Category: Security

Rising tide of data privacy concerns bodes well for MSPs
Data protection is increasingly becoming a board level issue, as the average consumer becomes more cognizant of how the data that organizations collect is being used and abused. On an almost daily basis, a company or organization is being forced...

Bad actors are using AI in their cyber attacks
The alarms have been going off for some time about the growing role of AI in cyber attacks. In 2017, a survey of cybersecurity professionals found that 91 percent are concerned about AI-powered attacks against companies. More recently, an article in Fortune...

Making sense of sensors
From pacemakers, to industrial thermostats, to traffic regulation devices, sensors are becoming as ubiquitous as the human population itself. Experts predict that 1 trillion networked sensors will be transmitting data around the world by 2022, emitting information from the mundane to the meaningful....

Cybersecurity Threat Advisory: Apache Struts Framework Remote Code Execution Vulnerability
What is the Issue? Apache Struts web framework versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from a critical Remote Code Execution vulnerability that could be exploited by attackers to fully control the application. Apache Struts 2 is a...

Cybersecurity Threat Advisory: Trickbot Trojan Continues to Evolve
What is the Issue: A new Trickbot iteration features a sneaky method of performing process-hollowing using direct system calls, anti-analysis techniques and the disabling of security tools. Process-hollowing is a technique used by malware in which a legitimate process is...

Cybersecurity Threat Advisory: DoS Vulnerability in Cisco Web Security Appliance
What is the Issue? There exists a vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances. This happens because of the improper handling of memory resources by this software for TCP connections on any...

Cybersecurity Threat Advisory: Microsoft ADFS Multi-Factor Authentication Bypass
What is the Issue? A vulnerability was discovered in the way multi factor authentication requests are handled by Microsoft’s Active Directory Federation Services (ADFS). It appears that an attacker can compromise a user’s account by bypassing the multi-factor token request....

Cybersecurity Threat Advisory: Bitcoin Blackmail Ransom Emails
What is the Issue? Cyber criminals are sending Bitcoin ransom emails that are attempting to blackmail users into paying ransoms based on leaked password being exposed. These cyber criminals create false narratives that attempt to blackmail you by claiming they...

Cybersecurity Threat Advisory: Drupal, Symfony Component Vulnerability
What is the Issue? Drupal, a free and open source platform that provides an easy framework for creating websites, discovered a vulnerability in its library (called Symfony) that could give cyber attackers access to caches and servers. The vulnerability could...

Four MSP opportunities to keep an eye on in 2019
Four months of 2019 are in the rear-view mirror, and after talking to MSP owners and security experts on a daily basis, there are some trends are emerging that I thought I’d share. AI is one area that seems to...