attacks. Considering the technical difficulty of these methods, these attackers are highly sophisticated, and organizations...
