Category: Security
Content creation platforms leveraged for phishing attacks
Cybersecurity is an ever-evolving field, and as new solutions are introduced to better detect and defend against cyberthreats, attackers in turn need to adapt their tactics to try and evade those solutions. For example, Barracuda threat analysts have recently identified...
How CISOs can leverage generative AI to improve email, application security
In an era where digital threats evolve at an unprecedented pace, the integration of generative AI into cybersecurity operations has become essential. From content creation to behavior prediction and knowledge articulation, generative AI is reshaping the landscape of security practices, offering immense...
Cybersecurity Threat Advisory: Veeam Backup security flaws
There were recently six vulnerabilities discovered in Veeam Backup and Replication. One of them is an unauthenticated remote code execution (RCE), while the other five include authenticated RCE, arbitrary file deletion, low-privileged multi-factor authentication (MFA) setting modification and MFA bypass,...
Summer Roundup: Cyber risks for MSPs to monitor
As summer begins its swan song and thoughts begin to turn toward autumn, the Cybersecurity and Infrastructure Security Agency (CISA) has a fresh batch of advisories. Released in August, these advisories highlight the various cyber risks lurking out there, many...
Cybersecurity Threat Advisory: Cicada3301 ransomware variant
A new ransomware variant has been found, known as Cicada3301. It exhibits similarities to the defunct BlackCat (ALPHV) operation, and it targets both Windows and Linux systems. Review the details in this Cybersecurity Threat Advisory to learn how this variant...
Cybersecurity Threat Advisory: Chrome zero-day vulnerability
A critical zero-day vulnerability in Chrome has been identified, allowing unauthorized access and potential remote code execution on affected systems. Continue reading this Cybersecurity Threat Advisory for more information and to safeguard your systems now. What is the threat? The...
Three new reports from ITRC: H1 breaches, 2023 trends, and a new toll scam
As longtime readers of this space already know, I’m a big fan of the Identity Theft Resource Center (ITRC). Their regular breach reports provide lots of highly detailed statistics, their trend reporting is invaluable to help project the future of...
Cybersecurity Threat Advisory: VMware ESXi vulnerability exploited by BlackByte ransomware
BlackByte ransomware group is actively exploiting CVE-2024-37085, a recently patched authentication bypass vulnerability in VMware ESXi hypervisors. The exploitation of this flaw has led to the deployment of ransomware across victim networks. BlackByte ransomware group has marked it as a...
The cyber-physical attack threat is growing
In most cases, a breach involves hackers stealing data they can then resell on the dark web. As a result, distributed denial-of-service (DDoS) attacks and other attacks used to steal data are part of a hacker’s repertoire that managed service...
Cybersecurity Threat Advisory: Critical SonicOS vulnerability
A critical vulnerability has been identified in the SonicWall SonicOS management access. Continue reading this Cybersecurity Threat Advisory to learn about this vulnerability and recommendations to secure your environment. What is the threat? CVE-2024-40766, a critical vulnerability in the management...
