The cybersecurity talent shortage in the workforce presents a direct cybersecurity threat. Statistics from the National Institute of Standards and Technology (NIST) paint a grim picture: By 2025, a lack of talent or human failure will be responsible for over half of significant cybersecurity incidents. There is currently a global shortage of 3.4 million cybersecurity professionals. According to NIST, some of the most acute shortages include: Cloud security Cyberthreat intelligence Malware analysis The cybersecurity shortage has hit managed service providers (MSPs) especially hard. Skilled ..read more

This Cybersecurity Threat Advisory details the exploitation of the critical vulnerability CVE-2023-22518 in the Atlassian Confluence Data Center and Server. Attackers are deploying a Linux variant of Cerber (aka C3RB3R) ransomware. This allows unauthenticated attackers to reset Confluence and create administrator accounts, granting them complete control over affected systems. Continue reading to learn how to keep your systems safe. What is the threat? CVE-2023-22518 is being exploited to gain a foothold on the targeted Atlassian Confluence application servers. This critical vulnerability allo ..read more

The volume of applications deployed in the cloud continues to increase steadily. More organizations are looking to contain costs but are finding they lack the skills and expertise needed. A survey of over 400 cloud and data decision-makers conducted by Forrester Consulting on behalf of Boomi, finds nearly three quarters (72 percent) exceeded their cloud budgets last fiscal year, with 22 percent now making reducing cloud spending a priority. Overall, respondents admit they can’t account for 40 percent of spending on cloud services. Primary reasons for being over budget include excessive storag ..read more

An unauthenticated Structured Query Language (SQL) injection vulnerability, known as CVE-2024-2879, has been found in the WordPress plugin LayerSlider. Review this Cybersecurity Threat Advisory to learn how to safeguard your accounts from unauthenticated attackers. What is the threat? The vulnerability is found in LayerSlider WordPress plugin versions 7.9.11 and 7.10.0. It has a CVSS score of 9.8 and could be susceptible to SQL injection through the ls_get_popup_markup action. It is caused by insufficient escaping on the user-supplied parameter and the absence of wpdb::prepare(). Due to this ..read more

Another day passes, another cyberattack strikes. This time, a recent incident impacted a major U.S. government entity known as the Cybersecurity and Infrastructure Security Agency (CISA). Back in February, CISA officials discovered that two of its internal computer systems were compromised by hackers who exploited bugs in Ivanti products, and both systems were taken offline once the breach was detected. The two systems penetrated include CISA’s Infrastructure Protection (IP) Gateway, an integrated tool that allows Department of Homeland Security (DHS) partners to get informatio ..read more

Many organizations conduct surveys every year about the evolving threats and cybersecurity concerns that enterprises are faced with. Info-Tech Research Group’s report is a must-read for all security stakeholders, chief information security officers (CISOs), and managed service providers (MSPs). Some companies put out surveys as thinly veiled ways to push a product, but Info-Tech’s report presents interesting and relevant statistics in an easy-to-read format. Some highlights: The average cost of a data breach in 2023 was $4.35 million USD. Up 2 percent from 2022 and an increase of 15 percent ..read more

Palo Alto Networks has disclosed a critical vulnerability, CVE-2024-3400, impacting its PAN-OS software’s GlobalProtect feature. This flaw enables unauthenticated attackers to execute arbitrary code with root privileges on affected firewalls. Review this Cybersecurity Threat Advisory to keep your organization secure and mitigate potential risks now. What is the threat? The threat involves a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks’ PAN-OS software. This vulnerability affects specific versions of PAN-OS with distinct feature configurations, namely PAN ..read more

In today’s digital age, the use of technology continuously evolves to make our personal and professional lives more convenient. Quick Response (QR) code has been one such advancement. This two-dimensional barcode allows users to share website URLs and contact information or make payments. While QR codes have made our daily lives easier, they have also opened new avenues for cybercriminals to exploit. Also known as quishing, QR code phishing attacks are on the rise and present a significant threat to users and organizations alike. How cybercriminals are using QR codes in email attacks Hackers ..read more

You’ve heard of Ben and Jerry, but are you as familiar with Jerry and David? Unless you’re a keen watcher of Silicon Valley, perhaps not. But the website founded in 1994 as “Jerry and David’s Guide to the World Wide Web” became a household name under its ultimate moniker: Yahoo! Let’s talk about this month’s Pioneers in Tech spotlight, David Filo. Born April 20, 1966, in Wisconsin, David Filo met Jerry Yang while they were both doctoral students at Stanford University. They were working on a project to create computer chips using computer-aided design. When their faculty supervisor took a sab ..read more

Customers like to have a clear understanding of what’s going on. MSPs hold more than enough data to let customers know what is going on with their services. However, they struggle to transform this data into a useful form that really helps the customer. Streams of data are too arcane for most customers; they need something that paints a clear picture. Invoices tend to be devoid of anything useful – just a list of services against what the customer owes. Portals can be useful but tend to be technical and only beneficial to administrators in the customer’s world. Intelligence has been built int ..read more