Category: Security
Cybersecurity Threat Advisory: Pulse Secure VPN Server Data Leak
Advisory Overview Over 900+ Pulse VPN servers were breached and had their data leaked online. The data includes plaintext username, passwords, IP addresses, user session cookies, administrator details and private encryption keys. Technical detail and additional information What is the...
Another cybersecurity view from Africa
A couple of weeks ago, I wrote about how South Africa’s MSPs and IT specialists are battling the pandemic and WFH trends. After the article ran, I had the opportunity to speak further on this topic with Dr. Uche Mbanaso,...
Cybersecurity Threat Advisory: iDRAC Local File Inclusion Vulnerability
Advisory Overview Dell EMC iDRAC has been updated to address a path traversal vulnerability in iDRAC versions prior to 4.20.20.20. The vulnerability that was discovered in the Integrated Dell Remote Access Controller (iDRAC) could allow cyber criminals to obtain control...
MSPs must watch out for TrickBot
The history of malware is littered with viruses that were created solely to obtain banking information. One of the best known in recent years has been TrickBot, and lately, it has re-emerged with increased intensity. Since at least 2016, TrickBot...
Tech Time Warp: Zotob worm wreaks havoc on the news
One way to make headlines is to go after the journalists themselves. On August 16, 2005, computers at CNN, ABC, The New York Times and The Associated Press were infected by the Zotob worm, along with machines at Caterpillar, and...
Pandemic cybersecurity in South Africa
The coronavirus has brought economic devastation to all parts of the world. As a journalist based in the United States, I understandably tend to focus on the United States. But it’s easy to become so focused on one’s home country that...
Cybersecurity Threat Advisory: Windows DNS Server RCE (CVE-2020-1350)
Advisory Overview A Remote Code Execution (RCE) vulnerability exists affecting Windows Domain Name System (DNS) Servers when they improperly handle requests. Successful exploitation of this vulnerability could allow attackers to execute code with SYSTEM level privileges. SKOUT recommends all organizations...
Seamless cybersecurity and two emerging threats
For most MSPs, the pandemic of 2020 has been a rush of implementing new policies and procedures while at the same time trying to keep customer cybersecurity fortifications intact. Wisconsin-based SWICKTech is an example of an organization that acted early to...
Lateral movement cyberattacks remain relevant
As the pandemic rages around the world and workers continue to hunker down remotely, it seems as everything has changed. Yet, in some ways, the old adage – the more things change, the more they stay the same – still...
In defense of MSP cybersecurity, as number of alerts rise
It seems like about once a month now some government agency somewhere discovers there might be a potential issue with the cybersecurity of a managed service provider (MSP). The latest warning comes from the U.S. Secret Service, which sent out...
