Category: Security
Cybersecurity Threat Advisory: Major Vishing Campaign
Advisory Overview The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have recently issued a warning about the growing threat of “vishing” attacks against companies. Vishing (voice phishing) is a social engineering method that uses...
Cybersecurity Threat Advisory: FritzFrog P2P Botnet
Advisory Overview Researchers at Guardicore have identified a peer-to-peer (P2P) botnet, dubbed FritzFrog, brute-forcing SSH servers since January. Once breached, a worm is executed to run malicious payloads which can further expand the botnet by compromising additional devices as well...
MSPs must track HTML smuggling
While hackers are always experimenting and innovating to catch up with the latest cybersecurity advances, they are also not afraid to stick with the tried and true. Why? Because it works. Why spend a lot of time and money trying to...
Cybersecurity Threat Advisory: Team Viewer Vulnerability
Advisory Overview A vulnerability has been discovered in remote desktop connection application “TeamViewer” that can allow an attacker to steal the login information (username and hashed password) of a user. This can allow the attacker to crack the stolen password...
Municipal contracts and the cybersecurity data to land them
A recent note came to me from a Smarter MSP reader about municipal contracts, and what types of cybersecurity data should be used when trying to land municipal contracts. Assuming they are not the only one with questions on this...
Widespread cloud configuration issues create opportunity for MSPs
The crux of the problem with cloud security has very little to do with the platforms on which applications are deployed. The real issue is the amount of cybersecurity expertise the people deploying cloud applications don’t have. Most cloud applications...
Cybersecurity Threat Advisory: Two Microsoft Zero-Day Vulnerabilities
Advisory Overview Microsoft has addressed two zero-day vulnerabilities in this week’s rollout of security patches. One of the zero-day vulnerabilities could allow an attacker to bypass security features intended to prevent improperly signed files from being loaded; the other zero-day...
Cybersecurity Threat Advisory: Pulse Secure VPN Server Data Leak
Advisory Overview Over 900+ Pulse VPN servers were breached and had their data leaked online. The data includes plaintext username, passwords, IP addresses, user session cookies, administrator details and private encryption keys. Technical detail and additional information What is the...
Another cybersecurity view from Africa
A couple of weeks ago, I wrote about how South Africa’s MSPs and IT specialists are battling the pandemic and WFH trends. After the article ran, I had the opportunity to speak further on this topic with Dr. Uche Mbanaso,...
Cybersecurity Threat Advisory: iDRAC Local File Inclusion Vulnerability
Advisory Overview Dell EMC iDRAC has been updated to address a path traversal vulnerability in iDRAC versions prior to 4.20.20.20. The vulnerability that was discovered in the Integrated Dell Remote Access Controller (iDRAC) could allow cyber criminals to obtain control...
