Tag: threat

Cybersecurity Threat Advisory: Google zero-day vulnerability

Cybersecurity Threat Advisory: Google zero-day vulnerability

Google has released a new patch for Google Chrome to address critical vulnerabilities in V8, WebRTC, and Chrome OS Shell components. If exploited, the vulnerabilities will allow malicious actors to perform memory corruption and privilege escalation. Barracuda MSP recommends applying...

/ July 12, 2022
Cybersecurity Threat Advisory: New Microsoft Azure vulnerability

Cybersecurity Threat Advisory: New Microsoft Azure vulnerability

Researchers at Point 42 discovered a flaw in Microsoft Azure’s Fabric, dubbed ‘FabricScape’, propagating the ongoing series of vulnerabilities that the platform has been facing. This vulnerability allows bad actors using Linux to escalate their own privileges to the extent...

/ July 10, 2022
Cybersecurity Threat Advisory: Mitel VoIP vulnerability

Cybersecurity Threat Advisory: Mitel VoIP vulnerability

A known remote code execution vulnerability, CVE-2022-29499, was discovered with the Linux-based Mitel VoIP (Voice over Internet Protocol) application. Once exploited, this vulnerability allows a threat actor to gain root privileges to the system and plant ransomware. Barracuda MSP recommends...

/ July 5, 2022
Cybersecurity Threat Advisory: Apple Safari arbitrary code execution vulnerability

Cybersecurity Threat Advisory: Apple Safari arbitrary code execution vulnerability

Apple has had an existing arbitrary code execution vulnerability in their MacOS, iOS, iPadOS, and Safari in their past 3 zero-days known as CVE-2022-22620. Google and Barracuda MSP researchers are making sure users don’t forget this. The vulnerability could allow...

/ June 28, 2022
Cybersecurity Threat Advisory: FastJson versions vulnerable to deserialization

Cybersecurity Threat Advisory: FastJson versions vulnerable to deserialization

A new version of FastJson has been released and has patched a vulnerability which allows malicious actors to utilize “AutoTypeCheck” mechanism and achieve remote code execution in FastJson. All Java applications that pass user-controlled data to either the JSON.parse or...

/ June 27, 2022
Cybersecurity Threat Advisory: A Microsoft Azure Synapse vulnerability uncovered

Cybersecurity Threat Advisory: A Microsoft Azure Synapse vulnerability uncovered

Security researchers at Orca uncovered a vulnerability in Microsoft Azure Synapse, dubbed SynLapse. This vulnerability lies in the ODBC or Online Database Connectivity method employed by Synapse. Once a bad actor gains access through this vulnerability, they can gain access...

/ June 22, 2022
Cybersecurity Threat Advisory: Threat actors targeting VoIP provides with DDoS attacks

Cybersecurity Threat Advisory: Threat actors targeting VoIP provides with DDoS attacks

F5 has released a set of vulnerabilities including 17 high and 1 critical which affect the users of BIG-IP application delivery controller. The vulnerabilities provide malicious actors the ability to deploy crypto mining, ransomware, or other malicious files to the...

/ May 11, 2022
Cybersecurity Threat Advisory: GitLab vulnerability could allow account takeover

Cybersecurity Threat Advisory: GitLab vulnerability could allow account takeover

GitLab released an advisory on Thursday, March 31st regarding a new critical vulnerability found in their product, currently being tracked as CVE-2022-1162. This vulnerability can lead to vulnerable account takeover when exploited. GitLab has released a security patch, and Barracuda...

/ April 8, 2022 / 7 Comments
Cybersecurity Threat Advisory: “TLStorm” vulnerability found in APC Smart-UPS devices

Cybersecurity Threat Advisory: “TLStorm” vulnerability found in APC Smart-UPS devices

The security firm Armis has located three vulnerabilities in Schneider Electric’s APC Smart-UPS devices. These flaws are being tracked under the name “TLStorm.” This vulnerability can enable remote attackers to control the power of millions of enterprise devices to conduct...

/ March 16, 2022
Cybersecurity Threat Advisory: Dirty pipe Linux vulnerability provides privilege escalation

Cybersecurity Threat Advisory: Dirty pipe Linux vulnerability provides privilege escalation

Security researchers have discovered and released information on new vulnerabilities and kernel level exploits to the public. The vulnerabilities: CVE-2022-049 and CVE-2022-0847 are some of the highest severity exploits and affect out-of-date Linux distros. Due to the similarities with the...

/ March 15, 2022