Category: Security
How MSPs can help clients build a human firewall
As cybercriminals step up their attacks, aided by AI and other technologies, it’s critical for managed service providers (MSPs) and their clients to reinforce cybersecurity awareness efforts among their employees to create a human firewall. According to the World Economic...
Cybersecurity Threat Advisory: Atlassian Confluence RCE vulnerability
A new high-severity remote code execution (RCE) vulnerability known as CVE-2024-21683 has been discovered in Atlassian’s Confluence Data Center and Server. This vulnerability permits an attacker with an account on the service to gain server control. Review this Cybersecurity Threat...
New report: BEC accounts for 1 in 10 email attacks
Email-based social engineering threats are thriving as attackers continue to adapt and evolve their tactics to increase their chances of success. The latest analysis of email detection data by Barracuda researchers reveals that while the landscape remains dominated by mass phishing and general scamming attacks, there’s...
Cybersecurity Threat Advisory: New Microsoft Outlook client vulnerability
A recent Microsoft Outlook client zero-click remote code execution (RCE) vulnerability, CVE-2024-30103, has a CVSS score of 8.8. Review this Cybersecurity Threat Advisory to limit the impact this vulnerability may have on your organization. What is the threat? CVE-2024-30103 allows...
Cybersecurity Threat Advisory: Critical PHP vulnerability enables remote code execution
A vulnerability known as CVE-2024-4577 is exploiting Apache’s handling of Unicode to ASCII conversion when using Hypertext Preprocessor (PHP) Common Gateway Interface (CGI) mode. This enables the execution of malicious code within the PHP executable. This presents a significant risk...
Cybersecurity Threat Advisory: New typosquatting attack targeting Google users
Google users have been targeted with a typosquatted attack when searching Advanced IP Scanner. When searching for this free network scanner for Windows, users are served with an exploited version of Advanced IP Scanner that injects a CobaltStrike Beacon into...
Cybersecurity Threat Advisory: Critical VBEM vulnerability
A Veeam Backup Enterprise Manager (VBEM) security vulnerability, CVE-2024-29849, can pose serious risks for organizations. Users are advised to update their VBEM to the latest version immediately. Read this Cybersecurity Threat Advisory to learn about which actions to take to...
Should America’s cyber defense agency’s priorities also be yours?
In February, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced its 2024 priorities for the Joint Cyber Defense Collaborative (JCDC). This group, composed of government and industry entities, was formed in 2021 and is tasked with gathering, analyzing, and sharing actionable...
Staying cyber safe with CISA this summer
As sure as fireflies and fireworks mean summer, so do Cybersecurity and Infrastructure Security Agency (CISA) warnings and alerts. With parents shuttling kids to day camps, pool parties, and Disney World, summer is a prime time for cybercriminals to make...
Cybersecurity Threat Advisory: RedTail exploits PAN-OS vulnerability
Palo Alto Networks has recently disclosed a critical zero-day vulnerability, CVE-2024-3400, within its PAN-OS operating system. The flaw, found in the GlobalProtect Gateway, is currently under active exploitation. Additionally, the threat actors behind RedTail cryptocurrency mining malware have added this...
