Category: Security
Cybersecurity Threat Advisory: F5 Critical Vulnerability Exploited in Wild (CVE-2020-5902)
Advisory Overview A Remote Code Execution (RCE) vulnerability exists in the BIG-IP application delivery controller (ADC) software’s Traffic Management User Interface (TMUI). The vulnerability could allow an attacker to execute remote commands or arbitrary code without the need for authentication,...
Cybersecurity Threat Advisory: Ripple20 Vulnerabilities
Advisory Overview A series of nineteen vulnerabilities dubbed “Ripple20” have been identified in a large number of devices spanning multiple vendors and industries involving a widely used low-level TCP/IP software library developed by Treck, Inc. Exploited devices risk remote code...
Don’t ignore the basics: Pandemic patching and other musts for MSPs
Business models have been put into a blender and pulsed and pureed since the arrival of COVID-19 earlier this year. The resulting workplace environment has been unrecognizable in many cases with workforces hunkered down at home, businesses shuttered, and security teams...
Cybersecurity Threat Advisory: Palo Alto Networks Vulnerability
Advisory Overview Palo Alto Networks disclosed a critical vulnerability all next-generation firewalls running certain versions of PAN-OS that could allow an attacker to bypass authentication. SKOUT recommends upgrading PAN-OS to a fixed version. Full recommendations and links are available below....
Cybersecurity Threat Advisory: Cisco WebEx Vulnerability (CVE-2020-3347)
Advisory Overview A vulnerability was recently reported in the Cisco WebEx Meetings Desktop App for Windows releases earlier than 40.4.12 and 40.6.0 that could allow an attacker to gain access to sensitive information such as usernames, authentication tokens, and meeting...
Q&A: The ‘Best Security Offering’ for MSPs in 2020
The evolving cyberthreat landscape has made security the top priority for businesses of all sizes. More than ever, it has become imperative for MSPs to incorporate managed security service offerings in their portfolio to continue to succeed and differentiate themselves...
Cybersecurity Threat Advisory: SolarWinds RMM Vulnerability
Advisory Overview SolarWinds RMM has identified a vulnerability in versions 10.8.8 and earlier that could allow an attacker to target all devices running the Advanced Monitoring Agent. The attack could allow an attacker to download malware, modify data, and delete...
How work from home is transforming cybersecurity
The pandemic crisis of 2020 will go down as one of the most significant upheavals to the workplace since the industrial revolution. What we don’t yet know is what the long-term impact will be. If a coronavirus vaccine is developed...
Cybersecurity Threat Advisory: VMware Cloud Director Flaws (CVE 2020-3956)
Advisory Overview VMware Cloud Director is potentially vulnerable to a remote code injection attack that would allow an attacker to view/modify databases and escalate privileges from organizational admin to system admin. SKOUT advises updating VMware Cloud Director to version 10.1.0...
Threat Spotlight: Form-based attacks
A new type of brand impersonation attack is disproportionately using Google-branded sites to trick victims into sharing login credentials. Making up 4 percent of all spear phishing attacks in the first four months of 2020, Barracuda researchers have seen steady detections through...
