Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical vulnerability in Palo Alto PAN-OS
Palo Alto Networks has disclosed a critical vulnerability, CVE-2024-3400, impacting its PAN-OS software’s GlobalProtect feature. This flaw enables unauthenticated attackers to execute arbitrary code with root privileges on affected firewalls. Review this Cybersecurity Threat Advisory to keep your organization secure...
Cybersecurity Threat Advisory: Critical flaws in Ivanti
Recent flaws found in Ivanti Connect Secure and Policy Secure Gateways can lead to remote code execution (RCE) attacks. Review this Cybersecurity Threat Advisory to learn additional details and recommendations to keep your organization secure. What is the threat? Ivanti...
Cybersecurity Threat Advisory: Two vulnerabilities found in D-Link NAS devices
Two vulnerabilities were found in legacy D-Link products that have reached end-of-life (EoL) status. The vulnerabilities can cause command injection and backdoor account to these devices. This Cybersecurity Threat Advisory discusses the impact of the threat, as well as recommendations...
Cybersecurity Threat Advisory: XZ Utils supply chain vulnerability
A supply chain vulnerability was found in XZ Utils that creates a backdoor into OpenSSH and can lead to remote code execution (RCE). Read this Cybersecurity Threat Advisory to learn about this supply chain vulnerability and how to reduce your...
Cybersecurity Threat Advisory: TA558 phishing campaign
The threat actor TA558 is conducting a phishing campaign targeting various sectors in Latin America, intending to deploy the remote access tool known as Venom RAT. Barracuda MSP encourages organizations to follow the recommendations detailed in this Cybersecurity Threat Advisory...
Cybersecurity Threat Advisory: AWS ‘FlowFixation’ vulnerability
The AWS “FlowFixation” vulnerability, while patched in September 2023, may still pose account hijacking risks within its Amazon Managed Workflows Apache Airflow (MWAA) service. Read this Cybersecurity Threat Advisory to learn the impact and security measures to mitigate risks associated...
Cybersecurity Threat Advisory: GitHub supply chain attack
Malicious actors have launched a software supply chain attack targeting developers on the GitHub platform. Barracuda MSP recommends taking proactive measures detailed in this Cybersecurity Threat Advisory to mitigate the risk. What is the threat? A variety of techniques were...
Cybersecurity Threat Advisory: New vulnerability in Apple M-chip
A new security exploit, GoFetch, was found in Apple’s M-chip architecture. It takes advantage of data memory-dependent prefetchers (DMPs) and could use the device as a new attack vector. Continue reading this Cybersecurity Threat Advisory to learn how you can...
Cybersecurity Threat Advisory: StrelaStealer malware targets organizations
A new email threat, StrelaStealer malware, is targeting Europe and United States organizations. It spreads through phishing emails with attachments that execute its dynamic-link library (DLL) payload designed to steal email login data. This Cybersecurity Threat Advisory reviews the threat...
Cybersecurity Threat Advisory: Fortinet FortiClientEMS critical vulnerability
Fortinet has released security updates for an unauthorized code execution vulnerability impacting their FortiClientEMS (Endpoint Management Server) product. The vulnerability, CVE-2023-48788, is related to a flaw that allows unauthenticated malicious actors to execute code or commands onto the server via...
