Category: Security
Cybersecurity Threat Advisory: Sophos Firewall Zero-Day (CVE-2020-12271)
Advisory Overview Unpatched versions of Sophos XG Firewalls are potentially vulnerable to SQL Injection attacks. Sophos pushed out an automatic update, but some devices may need to be manually patched or rebooted for the changes to take effect. Specific guidance...
COVID-19 continues to impact the MSP community
Up until mid-March, 2020 was shaping up to be a banner year for MSPs: a robust economy, new opportunity, and the typical menu of cyberthreats. What a difference a month or two makes! Now, much of an MSP’s fortune depends...
Cybersecurity Threat Advisory: Hackers Still Exploiting COVID-19
Advisory Overview Hacking groups are still exploiting the COVID-19 pandemic as an opportunity to perform cyber-attacks. The United States’ CISA and the United Kingdom’s NCSC teamed up to issue a joint alert to the top threats. Recommendations are focused on...
Cybersecurity Threat Advisory: RagnarLocker Ransomware Hits EDP Energy Giant
Advisory Overview Energy giant EDP was recently hit with RagnarLocker ransomware. The hacking group claiming responsibility is threatening to leak 10 TB of stolen data online, including personal information such as a password manager database if a ransom of almost...
Cybersecurity: MSPs, healthcare clients, and COVID-19
The American Medical Association (AMA) reports that during the current COVID-19 pandemic, many physicians are working from home, using their personal computers and mobile devices to help care for patients. Medical work from home (MWFH) can lead to all sorts...
Cybersecurity Threat Advisory: Maze Ransomware Hits Cognizant
Advisory Overview Cognizant was recently hit by the Maze ransomware. Maze is known for publicly shaming companies by leaking their data online until they pay a ransom, limiting the efficacy of backups in mitigating damage. The exact attack vector is...
Tax scam season arrives
While your clients are busy preparing for the impact of coronavirus shutdowns on their businesses, MSPs must stay vigilant when it comes to the annual influx of tax scams. In the past, these scams centered around W-2 form theft. Because...
Tech Time Warp: The 411 on the 414s
Some hackers break into networks in search of confidential information, often with the idea of selling it on the dark web. Others want to disrupt a competitor’s operations. But for some, the hacking itself is the primary goal: Can it...
Cybersecurity Threat Advisory: Hackers Targeting Microsoft SQL Servers
Advisory Overview A new brute force hacking campaign called “Vollgar” targets Microsoft SQL Servers with weak passwords. The campaigns installs a malicious payload to steal information, remote control, and hide its own activity. SKOUT has provided a link to a...
MSPs can help combat “Zoombombing”
The coronavirus crisis has brought with it a host of new cybersecurity worries from increased phishing attempts to work-at-home vulnerabilities. Add to that the employment uncertainty both at the MSP and client level, and there’s a lot to deal with...
