Two vulnerabilities, CVE-2024-20353 (denial of service) and CVE-2024-20359 (persistent local code execution), were leveraged to create backdoors by a state-sponsored cyber-espionage group, ArcaneDoor, in Cisco firewalls. Review the recommendations in this Cybersecurity Threat Advisory to protect your firewall appliances now. What is the threat? Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls had two critical vulnerabilities exploited: CVE-2024-20353: Denial-of-Service (DoS) vulnerability. Allows attackers to disrupt services on the targeted fire ..read more

The marketing industry is a fascinating one. When you look up tips from experts, you’ll see all kinds of misconceptions, myths, and conflicting information. However, this isn’t because the experts don’t know what they are talking about. For one, the managed service provider (MSP) marketing space differs from most. Second, marketing is an industry where the “shiny new object” syndrome runs rampant. Third, the marketing landscape changes by the second. What worked like magic one day can be completely obsolete the next. This means the industry is full of flash-in-the-pan fads. However, plenty o ..read more

We have reported extensively on the cybersecurity talent shortage plaguing the industry. The shortage is more than just a personnel issue though, it represents a serious cybersecurity problem. For instance, a Gartner report says that by 2025, half of all cybersecurity incidents will occur because of “a lack of talent or human failure.” This week, we are taking another look at this topic in an interview with Steve Satterwhite, CEO of Entelligence, a company that monitors and analyzes the cybersecurity landscape. 2024 Trends: A dichotomy Satterwhite says he has noticed several key trends in hir ..read more

The security end goal for all organizations is cyber resilience. Effective prevention and detection measures are, and will remain, a critical cornerstone of security strategies, but companies shouldn’t stop there. What matters is how the organization prepares for, withstands, responds to, and recovers from an incident. And this depends on people and processes as much as it does on technology. The U.S. National Institute of Standards and Technologies (NIST) updated its benchmark Cybersecurity Framework earlier this year. It added security governance as a strategic priority which refers to how ..read more

Predicting the future is difficult, but you can anticipate what is likely to happen by looking at how things have evolved over time. Barracuda asked colleagues who work on the security frontline, from XDR and offensive security to international product experts, our own security operations team, and more, about what they witnessed in 2023 and what they expect to see in the remainder of 2024. What most surprised you in 2023? Adam Khan, VP Global Security Operations: In 2023, the number of potential attack surfaces in organizations will continue to increase. More of them will adopt cloud-based a ..read more

Managed service providers (MSPs), chief information security officers (CISOs), and IT professionals have long relied on the National Institute of Standards and Technology (NIST) for roadmaps and best practices in cybersecurity. Since the original NIST framework was first released in 2013, a refresh was much needed. “NIST was getting a little long in the tooth,” expressed Simon George, an independent cybersecurity specialist in Los Angeles. “NIST has largely been the roadmap for critical infrastructure. The upgrade expands NIST’s purview to include all verticals, not just critical ones. With t ..read more

A market forecast report, published by Meticulous Research, shows the global managed cloud services market is projected to grow 14.2 percent on a compound annual basis to reach $247.5 billion in revenue by 2030. According to the report, much of that increase will be driven by lowering the bar to cloud adoption and increased demands for cloud services from the banking, financial services, and insurance sectors, as well as healthcare organizations that still run most of their applications in on-premises IT environments. Additionally, there will be significant opportunities to integrate cloud c ..read more

Have you heard about the latest Barracuda Email Protection Plans available to MSP partners? These tested and proven plans are designed to help MSPs scale their business while meeting customers’ email security needs. With today’s evolving cyberthreats, it is imperative that our protection evolves as well. Barracuda has designed a three-tier email protection package that allows you to easily protect customers’ mailboxes, users, and data against email and web threats. Below are some of the key benefits of these plans. Comprehensive threat prevention  Consolidate and simplify your security ..read more

In this edition of Tech Time Warp we go back to April 14, 1995, when the Chinese government began widespread efforts to stop its government agencies from using pirated software. The move came after a Feb. 27, 1995, accord agreement between the U.S. and China in which government officials announced enhanced copyright enforcement measures, including evidence-collecting task forces, increased ability for Chinese customs officers to search for and destroy pirated materials, and removal of quotas on American film imports. According to The New York Times, U.S. officials considered it the “most com ..read more

The cybersecurity talent shortage in the workforce presents a direct cybersecurity threat. Statistics from the National Institute of Standards and Technology (NIST) paint a grim picture: By 2025, a lack of talent or human failure will be responsible for over half of significant cybersecurity incidents. There is currently a global shortage of 3.4 million cybersecurity professionals. According to NIST, some of the most acute shortages include: Cloud security Cyberthreat intelligence Malware analysis The cybersecurity shortage has hit managed service providers (MSPs) especially hard. Skilled ..read more