Barracuda Launches Managed Vulnerability Security
'By proactively identifying vulnerabilities, we can better predict the likelihood of an attack, giving both Barracuda and our customers a decisive edge to stop threats before they're exploited and reduce cyber risk,' said Adam Khan, vice president of global security operations at Barracuda. 'Barracuda Managed Vulnerability Security delivers deep visibility into risks across environments – without the burden of managing additional tools or hiring hard to find and retain security operations specialists. With expert guidance and smart prioritization, it streamlines remediation and transforms how organizations manage vulnerabilities and defend against today's sophisticated attacks.'
Barracuda Managed Vulnerability Security provides expert-led vulnerability scanning, analysis and contextual reporting across organizations' networks and cloud infrastructure. The service uncovers vulnerabilities across a broad range of hardware and software – including endpoints, servers, IoT devices, firewalls, and other network-connected systems – regardless of whether those vulnerabilities are associated with known exploits.
Organizations receive detailed, actionable reports, including an audit summary and prioritized remediation plan. These insights help organizations clearly understand their risk exposure and make informed decisions aligned with both their security objectives and compliance requirements. Regular vulnerability scans play a critical role in helping organizations meet regulatory guidelines such as the Digital Operational Resilience Act (DORA), Network Information Security 2 (NIS2), General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), and others by supporting ongoing risk assessment, mitigation and audit readiness.
Barracuda Managed Vulnerability Security is now available to both new and existing customers through Barracuda's global network of resellers and Managed Service Providers.
The service can be deployed on its own or seamlessly integrated with Barracuda Managed XDR, a 24/7/365 threat detection and response offering that leverages advanced AI analytics and threat intelligence to prevent breaches. When combined, customers gain a unified, fully managed security experience that streamlines vendor management, accelerates vulnerability and threat detection and remediation, and enhances operational efficiency.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Channel Post MEA
25-06-2025
- Channel Post MEA
Barracuda Launches Managed Vulnerability Security
Barracuda Networks has announced the launch of Barracuda Managed Vulnerability Security. This fully managed service, powered by Barracuda's global Security Operations Center (SOC), extends the BarracudaONE platform to help organizations proactively identify, assess and prioritize vulnerabilities. This enables them to reduce risk and strengthen their security resilience. 'By proactively identifying vulnerabilities, we can better predict the likelihood of an attack, giving both Barracuda and our customers a decisive edge to stop threats before they're exploited and reduce cyber risk,' said Adam Khan, vice president of global security operations at Barracuda. 'Barracuda Managed Vulnerability Security delivers deep visibility into risks across environments – without the burden of managing additional tools or hiring hard to find and retain security operations specialists. With expert guidance and smart prioritization, it streamlines remediation and transforms how organizations manage vulnerabilities and defend against today's sophisticated attacks.' Barracuda Managed Vulnerability Security provides expert-led vulnerability scanning, analysis and contextual reporting across organizations' networks and cloud infrastructure. The service uncovers vulnerabilities across a broad range of hardware and software – including endpoints, servers, IoT devices, firewalls, and other network-connected systems – regardless of whether those vulnerabilities are associated with known exploits. Organizations receive detailed, actionable reports, including an audit summary and prioritized remediation plan. These insights help organizations clearly understand their risk exposure and make informed decisions aligned with both their security objectives and compliance requirements. Regular vulnerability scans play a critical role in helping organizations meet regulatory guidelines such as the Digital Operational Resilience Act (DORA), Network Information Security 2 (NIS2), General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), and others by supporting ongoing risk assessment, mitigation and audit readiness. Barracuda Managed Vulnerability Security is now available to both new and existing customers through Barracuda's global network of resellers and Managed Service Providers. The service can be deployed on its own or seamlessly integrated with Barracuda Managed XDR, a 24/7/365 threat detection and response offering that leverages advanced AI analytics and threat intelligence to prevent breaches. When combined, customers gain a unified, fully managed security experience that streamlines vendor management, accelerates vulnerability and threat detection and remediation, and enhances operational efficiency.
Arabian Post
13-06-2025
- Arabian Post
Phishing-as-a-Service PhaaS Surge Elevates AiTM Threats
A surge in Adversary‑in‑the‑Middle phishing attacks exploiting Phishing‑as‑a‑Service frameworks has been recorded in 2025, allowing cybercriminals to systematically bypass multi‑factor authentication and harvest corporate credentials at industrial scale. Researchers from Sekoia and Barracuda warn that tools like Tycoon 2FA, EvilProxy and Sneaky 2FA are being rapidly refined, embedding advanced evasion techniques and automation that make detection increasingly challenging. AiTM phishing campaigns leverage reverse proxies that intercept login credentials and session cookies in real time. When users enter their password and MFA code, a proxy server relays the information to the legitimate service—such as Microsoft 365 or Google—capturing session tokens in the process. Attackers then replay those tokens to impersonate legitimate users without triggering MFA prompts. Between January and February, over one million PhaaS‑powered AiTM phishing attempts were blocked globally, with Tycoon 2FA accounting for nearly 90 % of the incidents. EvilProxy and Sneaky 2FA contributed around 8 % and 3 % respectively. Tycoon 2FA has evolved markedly: its credential‑stealing scripts now employ Caesar‑cipher encryption, invisible Hangul filler characters, AES encryption, and browser fingerprinting to tailor the attack and evade detection. ADVERTISEMENT EvilProxy, in contrast, offers ease of deployment, enabling even actors with limited expertise to launch fully automated AiTM campaigns against cloud platforms by mimicking legitimate page source code and proxying credentials live. Sneaky 2FA, meanwhile, uses Telegram‑based bots and clever URL structures to pre‑populate phishing forms with user email addresses, redirect non‑target users to innocuous sites, and selectively deliver phishing pages only to likely victims. It also embeds tracking codes that reinforce its selective targeting. Darktrace analysts cite real‑world incidents where attackers abused legitimate platforms—such as Milanote—to deliver Tycoon 2FA phishing lures. This misuse of trusted resources bypasses traditional defences like email gateways, which often cannot distinguish between benign and malicious content. SC Media likewise highlights Sneaky Log's Messenger‑driven delivery mechanism and anti‑sandbox filters—including blurred backgrounds and redirects to Wikipedia—making detection by anti‑phishing tools very difficult. Microsoft's threat intelligence team reports other AiTM vectors such as OAuth‑consent and device‑code phishing. While these attacks exploit legitimate login flows—often via QR codes or OAuth prompts—they similarly bypass MFA using session token theft and abuse of authentication flows. Threat actors ultimately deploy AiTM access to conduct Business Email Compromise, financial scams, internal reconnaissance, or onward phishing. They frequently install persistent controls—including email forwarding rules and additional MFA factors—to prolong intrusions. Defensive responses emphasise layered security. Organisations are urged to deploy AI‑powered email defences, anomaly detection within identity logs, real‑time URL scanning, phishing‑resistant credentials like FIDO2 or passkeys, and contextual Conditional‑Access policies based on location or device status. Endpoint‑level inspection, token anomaly monitoring, and pre‑click URL analysis—particularly to bypass proxies like Cloudflare Turnstile—are also advised. Academic research echoes the urgency for adaptive defences: LLM‑based multi‑agent systems like MultiPhishGuard and fuzzy‑logic frameworks offer promising ways to detect adversarial phishing content while maintaining transparency and low false‑positive rates.
Channel Post MEA
09-06-2025
- Channel Post MEA
Bitdefender Launches Compliance Management Solution With Endpoint Security
Bitdefender has announced GravityZone Compliance Manager, a new addition to its GravityZone platform that helps organizations reduce the burden of compliance and streamline audit readiness. Designed specifically for today's complex regulatory landscape, the solution provides real-time visibility, automated remediation, audit-ready reports, and one-click compliance documentation fully integrated with Bitdefender endpoint security and risk analytics. 'GravityZone Compliance Manager performed well for us during early access. The continuous monitoring and assessment feature reduced our reliance on manual scans, saving valuable time. Because it's integrated into our existing security stack, we've avoided the additional cost and complexity of using external tools. It has simplified our operations by eliminating the need for multiple point solutions,' stated Alin Paunescu, chief information security officer at Patria Bank. In recent research, Gartner recommends that organizations, 'Combine compliance and risk management effectively by prioritizing the implementation of impact-based assessments and automated, continuous monitoring capabilities.'¹ With regulations like GDPR, PCI DSS, NIS2 and DORA introducing stricter penalties, organizations can no longer afford fragmented or manual compliance approaches. The financial consequences of non-compliance are severe with fines up to €20 million or 4% of global annual turnover under GDPR and $100 thousand per month under PCI DSS. These penalties come in addition to significant reputational damage organizations face that often follows regulatory violations. Regulatory demands are increasing, but most organizations still rely on fragmented tools and manual processes. Designed as an add-on to Bitdefender GravityZone, the company's flagship unified security and risk analytics platform, GravityZone Compliance Manager minimizes complexity by unifying compliance, risk, and security operations in a single platform. It delivers real-time compliance scoring, automated reporting, and guided remediation, all without the need for specialized in-house expertise. Key Benefits of GravityZone Compliance Manager: • Automated Audit-Ready Reports in Seconds –Instantly generate compliance reports aligned with auditor requirements using existing Bitdefender tooling. GravityZone Compliance Manager simplifies audit preparation by automating evidence collection and removing reporting complexity. Reports are structured for auditor review and include an executive summary of the organization's overall compliance score, a breakdown of compliant versus non-compliant checks, and a risk overview detailing the severity of high, medium, and low risks. –Instantly generate compliance reports aligned with auditor requirements using existing Bitdefender tooling. GravityZone Compliance Manager simplifies audit preparation by automating evidence collection and removing reporting complexity. Reports are structured for auditor review and include an executive summary of the organization's overall compliance score, a breakdown of compliant versus non-compliant checks, and a risk overview detailing the severity of high, medium, and low risks. • One Platform for Security, Risk Management, and Compliance – GravityZone Compliance Manager builds on Bitdefender's unified platform by adding compliance management to a foundation that already includes prevention, detection, response, and risk analytics. Combined with Bitdefender Proactive Hardening and Attack Surface Reduction (PHASR), which proactively reduces exposure by disabling unused or risky system tools, organizations can both harden their environments and stay continuously aligned with compliance requirements. When risks are resolved, compliance status updates automatically which streamlines operations and improves the organizations' cybersecurity posture. – GravityZone Compliance Manager builds on Bitdefender's unified platform by adding compliance management to a foundation that already includes prevention, detection, response, and risk analytics. Combined with Bitdefender Proactive Hardening and Attack Surface Reduction (PHASR), which proactively reduces exposure by disabling unused or risky system tools, organizations can both harden their environments and stay continuously aligned with compliance requirements. When risks are resolved, compliance status updates automatically which streamlines operations and improves the organizations' cybersecurity posture. • Supports Major Industry and Geo Specific Compliance Standards – GravityZone Compliance Manager provides immediate visibility into endpoint compliance posture and streamlines regulatory alignment with out-of-the-box support for major frameworks—including region and industry-specific standards such as GDPR, HIPAA, DORA, NIS 2 Directive, PCI DSS, SOC 2, ISO 27001, CISv8, CMMC 2.0 and more. Businesses quickly identify and remediate compliance gaps with a single click and can drill down further into specific standards or benchmarks to view detailed information on associated risks and affected assets. 'The consequences of non-compliance, including financial loss, operational disruption, and reputational damage, rival those of a data breach or ransomware attack, yet most businesses lack the resources or specialized talent needed to manage compliance with confidence,' said Andrei Florescu, president and general manager of Bitdefender Business Solutions Group. 'GravityZone Compliance Manager is a game-changer that consolidates compliance, risk management, and endpoint security on a single platform, enabling businesses to meet regulatory demands effortlessly and reduce complexity to strengthen cyber resilience.' Availability Bitdefender GravityZone Compliance Manager is available now for new and existing customers. All Risk Management users receive automatic access to a basic standard with real-time insights and best-practice guidelines. A full Compliance Manager add-on license unlocks support for advanced compliance frameworks, detailed scoring, full compliance visibility, and exportable reports.
