Tag: vulnerability

Cybersecurity Threat Advisory: Mitel VoIP vulnerability

Cybersecurity Threat Advisory: Mitel VoIP vulnerability

A known remote code execution vulnerability, CVE-2022-29499, was discovered with the Linux-based Mitel VoIP (Voice over Internet Protocol) application. Once exploited, this vulnerability allows a threat actor to gain root privileges to the system and plant ransomware. Barracuda MSP recommends...

/ July 5, 2022
Cybersecurity Threat Advisory: Apple Safari arbitrary code execution vulnerability

Cybersecurity Threat Advisory: Apple Safari arbitrary code execution vulnerability

Apple has had an existing arbitrary code execution vulnerability in their MacOS, iOS, iPadOS, and Safari in their past 3 zero-days known as CVE-2022-22620. Google and Barracuda MSP researchers are making sure users don’t forget this. The vulnerability could allow...

/ June 28, 2022
Cybersecurity Threat Advisory: FastJson versions vulnerable to deserialization

Cybersecurity Threat Advisory: FastJson versions vulnerable to deserialization

A new version of FastJson has been released and has patched a vulnerability which allows malicious actors to utilize “AutoTypeCheck” mechanism and achieve remote code execution in FastJson. All Java applications that pass user-controlled data to either the JSON.parse or...

/ June 27, 2022
Cybersecurity Threat Advisory: Black Basta Ransomware Group threat

Cybersecurity Threat Advisory: Black Basta Ransomware Group threat

The Black Basta ransomware group is revamping an older malware known as Qbot, Qakbot and Plinkslipbot to exploit the Microsoft Exchange Server. A successful attack will allow threat actors the ability to gain target network access, collect critical personal information,...

/ June 24, 2022
Cybersecurity Threat Advisory: A Microsoft Azure Synapse vulnerability uncovered

Cybersecurity Threat Advisory: A Microsoft Azure Synapse vulnerability uncovered

Security researchers at Orca uncovered a vulnerability in Microsoft Azure Synapse, dubbed SynLapse. This vulnerability lies in the ODBC or Online Database Connectivity method employed by Synapse. Once a bad actor gains access through this vulnerability, they can gain access...

/ June 22, 2022
Cybersecurity Threat Advisory: Microsoft Windows critical remote code execution

Cybersecurity Threat Advisory: Microsoft Windows critical remote code execution

Microsoft released an emergency update for a critical remote code execution vulnerability for all Windows versions that are still receiving security updates (Windows 7+ and Server 2008+). This vulnerability allows an attacker to utilize the software to execute arbitrary code...

/ May 31, 2022 / 6 Comments
Cybersecurity Threat Advisory: Zyxel Firewall vulnerability

Cybersecurity Threat Advisory: Zyxel Firewall vulnerability

Zyxel’s ATP, VPN, and USG FLEX series business firewalls are affected by a Remote Code Execution (RCE) vulnerability that allows unauthenticated malicious attackers to execute arbitrary commands on the affected devices. Over 20,800 devices have been affected by this vulnerability,...

/ May 20, 2022
Cybersecurity Threat Advisory: TLStorm 2.0 vulnerabilities

Cybersecurity Threat Advisory: TLStorm 2.0 vulnerabilities

Up to 5 vulnerabilities were uncovered within the use of the TLS protocol in multiple models of the Aruba and Avaya Network switches. These vulnerabilities, if exploited, can provide threat actors remote access to enterprise networks and to transfer confidential...

/ May 11, 2022
Cybersecurity Threat Advisory: Dirty pipe Linux vulnerability provides privilege escalation

Cybersecurity Threat Advisory: Dirty pipe Linux vulnerability provides privilege escalation

Security researchers have discovered and released information on new vulnerabilities and kernel level exploits to the public. The vulnerabilities: CVE-2022-049 and CVE-2022-0847 are some of the highest severity exploits and affect out-of-date Linux distros. Due to the similarities with the...

/ March 15, 2022
Beware the toads

Beware the toads

It is nearly Spring, and as the weather turns warm, one must watch out for TOADS. No, not the kind that catches flies and hops into ponds. These TOADS are more sophisticated, standing for Telephone Oriented Attack Delivery (TOAD). There...

/ March 9, 2022