MSP

How to choose secure, verifiable technologies?

How to choose secure, verifiable technologies? 2024-12-06 at 12:16 By Zeljka Zorz The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has published a guidance document titled Choosing Secure and Verifiable Technologies, compiled to assist organizations in making informed decisions when procuring software (proprietary or open source), hardware (e.g., IoT devices), and cloud services […]

React to this headline:

Loading spinner

How to choose secure, verifiable technologies? Read More »

Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449)

Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) 2024-12-03 at 19:48 By Zeljka Zorz Veeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC), one of which (CVE-2024-42448) may allow remote attackers to achieve code exection on the VSPC server machine. The vulnerabilities Veeam Service Provider Console is a cloud-enabled platform that

React to this headline:

Loading spinner

Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) Read More »

Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)

Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) 2024-10-24 at 12:18 By Zeljka Zorz Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. About CVE-2024-47575 CVE-2024-47575 is a vulnerability stemming from missing authentication for a critical function in FortiManager’s fgfmd daemon. Remote, unauthenticated attackers could

React to this headline:

Loading spinner

Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) Read More »

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) 2024-09-25 at 17:17 By Zeljka Zorz Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remotely read and modify all help desk ticket details, are now public. “When

React to this headline:

Loading spinner

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) Read More »

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) 2024-08-27 at 19:01 By Zeljka Zorz Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentials enabling the attackers to access the providers’ downstream

React to this headline:

Loading spinner

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) Read More »

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987) 2024-08-23 at 13:31 By Zeljka Zorz A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out. CVE-2024-28987 CVE-2024-28987 stems from

React to this headline:

Loading spinner

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987) Read More »

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) 2024-08-15 at 14:45 By Zeljka Zorz SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce

React to this headline:

Loading spinner

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) Read More »

Email attacks skyrocket 293%

Email attacks skyrocket 293% 2024-08-06 at 06:31 By Help Net Security Email attacks have surged by 293% in the first half of 2024 compared to the same period in 2023, according to Acronis. The number of ransomware detections was also on the rise, increasing 32% from Q4 2023 to Q1 2024. Ransomware remains a top

React to this headline:

Loading spinner

Email attacks skyrocket 293% Read More »

Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249)

Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249) 2024-07-29 at 15:46 By Zeljka Zorz CVE-2023-45249, a critical vulnerability affecting older versions of Acronis Cyber Infrastructure, is being exploited by attackers. About Acronis Cyber Infrastructure Acronis is a privately held Swiss cybersecurity and data protection technology company. Acronis Cyber Infrastructure (ACI) is an IT

React to this headline:

Loading spinner

Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249) Read More »

Leveraging AI and automation for enhanced security operations

Leveraging AI and automation for enhanced security operations 2024-06-28 at 07:01 By Mirko Zorz In this Help Net Security interview, Michelle Weston, VP of Security & Resiliency at Kyndryl, discusses the key challenges in security operations and how to address them. The top issues are increasing cyber resilience risks, changing regulatory conditions, and implementing emerging

React to this headline:

Loading spinner

Leveraging AI and automation for enhanced security operations Read More »

Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)

Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) 2024-05-08 at 12:16 By Zeljka Zorz Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch. About CVE-2024-29212 Veeam Service Provider Console is a cloud platform used by managed services providers (MSPs) and enterprises to

React to this headline:

Loading spinner

Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) Read More »

Cisco Duo provider breached, SMS MFA logs compromised

Cisco Duo provider breached, SMS MFA logs compromised 2024-04-16 at 18:31 By Zeljka Zorz Hackers have managed to compromise a telephony provider for Duo, the Cisco-owned company providing secure access solutions, and steal MFA (multi-factor authentication) SMS message logs of Duo customers. About the attack The unnamed provider – one of two that Duo uses

React to this headline:

Loading spinner

Cisco Duo provider breached, SMS MFA logs compromised Read More »

78% of MSPs identify cybersecurity as prime IT challenge

78% of MSPs identify cybersecurity as prime IT challenge 2024-03-07 at 06:46 By Help Net Security Cybersecurity remained a top priority and an area of growth for MSPs, with 73% saying it’s a top revenue driver for their business, according to Kaseya. Ongoing cyberattack threats impact MSPs The threat of cyberattacks continues to weigh on

React to this headline:

Loading spinner

78% of MSPs identify cybersecurity as prime IT challenge Read More »

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) 2024-02-22 at 12:31 By Zeljka Zorz The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw. ConnectWise has also released a newer version of ScreenConnect

React to this headline:

Loading spinner

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) Read More »

MSPs undergo transformation in response to persistent cyber threats

MSPs undergo transformation in response to persistent cyber threats 2024-02-22 at 06:32 By Help Net Security 2Organizations are increasingly turning to Managed Service Providers (MSPs) to alleviate pressure on IT departments, according to SonicWall. Managed services have emerged as a game-changing solution, providing organizations with an additional human-layer of defense, addressing alert fatigue, and freeing

React to this headline:

Loading spinner

MSPs undergo transformation in response to persistent cyber threats Read More »

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP! 2024-02-20 at 12:16 By Zeljka Zorz ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems. “There is no evidence that these vulnerabilities have been exploited in the wild, but immediate action must be taken

React to this headline:

Loading spinner

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP! Read More »

SMEs overestimate their cybersecurity preparedness

SMEs overestimate their cybersecurity preparedness 22/09/2023 at 06:02 By Help Net Security 57% of SMEs have fallen victim to at least one cybersecurity breach, among whom 31% reported that their business experienced a breach within the past 12 months alone, according to Guardz. The increasing number of evolving cyber threats poses a significant risk to

React to this headline:

Loading spinner

SMEs overestimate their cybersecurity preparedness Read More »

Short-staffed teams must find ways to do more with less

Short-staffed teams must find ways to do more with less 03/07/2023 at 06:02 By Help Net Security As more businesses experience resource and cost constraints, 86% of MSPs and MSSPs customers are outsourcing their security needs to consolidate security tools, according to OpenText. “Staffing issues that have plagued the security industry for years are getting

React to this headline:

Loading spinner

Short-staffed teams must find ways to do more with less Read More »

Economic volatility drives businesses to MSPs

Economic volatility drives businesses to MSPs 28/06/2023 at 06:02 By Help Net Security The current economic conditions are leading companies of all sizes to reassess their operations and business strategies to remain competitive and profitable, according to Kaseya. Business growth key driver for it budgets Budgets and resources may be shrinking, but workloads are not.

React to this headline:

Loading spinner

Economic volatility drives businesses to MSPs Read More »

IT providers become go-to for cybersecurity advice

IT providers become go-to for cybersecurity advice 14/06/2023 at 06:31 By Help Net Security 61% of SMBs have been hit by a successful cyberattack in the last year, according to BlackFog. The research study, which examined the business impact of cybersecurity for organizations in the US and UK, also revealed the growing importance of engaging

React to this headline:

Loading spinner

IT providers become go-to for cybersecurity advice Read More »

Scroll to Top