Threat Update: Hidden Cobra – Volgmer Trojan

November 15, 2017
HTTPS interception

Herjavec Group continues to closely monitor the news and activity around Hidden Cobra. Managed Security Services customers can rest assured that should there be an escalation in your environment related to Hidden Cobra, the alert shared with you via HG’s Analytics Platform will be enriched with threat intelligence to indicate the applicable Threat Actors.  The […]

Read More

Threat Advisory: Bad Rabbit Ransomware Update

October 25, 2017
HTTPS interception

This is an update to Herjavec Group’s initial Bad Rabbit Ransomware threat advisory. Additional Bad Rabbit Information Initial analysis from various AV vendors show that the Bad Rabbit malware it is a variant of the NotPetya sample. It is not known yet if there is actual code re-use or if the tactics and strings were […]

Read More

New Ransomware Infection “Bad Rabbit” Reported Around the World

HTTPS interception

There have been multiple reports of a new ransomware, dubbed “Bad Rabbit,” infecting computers in many countries around the world. This suspected variant of Petya ransomware is malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. As always, Herjavec Group advises against paying the […]

Read More

Several Key Vulnerabilities Found in WPA2 Security Protocol

October 16, 2017
HTTPS interception

Several key vulnerabilities have been found in the Wi-Fi Protected Access II (WPA2) security protocol that may allow cybercriminals to eavesdrop on Wi-Fi traffic between computers and access points. If exploited, attackers may take control of affected systems to conduct attacks such as packet replay, TCP connection hijacking, HTTP content injection, arbitrary packet decryption, and […]

Read More

Important Palo Alto Networks URL Filtering Service Announcement

October 11, 2017
HTTPS interception

The Palo Alto Networks Support Team circulated the update below last night relating to the Palo Alto Networks URL Filtering service: A new category has been created for your Palo Alto Networks URL Filtering service.  This newly established category, “command-and-control,” previously fell within the malware category in the service.  We created this standalone command-and-control category […]

Read More

Palo Alto Networks Publishes 2 New and 1 Updated Security Advisory Addressing 3 Security Issues

August 31, 2017
HTTPS interception

New Security Advisories  PAN-SA-2017-0023 – Cross-Site Scripting in PAN-OS  A vulnerability exists in PAN-OS’s GlobalProtect external interface that could allow for a cross-site scripting (XSS) attack. PAN-OS does not properly validate specific request parameters  * Medium Severity  * Fixed in PAN-OS 6.1.18, PAN-OS 7.0.17, PAN-OS 7.1.12 and PAN-OS 8.0.3  * CVE-2017-12416 PAN-SA-2017-0024 – XML External […]

Read More

Beware of Hurricane Harvey Phishing Scams

August 29, 2017
HTTPS interception

Herjavec Group advises to be cautious of any emails with subject lines, hyperlinks or attachments related to Hurricane Harvey relief efforts. Cybercriminal activity tends to increase significantly following a natural disaster of this magnitude. For example, fraudulent emails that mimic reputable charitable organizations requesting donations, often contain malicious links or attachments that direct users to […]

Read More

Threat Advisory: “Petya” Ransomware Update

June 27, 2017
HTTPS interception

Multiple sources have reported the spread of the “Petya” ransomware in countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users’ access to the infected machine until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not […]

Read More

WannaCry Fact Sheet

May 18, 2017

Herjavec Group published its first threat advisory on the WannaCry attack on Friday May 12th. In response to WannaCry, Herjavec Group’s Security Operations Centers immediately heightened awareness internally for IOCs, and MD5 hashes which were attributed to the execution and symptoms of the attack.  Over the 48 hours that followed, HG security engineers developed and […]

Read More

Threat Update: Microsoft Releases Critical Security Update

May 9, 2017
HTTPS interception

Microsoft has released a critical out-of-band security update addressing a vulnerability in the Microsoft Malware Protection Engine. A remote attacker could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review Microsoft Security Advisory 4022344 for details and apply the necessary update. To view the original US-CERT advisory, please click […]

Read More