Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: NortonLifeLock compromised
Recently, thousands of NortonLifeLock customers had their accounts compromised, potentially allowing malicious actors to access user password managers. Gen Digital, Norton LifeLock’s parent company, has sent notices to over 6,000 customers whose accounts were compromised.
Cybersecurity Threat Advisory: LastPass’ security incident update
LastPass provided an update to their August incident where an unauthorized access occurred in their cloud storages. The incident involved storages that contain production data and certain metadata of LastPass subscribers. LastPass recommends businesses to review and update their passwords,...
Cybersecurity Threat Advisory: Linux Kernel Vulnerability
The Zero Day Initiative (ZDI) has disclosed a new Linux Kernel Vulnerability that could lead to code execution in the context of the kernel. The security flaw is a bug in the new Linux 5.15 SMB3 server, ksmbd. The ZDI...
Cybersecurity Threat Advisory: Best practices for the holiday season
Barracuda MSP would like to wish everyone a happy holiday season! As organizations around the world are getting ready for some well-deserved time off, hackers are ramping up their infiltration efforts. Threat intel data indicates we will experience a sizable...
Cybersecurity Threat Advisory: Apple zero-day vulnerability
This week, Apple has released security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. This vulnerability could potentially allow threat actors to bypass...
Cybersecurity Threat Advisory: Citrix Zero-Day Vulnerability
Today, Citrix has released a critical security update to address a zero-day vulnerability. Upon a successful exploitation, an unauthenticated remote attacker could perform code execution leading to system takeover. Both Citrix and the NSA stated they are aware of targeted...
Cybersecurity Threat Advisory: New FortiOS patches available
Today, Fortinet disclosed information regarding a vulnerability that allows a remote attacker to execute code without authentication. The vulnerability, tracked as CVE-2022-42475, has a severity score of 9.3. Fortinet mentioned that they are aware of an instance where it has...
Cybersecurity Threat Advisory: New VMware patches available
This week, VMware released three security patches for a critical authorization bypass vulnerability in the Workspace ONE Assist solution. The vulnerability could potentially allow remote attackers to bypass authentication and elevate their privileges within the system. The vulnerabilities are tracked as...
Cybersecurity Threat Advisory: ConnectWise critical security release
A critical vulnerability was discovered within the ConnectWise Recover and R1Soft Server Backup Manager. The vulnerability is described by ConnectWise as “improper neutralization of special elements in output used by a downstream component”. Successful exploitation of the vulnerability would allow...
Cybersecurity Threat Advisory: Fortinet vulnerability CVE-2022-40684
Fortinet has identified a critical vulnerability tracked as CVE-2022-40684. Upon a successful exploitation, a threat actor can remotely log into devices with FortiGate firewalls or FortiProxy web proxies using an authentication bypass on the administrative interface. Barracuda MSP recommends customers...