Category: Security
Cybersecurity Threat Advisory: Google OAuth vulnerability
In this Cybersecurity Threat Advisory, we’re looking at a critical Google OAuth vulnerability that allows ex-employees to maintain access to applications such as Slack and Zoom. After off boarding, attackers can achieve access by creating non-Gmail accounts using corporate email...
A look back at the top cybersecurity trends of 2023
December is the time when we pause and reflect on the past year. Keeping with the mantra that the past is a prologue, looking at what occurred may help us understand and prepare for what is coming. This week, we’re...
AI is on track to transform managed services in 2024
Artificial intelligence is all the rage these days, but many managed service providers (MSPs) have been making use of it in some capacity for years. The main difference is with the rise of generative AI. It’s now becoming possible to...
Cybersecurity Threat Advisory: SQL injection vulnerability with 3CX
3CX advised customers that the SQL database integration has been disabled due to CVE-2023-49954. Businesses that use MongoDB or any of their web-based customer relationship management (CRM) integration templates are not affected. Read this Cybersecurity Threat Advisory to gain details...
HHS offers additional guidance to MSPs
An increasing number of MSPs are finding profitability in specialization. Some niche MSPs specialize in manufacturing clients, others with accounting firms, and others find plenty of work in education and healthcare. Of course, plenty of MSPs still carry a variety...
Cybersecurity Threat Advisory: End-of-Life firewalls actively exploited
Sophos recently addressed a critical vulnerability CVE-2022-3236 involving end-of-life (EOL) firewalls that had been actively exploited. The vulnerability prompted Sophos to release patches for unsupported firewalls after reports of successful attacks on these systems surfaced. Read this Cybersecurity Threat Advisory...
Cybersecurity Threat Advisory: New malware campaign from Log4j security flaw
The hacker group, known as Lazarus, is linked to a global campaign. It involves an old security flaw found in Log4j to deploy previously unknown remote access trojans (RATs) on compromised hosts. To learn more and limit the impact of...