Category: Security
Expert advice to proactively mitigate insider threats for MSPs
Managed services providers (MSPs) must constantly defend their clients from hackers, cybercriminals, malware, and state-sponsored cyber warfare. However, sometimes the threat is much closer to home – perhaps right in the office. Welcome to the era of insider threats, an...
Cybersecurity Threat Advisory: New critical GitLab SAML vulnerability
A new critical GitLab vulnerability within RUBY-SAML and OmniAuth-SAML libraries to bypass SAML authentication was disclosed. If you are using GitLab, read this Cybersecurity Threat Advisory to learn how to mitigate your risk. What is the threat? This vulnerability allows...
Cybersecurity Threat Advisory: Apache Avro SDK vulnerability
A critical security flaw in the Apache Avro Java Software Development Kit (SDK), tracked as CVE-2024-47561, poses a significant threat to systems using this data serialization framework. A successful exploitation allows an attacker to execute arbitrary code on vulnerable instances....
Take action! 30 Essential tips to boost your cybersecurity
October, declared as Cybersecurity Awareness Month, is the perfect time to revisit and reinforce your cybersecurity strategies, ensuring both you and your customers stay safe from the latest digital threats. Since 2004, the National Cybersecurity Division of the Department of...
Cybersecurity Threat Advisory: Exploited cryptojacking campaign impacting Docker
A new cryptojacking campaign exploiting the Docker Engine API has been discovered. The large-scale hacking campaign is targeting Docker Swarm, Kubernetes, and Secure Socket Shell (SSH) servers. Continue reading this Cybersecurity Threat Advisory to learn how to mitigate your risk...
Social engineering attacks: What MSPs need to know
As we kick off Cybersecurity Awareness Month, we are highlighting one danger that managed service providers (MSPs) must constantly monitor: social engineering. According to Verizon’s 2024 Data Breach Investigations Report: Social engineering incidents have increased from the previous year largely...
Cybersecurity Threat Advisory: Critical RCE vulnerability in ZCS
There is a critical remote code execution (RCE) vulnerability in Zimbra Collaboration Suite (ZCS) version 9.0, tracked as CVE-2024-45519. The vulnerability allows unauthenticated attackers to remotely execute arbitrary commands by exploiting weaknesses in Zimbra’s SMTP PostJournal service. Review the details...
October is Cybersecurity Awareness Month
October 1 marks the start of the annual Cybersecurity Awareness Month (CAM), which is a collaborative effort to raise awareness of cybersecurity and safe online practices. Each October, governments, public sector agencies, and private sector partners organize events and media campaigns...
MSP at the forefront against credential stuffing
Credential stuffing has been around for a while, and it is exactly what it sounds like: an attack in which hackers use a cache of compromised usernames and passwords to break into a system. However, hackers have recently found new...
AI drives profit and revenue for MSPs and consultants
Recent studies by Canalys and Channel Futures project managed service provider (MSP) revenue to grow 11% or more in 2024. The Channel Futures study reveals that 62% of MSPs increased their artificial intelligence (AI) deployments and consultations in the fourth quarter...
