Tag: vulnerability

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical MOVEit transfer vulnerability

Cybersecurity Threat Advisory: Critical MOVEit transfer vulnerability

A critical vulnerability has been discovered in MOVEit Transfer, a commonly used managed file transfer (MFT) solution developed by Progress Software. This vulnerability allows remote attackers to execute arbitrary code on affected systems. The vulnerability is actively exploited in the...

/ June 2, 2023
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical PaperCut vulnerability actively exploited

Cybersecurity Threat Advisory: Critical PaperCut vulnerability actively exploited

A new vulnerability, CVE-2023-27350, has been discovered which affects PaperCut MF and NG print management software. Successful exploitation of the vulnerability would allow attackers to access sensitive user information (usernames, email addresses, office/department information, and card numbers) without authentication. A...

/ May 8, 2023 / 1 Comment
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: New Fortinet vulnerability

Cybersecurity Threat Advisory: New Fortinet vulnerability

Fortinet has released information concerning a FortiOS & FortiProxy Heap Buffer administrative interface vulnerability with a CVSS score of 9.3. The vulnerability allows an unauthenticated attacker to execute commands on the device and/or perform a denial-of-service (DoS) attack on the...

/ March 9, 2023
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Palo Alto PAN-OS vulnerability

Cybersecurity Threat Advisory: Palo Alto PAN-OS vulnerability

This week, Palo Alto released a patch for PAN-OS’ vulnerability (CVE-2022-0028). This vulnerability is actively being targeted by threat actors. Firewalls running PAN-OS could permit an attacker to perform a Denial-of-Service (DoS) attack. Barracuda MSP recommends updating affected Palo Alto...

/ August 17, 2022
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: OpenSSL vulnerability

Cybersecurity Threat Advisory: OpenSSL vulnerability

Two vulnerabilities were discovered in OpenSSL version 3.0.4 that impacts RSA Private Keys and AES OCB Encryption operations. These vulnerabilities cause an incorrect RSA implementation for 2048-bit private keys that can lead to memory corruption while the device is in...

/ July 15, 2022
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: New Microsoft Azure vulnerability

Cybersecurity Threat Advisory: New Microsoft Azure vulnerability

Researchers at Point 42 discovered a flaw in Microsoft Azure’s Fabric, dubbed ‘FabricScape’, propagating the ongoing series of vulnerabilities that the platform has been facing. This vulnerability allows bad actors using Linux to escalate their own privileges to the extent...

/ July 10, 2022
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Mitel VoIP vulnerability

Cybersecurity Threat Advisory: Mitel VoIP vulnerability

A known remote code execution vulnerability, CVE-2022-29499, was discovered with the Linux-based Mitel VoIP (Voice over Internet Protocol) application. Once exploited, this vulnerability allows a threat actor to gain root privileges to the system and plant ransomware. Barracuda MSP recommends...

/ July 5, 2022
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Apple Safari arbitrary code execution vulnerability

Cybersecurity Threat Advisory: Apple Safari arbitrary code execution vulnerability

Apple has had an existing arbitrary code execution vulnerability in their MacOS, iOS, iPadOS, and Safari in their past 3 zero-days known as CVE-2022-22620. Google and Barracuda MSP researchers are making sure users don’t forget this. The vulnerability could allow...

/ June 28, 2022
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: FastJson versions vulnerable to deserialization

Cybersecurity Threat Advisory: FastJson versions vulnerable to deserialization

A new version of FastJson has been released and has patched a vulnerability which allows malicious actors to utilize “AutoTypeCheck” mechanism and achieve remote code execution in FastJson. All Java applications that pass user-controlled data to either the JSON.parse or...

/ June 27, 2022
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Black Basta Ransomware Group threat

Cybersecurity Threat Advisory: Black Basta Ransomware Group threat

The Black Basta ransomware group is revamping an older malware known as Qbot, Qakbot and Plinkslipbot to exploit the Microsoft Exchange Server. A successful attack will allow threat actors the ability to gain target network access, collect critical personal information,...

/ June 24, 2022