Category: Security
Threat Spotlight: Evolving ‘we know where you live’ tactics personalize sextortion scams
Sextortion scams are a type of extortion where criminals attempt to extort money from victims by threatening to release explicit images or videos unless demands are met. Leveraging usernames and passwords stolen in data breaches, criminals contact victims and claim...
Cybersecurity Threat Advisory: Okta username flaw
Researchers have discovered a critical vulnerability in Okta which allows an user to authenticate to an account with a username longer than 52 characters without multi-factor authentication (MFA) enabled. Read this Cybersecurity Threat Advisory to learn how this may impact...
Cybersecurity Threat Advisory: CRON#TRAP phishing campaign
A new phishing campaign, identified as CRON#TRAP, are targeting Windows systems with a preloaded Linux virtual machine (VM) to evade detection to conduct malicious acts. Continue reading this Cybersecurity Threat Advisory to learn how to protect against this phishing campaign....
Cybersecurity Threat Advisory: Zero-click flaw in Synology NAS devices
Synology, network-attached storage (NAS) maker, addressed critical security vulnerability, CVE-2024-10443, which impacts their DiskStation and BeePhotos applications. This is an unauthenticated vulnerability that can allow attackers to obtain root-level code execution on Synology NAS devices. Review the details in this...
Cybersecurity Threat Advisory: Vulnerabilities found in Microsoft Azure AI
Significant vulnerabilities in Microsoft’s Azure AI Content Safety services have been discovered. These vulnerabilities enable attackers to bypass safeguards and deploy harmful AI-generated content. Continue reading this Cybersecurity Threat Advisory to learn the implications of these flaws and which security...
Beyond phishing: How cybercriminals target SMBs vs. enterprises
Security-focused managed service providers (MSPs) know that small to midsize businesses (SMBs) often take a more cavalier approach to cybersecurity than larger organizations. They often believe that because they are small and less well-known, they’re less likely to draw the...
Beyond patches and firewalls: Advanced strategies for cyberthreat defense
Threat mitigation is to managed service providers (MSPs) what preventative medicine is to doctors. In other words, threat mitigation is the first line – and often least expensive – defense against cybercriminals. Of course, some of the basic steps include...
Cybersecurity Threat Advisory: New Microsoft Windows vulnerabilities
Two new Microsoft vulnerabilities, CVE-2024-21302 and CVE-2024-38202, are impacting Windows systems. Read this Cybersecurity Threat Advisory to learn more about how these vulnerabilities can be leveraged to exploit Microsoft Windows and how to protect your systems. What is the threat?...