Category: Security
Cybersecurity Threat Advisory: SonicWall Releases Hotfix for RCE/DoS Vulnerability
Threat Update SonicWall has released a hotfix for a critical RCE / DoS vulnerability that affects a subset of their firewall devices. This vulnerability (tracked as CVE-2022-22274) in Sonic OS allows an unauthenticated remote attacker to perform denial of service...
Cybersecurity Threat Advisory: Threat Actors Could Target Sophos Firewall
Threat Update Sophos has disclosed a critical-level authentication bypass vulnerability (CVE-2022-1040) that impacts Sophos Firewall v18.5 and below. If this vulnerability is exploited, an attacker could get unfettered access to the firewall and execute remote code at will. Barracuda MSP’s...
Lost and hopefully not found (by a hacker)
The combination of people gradually returning to offices and corporate campuses and the proliferation of BYOD (bring your own device) during the pandemic is not only causing headaches for CISOs and MSPs, but it’s also resulting in cybersecurity problems. “We...
Tip Tuesday: 5 MSP marketing tips for World Backup Day
Most MSPs have run into customers or prospects that refuse to add a backup solution or upgrade from their current one to another that better meets their needs. They believe that their current set-up is satisfactory because the decision makers...
Preparing for a state-sponsored attack
As the conflict in Ukraine drags on, some experts fear that the chance of cybersecurity-related incidents will only increase in the USA. Managed Service Providers (MSPs) are well-positioned as the guardians at the gate for many companies and should play...
The important role MSPs play in keeping the data center safe
Data is currency to hackers. “For a hacker, there’s no difference between a stack of $50 bills and a bunch of unguarded PHI (personal health information) or credit card numbers,” says Phil Jefferson, an independent cybersecurity consultant in Fort Worth,...
Spear-phishing report: Social engineering and growing complexity of attacks
As cybercriminals step up social engineering attacks against employees at small businesses, organizations of all sizes need to be prepared for spear-phishing attacks. Between January 2021 and December 2021, Barracuda researchers analyzed millions of spear-phishing and social engineering attacks impacting mailboxes at thousands of organizations. They share...
Cybersecurity Threat Advisory: “TLStorm” vulnerability found in APC Smart-UPS devices
The security firm Armis has located three vulnerabilities in Schneider Electric’s APC Smart-UPS devices. These flaws are being tracked under the name “TLStorm.” This vulnerability can enable remote attackers to control the power of millions of enterprise devices to conduct...
Cybersecurity Threat Advisory: Dirty pipe Linux vulnerability provides privilege escalation
Security researchers have discovered and released information on new vulnerabilities and kernel level exploits to the public. The vulnerabilities: CVE-2022-049 and CVE-2022-0847 are some of the highest severity exploits and affect out-of-date Linux distros. Due to the similarities with the...
Cybersecurity Threat Advisory: RCE in Okta Advanced Server Access Client
Threat Update The Okta Advanced Server Access Windows client is vulnerable to an unauthenticated remote code execution vulnerability. Thousands of companies rely on Okta to provide zero-trust identity and access management for cloud and on-premises infrastructure. This vulnerability can be...