Category: Security
Survey suggests opportunities for managed network services
A global survey of over 500 professionals in the areas of networking, operations, cloud, and architecture finds nearly two-thirds (65 percent) relies on third parties to deliver managed network services. A full 84 percent regularly learn about network issues from...
Key strategies for MSPs to improve IoT security
As the number of connected devices continues to rise— with the International Data Corporation (IDC) forecasting over 55 billion by 2025—managed service providers (MSPs) are facing increasing challenges to deliver security at scale. In October, SmarterMSP.com posted an article about...
Cybersecurity Threat Advisory: Ivanti CSA authentication bypass vulnerability
Ivanti has issued a warning about a critical authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution, tracked as CVE-2024-11639. The vulnerability allows remote attackers to gain administrative privileges without authentication or user interaction, enabling them to bypass security...
AWS updates creating new opportunities for partners
Amazon Web Services (AWS) now offers four additional security certifications to help solution providers drive the adoption of additional solutions in collaboration with technology alliance partners such as Barracuda Networks. Part of its Competency programs for security certifications include artificial...
Cybersecurity Threat Advisory: Active exploitation of VSCode tunnels
An advanced persistent threat (APT) group, Stately Taurus, has been exploiting a vulnerability in Visual Studio Code (VSCode) tunnels to maintain persistent remote access in compromised systems. Review the details in this Cybersecurity Threat Advisory to secure your environment. What...
Cybersecurity Threat Advisory: Socks5Systemz botnet compromise
The Socks5Systemz botnet has been revealed as the backbone for the illicit proxy service PROXY.AM, compromising over 85,000 devices globally. This botnet enables cybercriminals to conduct anonymous operations, including fraud, data theft, and distributed denial-of-service (DDoS) attacks. Continue to read...
Cybersecurity Threat Advisory: Cleo file transfer critical vulnerability
A critical vulnerability, identified as CVE-2024-50623, has been discovered in Cleo’s file transfer software suite. This vulnerability allows attackers to exploit an unrestricted file upload and download flaw, potentially leading to remote code execution (RCE) on vulnerable systems. Continue reading...
Securing ad hoc networks: Essential strategies for MSPs
When Hurricane Helene tore a path of destruction from the Gulf Coast to the North Carolina mountains during the summer of 2024, cell phone towers were toppled, and internet service was knocked out. However, emergency responders were not left completely...
’Tis the season to avoid holiday email scams
Beware of common holiday email scams. As the holidays approach, businesses are busier than ever, and cybercriminals know it. Along with cheer, joy, and giving, the holidays also bring an unfortunate surge in cyber scams. As businesses tackle everything from...
Cybersecurity Threat Advisory: New VPN client vulnerabilities to watch out for
Vulnerabilities were discovered in SonicWall NetExtender, CVE-2024-29014, and Palo Alto GlobalConnect, CVE-2024-5921, which can lead to remote code execution (RCE). Continue reading this Cybersecurity Threat Advisory to limit your exposure to these vulnerabilities. What is the threat? The vulnerabilities exhibit...
