Tag: threat
Cybersecurity Threat Advisory: Best practices for the holiday season
Barracuda MSP would like to wish everyone a happy holiday season! As organizations around the world are getting ready for some well-deserved time off, hackers are ramping up their infiltration efforts. Threat intel data indicates we will experience a sizable...
Beware of growing software supply chain attacks
Software supply chain attacks have been increasingly bedeviling the IT space. Recent statistics bear out the dangers of these attacks. According to a study by Israel-based Argon security: Supply chain attacks grew by more than 300 percent in 2021 over...
Cybersecurity Threat Advisory: Google zero-day vulnerability
Google has released a new patch for Google Chrome to address critical vulnerabilities in V8, WebRTC, and Chrome OS Shell components. If exploited, the vulnerabilities will allow malicious actors to perform memory corruption and privilege escalation. Barracuda MSP recommends applying...
Cybersecurity Threat Advisory: New Microsoft Azure vulnerability
Researchers at Point 42 discovered a flaw in Microsoft Azure’s Fabric, dubbed ‘FabricScape’, propagating the ongoing series of vulnerabilities that the platform has been facing. This vulnerability allows bad actors using Linux to escalate their own privileges to the extent...
Cybersecurity Threat Advisory: Mitel VoIP vulnerability
A known remote code execution vulnerability, CVE-2022-29499, was discovered with the Linux-based Mitel VoIP (Voice over Internet Protocol) application. Once exploited, this vulnerability allows a threat actor to gain root privileges to the system and plant ransomware. Barracuda MSP recommends...
Cybersecurity Threat Advisory: Apple Safari arbitrary code execution vulnerability
Apple has had an existing arbitrary code execution vulnerability in their MacOS, iOS, iPadOS, and Safari in their past 3 zero-days known as CVE-2022-22620. Google and Barracuda MSP researchers are making sure users don’t forget this. The vulnerability could allow...
Cybersecurity Threat Advisory: FastJson versions vulnerable to deserialization
A new version of FastJson has been released and has patched a vulnerability which allows malicious actors to utilize “AutoTypeCheck” mechanism and achieve remote code execution in FastJson. All Java applications that pass user-controlled data to either the JSON.parse or...
Cybersecurity Threat Advisory: A Microsoft Azure Synapse vulnerability uncovered
Security researchers at Orca uncovered a vulnerability in Microsoft Azure Synapse, dubbed SynLapse. This vulnerability lies in the ODBC or Online Database Connectivity method employed by Synapse. Once a bad actor gains access through this vulnerability, they can gain access...
Cybersecurity Threat Advisory: Threat actors targeting VoIP provides with DDoS attacks
F5 has released a set of vulnerabilities including 17 high and 1 critical which affect the users of BIG-IP application delivery controller. The vulnerabilities provide malicious actors the ability to deploy crypto mining, ransomware, or other malicious files to the...
Cybersecurity Threat Advisory: GitLab vulnerability could allow account takeover
GitLab released an advisory on Thursday, March 31st regarding a new critical vulnerability found in their product, currently being tracked as CVE-2022-1162. This vulnerability can lead to vulnerable account takeover when exploited. GitLab has released a security patch, and Barracuda...