Category: Security
Ask an MSP Expert: What is the best way to expand my security service offering?
Q: We are finding it harder than ever to protect our customers with the security solutions we currently offer. Not only are they generating a lot of alerts, many of which turn out to be false positives once my team...
MSPs have a vested security interest in driving infrastructure upgrades
A survey of 1,406 individuals in the U.S., Europe, Middle East, Africa, and Latin America, who influence their organization’s information technology (IT) decision-making regarding investment in security technologies and infrastructure, finds nearly two-thirds (64 percent) are more likely to purchase...
Growing risk in the financial services sector creates opportunity for MSPs
MSPs specializing in, or who have clients operating in the financial services sector, should take special note of an annual report highlighting the current risks. With global turmoil, supply chain issues and the pandemic, the financial services sector is ripe...
Cybersecurity Threat Advisory: GitLab vulnerability could allow account takeover
GitLab released an advisory on Thursday, March 31st regarding a new critical vulnerability found in their product, currently being tracked as CVE-2022-1162. This vulnerability can lead to vulnerable account takeover when exploited. GitLab has released a security patch, and Barracuda...
The past is peril for businesses using legacy equipment
When it comes to technology, IT organizations are focused on the newest, fastest, and safest. But, for the rest of us, it is often a different story. According to a recent eFax study, there are 43 million fax machines still...
Let’s play acronym salad: Why MFA and SSO should be in your WFH BYOO offering
Previously, I wrote a piece on the role that bring your own office (BYOO) plays as the ‘new normal’ post-COVID environment of decentralised working becomes more widespread. BYOO and working from home (WFH) means that an organisation has far less...
Cybersecurity Threat Advisory: Vulnerability in Spring Cloud Can Trigger Attacks
Threat Update A newly discovered critical vulnerability in Spring Cloud function (tracked as CVE-2022-22963), a Spring module used for streamlining data processing. This vulnerability can allow an unauthenticated remote attacker to send a specially crafted HTTP header to Spring Cloud...
Cybersecurity Threat Advisory: Spring Framework Zero-Day Vulnerability Can Cause RCE Attacks
Threat Update Security professionals have identified a new zero-day vulnerability in the Spring Framework, an application development framework for Java. This vulnerability (tracked as CVE-2022-22965) can allow attackers to execute unauthenticated remote code. Spring has released Spring Framework versions 5.3.18...
Cybersecurity Threat Advisory: SonicWall Releases Hotfix for RCE/DoS Vulnerability
Threat Update SonicWall has released a hotfix for a critical RCE / DoS vulnerability that affects a subset of their firewall devices. This vulnerability (tracked as CVE-2022-22274) in Sonic OS allows an unauthenticated remote attacker to perform denial of service...
Cybersecurity Threat Advisory: Threat Actors Could Target Sophos Firewall
Threat Update Sophos has disclosed a critical-level authentication bypass vulnerability (CVE-2022-1040) that impacts Sophos Firewall v18.5 and below. If this vulnerability is exploited, an attacker could get unfettered access to the firewall and execute remote code at will. Barracuda MSP’s...
