Managed service providers (MSPs), chief information security officers (CISOs), and IT professionals have long relied on the National Institute of Standards and Technology (NIST) for roadmaps and best practices in cybersecurity. Since the original NIST framework was first released in 2013, a refresh was much needed. “NIST was getting a little long in the tooth,” expressed Simon George, an independent cybersecurity specialist in Los Angeles. “NIST has largely been the roadmap for critical infrastructure. The upgrade expands NIST’s purview to include all verticals, not just critical ones. With t ..read more

A market forecast report, published by Meticulous Research, shows the global managed cloud services market is projected to grow 14.2 percent on a compound annual basis to reach $247.5 billion in revenue by 2030. According to the report, much of that increase will be driven by lowering the bar to cloud adoption and increased demands for cloud services from the banking, financial services, and insurance sectors, as well as healthcare organizations that still run most of their applications in on-premises IT environments. Additionally, there will be significant opportunities to integrate cloud c ..read more

Have you heard about the latest Barracuda Email Protection Plans available to MSP partners? These tested and proven plans are designed to help MSPs scale their business while meeting customers’ email security needs. With today’s evolving cyberthreats, it is imperative that our protection evolves as well. Barracuda has designed a three-tier email protection package that allows you to easily protect customers’ mailboxes, users, and data against email and web threats. Below are some of the key benefits of these plans. Comprehensive threat prevention  Consolidate and simplify your security ..read more

In this edition of Tech Time Warp we go back to April 14, 1995, when the Chinese government began widespread efforts to stop its government agencies from using pirated software. The move came after a Feb. 27, 1995, accord agreement between the U.S. and China in which government officials announced enhanced copyright enforcement measures, including evidence-collecting task forces, increased ability for Chinese customs officers to search for and destroy pirated materials, and removal of quotas on American film imports. According to The New York Times, U.S. officials considered it the “most com ..read more

The cybersecurity talent shortage in the workforce presents a direct cybersecurity threat. Statistics from the National Institute of Standards and Technology (NIST) paint a grim picture: By 2025, a lack of talent or human failure will be responsible for over half of significant cybersecurity incidents. There is currently a global shortage of 3.4 million cybersecurity professionals. According to NIST, some of the most acute shortages include: Cloud security Cyberthreat intelligence Malware analysis The cybersecurity shortage has hit managed service providers (MSPs) especially hard. Skilled ..read more

This Cybersecurity Threat Advisory details the exploitation of the critical vulnerability CVE-2023-22518 in the Atlassian Confluence Data Center and Server. Attackers are deploying a Linux variant of Cerber (aka C3RB3R) ransomware. This allows unauthenticated attackers to reset Confluence and create administrator accounts, granting them complete control over affected systems. Continue reading to learn how to keep your systems safe. What is the threat? CVE-2023-22518 is being exploited to gain a foothold on the targeted Atlassian Confluence application servers. This critical vulnerability allo ..read more

The volume of applications deployed in the cloud continues to increase steadily. More organizations are looking to contain costs but are finding they lack the skills and expertise needed. A survey of over 400 cloud and data decision-makers conducted by Forrester Consulting on behalf of Boomi, finds nearly three quarters (72 percent) exceeded their cloud budgets last fiscal year, with 22 percent now making reducing cloud spending a priority. Overall, respondents admit they can’t account for 40 percent of spending on cloud services. Primary reasons for being over budget include excessive storag ..read more

An unauthenticated Structured Query Language (SQL) injection vulnerability, known as CVE-2024-2879, has been found in the WordPress plugin LayerSlider. Review this Cybersecurity Threat Advisory to learn how to safeguard your accounts from unauthenticated attackers. What is the threat? The vulnerability is found in LayerSlider WordPress plugin versions 7.9.11 and 7.10.0. It has a CVSS score of 9.8 and could be susceptible to SQL injection through the ls_get_popup_markup action. It is caused by insufficient escaping on the user-supplied parameter and the absence of wpdb::prepare(). Due to this ..read more

Another day passes, another cyberattack strikes. This time, a recent incident impacted a major U.S. government entity known as the Cybersecurity and Infrastructure Security Agency (CISA). Back in February, CISA officials discovered that two of its internal computer systems were compromised by hackers who exploited bugs in Ivanti products, and both systems were taken offline once the breach was detected. The two systems penetrated include CISA’s Infrastructure Protection (IP) Gateway, an integrated tool that allows Department of Homeland Security (DHS) partners to get informatio ..read more

Many organizations conduct surveys every year about the evolving threats and cybersecurity concerns that enterprises are faced with. Info-Tech Research Group’s report is a must-read for all security stakeholders, chief information security officers (CISOs), and managed service providers (MSPs). Some companies put out surveys as thinly veiled ways to push a product, but Info-Tech’s report presents interesting and relevant statistics in an easy-to-read format. Some highlights: The average cost of a data breach in 2023 was $4.35 million USD. Up 2 percent from 2022 and an increase of 15 percent ..read more