Category: Security
Cybersecurity Threat Advisory: Critical zero-day vulnerability in Apache OFBiz
CVE-2024-38856 is a new Apache OFBiz ERP system critical zero-day vulnerability. If you are using this system, please continue reading this Cybersecurity Threat Advisory to learn which steps you should take to mitigate your risk. What is the threat? Researchers...
Predictions for the future of AI in cybersecurity
Threat actors are improving their attacks by leveraging artificial intelligence (AI) in every way. AI makes every attack from deepfakes to credential stuffing cheaper, better, and faster. The good news is that the security industry also has access to AI capabilities, and AI-enhanced...
Cybersecurity Threat Advisory: VMware ESXi flaw exploited by ransomware group
A VMware ESXi vulnerability, known as CVE-2024-37085, has been discovered and it is actively exploited by several ransomware groups. Review this Cybersecurity Threat Advisory to learn how to limit the impact of this flaw. What is the threat? CVE-2024-37085 is an...
Threat Spotlight: How company size affects the email threats targeting your business
It takes less than a minute for someone to fall for a phishing scam. According to the 2024 Data Breach Investigations Report, the median time for a recipient to click on a malicious link after opening the email is 21 seconds, followed by...
10 Essential steps to transition from VPN to Zero Trust Access
In today’s evolving digital landscape, remote work has become the norm, and cyber threats are growing more sophisticated. Traditional VPN solutions are struggling to keep pace with these changes, prompting IT leaders to consider adopting a more robust and adaptive...
Does your MSP portfolio need a new security vendor?
Changing technology vendors can be a daunting and stressful proposition for a managed service provider. Not only do you risk internal operational disruption and performance issues during and after the transition, but you also need to make the switch without...
MSPs must prioritize mobile device security
Last week, we had an overview of the increasing concerns and security challenges surrounding mobile devices. This week, we continue the conversation about mobile devices with Eric O’Neill. Eric is a former FBI counterterrorism and counterintelligence operative, cybersecurity keynote speaker,...
Cybersecurity Threat Advisory: Fake CrowdStrike updates observed in the wild
Threat actors are exploiting the recent disruption from CrowdStrike’s software update to target companies with a fake update that injects malware, including data wipers and remote access tools. Phishing emails are being used to distribute these malicious programs under the...
Cybersecurity Threat Advisory: Play Ransomware expands
A new Linux variant of the infamous Play Ransomware, also known as Balloonfly and PlayCrypt, was recently discovered. This variant targets VMware ESXi environments, indicating a strategic shift by the threat actors involved. Review this Cybersecurity Threat Advisory for recommendations...
The three conversations every CISO needs to have
A CISO needs to be many things. One of the most important, and possibly underestimated, is the need to be a good storyteller. It can be hard for non-technical senior managers to understand the cyber risks facing their organization. Just...
