Category: Security
Seamless cybersecurity and two emerging threats
For most MSPs, the pandemic of 2020 has been a rush of implementing new policies and procedures while at the same time trying to keep customer cybersecurity fortifications intact. Wisconsin-based SWICKTech is an example of an organization that acted early to...
Lateral movement cyberattacks remain relevant
As the pandemic rages around the world and workers continue to hunker down remotely, it seems as everything has changed. Yet, in some ways, the old adage – the more things change, the more they stay the same – still...
In defense of MSP cybersecurity, as number of alerts rise
It seems like about once a month now some government agency somewhere discovers there might be a potential issue with the cybersecurity of a managed service provider (MSP). The latest warning comes from the U.S. Secret Service, which sent out...
Cybersecurity Threat Advisory: Cisco Small Business Switches RCE (CVE-2020-3297)
Advisory Overview Cisco Systems is warning its customers about a Remote Code Execution (RCE) vulnerability in its line of small business switches. Please be aware that end of life (EOL) products will not be patched (see table below). SKOUT advises...
Cybersecurity Threat Advisory: Citrix Vulnerabilities Affecting ADC, Gateway, and SD-WAN
Advisory Overview Citrix has issued a security patch for multiple gateway devices that were found to have security flaws. These security issues are reportedly unrelated to the previously released CVE-2019-19781. SKOUT advises updating any affected devices to the latest version....
Cybersecurity Threat Advisory: Spear-Phishing Campaign Spreading Hakbit Ransomware
Advisory Overview A spear-phishing campaign targeting various industries is utilizing malicious Microsoft Excel attachments to infect users with the “GuLoader” backdoor trojan. The threat actors then proceed to use GuLoader to download “Hakbit” ransomware onto the infected device. Recommendations to...
Summer cybersecurity dangers
In simpler times, some businesses would literally hang a sign on their door each summer saying “Gone Fishin’” and close for two weeks. In today’s world, hackers might as well hang a sign on their door in summer that says...
Cybersecurity Threat Advisory: F5 Critical Vulnerability Exploited in Wild (CVE-2020-5902)
Advisory Overview A Remote Code Execution (RCE) vulnerability exists in the BIG-IP application delivery controller (ADC) software’s Traffic Management User Interface (TMUI). The vulnerability could allow an attacker to execute remote commands or arbitrary code without the need for authentication,...
Cybersecurity Threat Advisory: Ripple20 Vulnerabilities
Advisory Overview A series of nineteen vulnerabilities dubbed “Ripple20” have been identified in a large number of devices spanning multiple vendors and industries involving a widely used low-level TCP/IP software library developed by Treck, Inc. Exploited devices risk remote code...
Don’t ignore the basics: Pandemic patching and other musts for MSPs
Business models have been put into a blender and pulsed and pureed since the arrival of COVID-19 earlier this year. The resulting workplace environment has been unrecognizable in many cases with workforces hunkered down at home, businesses shuttered, and security teams...
