Tag: Cybersecurity Threat Advisory

Cybersecurity Threat Advisory: New VMware patches available

Cybersecurity Threat Advisory: New VMware patches available

This week, VMware released three security patches for a critical authorization bypass vulnerability in the Workspace ONE Assist solution. The vulnerability could potentially allow remote attackers to bypass authentication and elevate their privileges within the system. The vulnerabilities are tracked as...

/ November 10, 2022
Cybersecurity Threat Advisory: ConnectWise critical security release

Cybersecurity Threat Advisory: ConnectWise critical security release

A critical vulnerability was discovered within the ConnectWise Recover and R1Soft Server Backup Manager. The vulnerability is described by ConnectWise as “improper neutralization of special elements in output used by a downstream component”. Successful exploitation of the vulnerability would allow...

/ October 31, 2022
Cybersecurity Threat Advisory: Fortinet vulnerability CVE-2022-40684

Cybersecurity Threat Advisory: Fortinet vulnerability CVE-2022-40684

Fortinet has identified a critical vulnerability tracked as CVE-2022-40684. Upon a successful exploitation, a threat actor can remotely log into devices with FortiGate firewalls or FortiProxy web proxies using an authentication bypass on the administrative interface. Barracuda MSP recommends customers...

/ October 7, 2022
Cybersecurity Threat Advisory: New Microsoft Exchange Server zero-day vulnerability

Cybersecurity Threat Advisory: New Microsoft Exchange Server zero-day vulnerability

Researchers from GTSC found a new zero-day vulnerability for Microsoft Exchange Server in the wild. Upon successful exploitation, threat actors can perform RCE (Remote Code Execution) via a backdoor onto the compromised system. GTSC has released a report outlining the...

/ September 30, 2022
Cybersecurity Threat Advisory: Zoho ManageEngine RCE bug

Cybersecurity Threat Advisory: Zoho ManageEngine RCE bug

A critical Zoho ManageEngine Remote Code Execution (RCE) flaw is being actively exploited according to The US Cybersecurity and Infrastructure Security Agency (CISA). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Password Manager Pro, PAM360 and...

/ September 30, 2022
Cybersecurity Threat Advisory: Sophos Firewall critical vulnerability

Cybersecurity Threat Advisory: Sophos Firewall critical vulnerability

Sophos has identified a remote code execution vulnerability tracked as CVE-2022-3236. This vulnerability affects the User Portal and Webadmin components of Sophos Firewalls. Upon a successful exploitation, a threat actor can gain root privileges and deploy a ransomware attack. Barracuda...

/ September 28, 2022
Cybersecurity Threat Advisory: Phishing attacks targeting GitHub accounts

Cybersecurity Threat Advisory: Phishing attacks targeting GitHub accounts

GitHub alerted the public that there is an ongoing phishing campaign that is targeting its users by impersonating CircleCI continuous integration and delivery platform. These phishing attacks are designed to steal the targeted user’s account credentials and authentication codes. A...

/ September 26, 2022
Cybersecurity Threat Advisory: Palo Alto PAN-OS vulnerability

Cybersecurity Threat Advisory: Palo Alto PAN-OS vulnerability

This week, Palo Alto released a patch for PAN-OS’ vulnerability (CVE-2022-0028). This vulnerability is actively being targeted by threat actors. Firewalls running PAN-OS could permit an attacker to perform a Denial-of-Service (DoS) attack. Barracuda MSP recommends updating affected Palo Alto...

/ August 17, 2022
Cybersecurity Threat Advisory: OpenSSL vulnerability

Cybersecurity Threat Advisory: OpenSSL vulnerability

Two vulnerabilities were discovered in OpenSSL version 3.0.4 that impacts RSA Private Keys and AES OCB Encryption operations. These vulnerabilities cause an incorrect RSA implementation for 2048-bit private keys that can lead to memory corruption while the device is in...

/ July 15, 2022
Cybersecurity Threat Advisory: Google zero-day vulnerability

Cybersecurity Threat Advisory: Google zero-day vulnerability

Google has released a new patch for Google Chrome to address critical vulnerabilities in V8, WebRTC, and Chrome OS Shell components. If exploited, the vulnerabilities will allow malicious actors to perform memory corruption and privilege escalation. Barracuda MSP recommends applying...

/ July 12, 2022