Category: Security
Spear-phishing report: Social engineering and growing complexity of attacks
As cybercriminals step up social engineering attacks against employees at small businesses, organizations of all sizes need to be prepared for spear-phishing attacks. Between January 2021 and December 2021, Barracuda researchers analyzed millions of spear-phishing and social engineering attacks impacting mailboxes at thousands of organizations. They share...
Cybersecurity Threat Advisory: “TLStorm” vulnerability found in APC Smart-UPS devices
The security firm Armis has located three vulnerabilities in Schneider Electric’s APC Smart-UPS devices. These flaws are being tracked under the name “TLStorm.” This vulnerability can enable remote attackers to control the power of millions of enterprise devices to conduct...
Cybersecurity Threat Advisory: Dirty pipe Linux vulnerability provides privilege escalation
Security researchers have discovered and released information on new vulnerabilities and kernel level exploits to the public. The vulnerabilities: CVE-2022-049 and CVE-2022-0847 are some of the highest severity exploits and affect out-of-date Linux distros. Due to the similarities with the...
Cybersecurity Threat Advisory: RCE in Okta Advanced Server Access Client
Threat Update The Okta Advanced Server Access Windows client is vulnerable to an unauthenticated remote code execution vulnerability. Thousands of companies rely on Okta to provide zero-trust identity and access management for cloud and on-premises infrastructure. This vulnerability can be...
MSPs should emphasize securing Guest User Accounts within SaaS apps
Guest User Accounts that SaaS application providers make available to organizations, are becoming a major security issue that managed service providers (MSPs) are arguably in the best position to resolve. A report published this week by SaaS Alerts, a provider...
Beware the toads
It is nearly Spring, and as the weather turns warm, one must watch out for TOADS. No, not the kind that catches flies and hops into ponds. These TOADS are more sophisticated, standing for Telephone Oriented Attack Delivery (TOAD). There...
Ask an MSP Expert: How can we streamline our patch management process?
Q: With the increase of cyber attacks and the growing remote workers, what are some best patch management practices to better protect my customers? Patch management serves as a key defense against cyber threats and is also required to ensure...
The importance of DLP and DRM to an MSP
As organisations struggle to come to terms with a hybrid workplace where people are working on a spectrum from full-time in the office to full-time at home, there is one area that should be top of mind for them –...
Cybersecurity Threat Advisory: Cisco Nexus Series Switches Command Injection Vulnerability
Threat Update Cisco has released several patches to resolve vulnerabilities in their Cisco Nexus Series Switches. These vulnerabilities include critical flaws related to command injection, as well as three Denial of Service bugs in the NX-OS. These vulnerabilities are tracked...
How MSPs can defend against escalating cyber warfare
The mounting pressure of ongoing political conflicts has made its way into cyberspace, impacting organizations around the world. With new phishing campaigns targeting aid donations to victims and new malware and denial-of-service (DDoS) attacks against government departments, it’s important to...
