Threat Update: Microsoft Releases April 2017 Security Updates

April 12, 2017
HTTPS interception

Microsoft has released 61 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of a system. This Security Update addresses a Microsoft Office vulnerability that is actively being exploited to spread malicious code. Herjavec Group aligns with US Cert’s recommendation for users and administrators […]

Read More

Threat Update: HTTPS Interception Weakens TLS Security

March 16, 2017
HTTPS interception

Many organizations use HTTPS interception products for several purposes, including detecting malware that uses HTTPS connections to malicious servers. In a recent report, The Security Impact of HTTPS Interception highlighted several security concerns with HTTPS inspection products including: Many HTTPS inspection products do not properly verify the certificate chain of the server before re-encrypting and forwarding […]

Read More

Threat Advisory: Key Vulnerability Found In Cisco’s WebEx Chrome Extension

January 25, 2017
HTTPS interception

A critical vulnerability has recently been uncovered in the Chrome extension of Cisco WebEx, a web conferencing software widely used by enterprise businesses, leaving 20 million users susceptible to attack. Windows Chrome users are in danger of getting hacked if unknowingly visiting a malicious website. The malicious websites host a file or other resource that contains the string “cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html” […]

Read More

Threat Advisory: More Than 1 Million Google Accounts Breached by Gooligan

November 30, 2016
HTTPS interception

Checkpoint has recently released information on a new malware campaign named Gooligan. Gooligan has already breached the security of over one million Google accounts and it is believed that more than 13,000 devices will be compromised daily. The Gooligan malware roots infected devices and steals authentication tokens that can be used to access data from […]

Read More

Threat Advisory: Dirty COW Linux Kernel Vulnerability

October 21, 2016
HTTPS interception

A 9-year-old critical vulnerability in the Linux kernel, dubbed ‘Dirty COW’ (CVE-2016-5195) has recently surfaced and is being actively exploited. The vulnerability, named from the copy-on-write (COW) mechanism in the Linux kernel, could allow a malicious actor to tamper with read-only, root-owned executable files. In other words, exploitation of this vulnerability may allow an attacker […]

Read More

Threat Update: US-CERT Confirms Heightened DDoS Threat Posed by Mirai and Other Botnets

October 17, 2016
HTTPS interception

Herjavec Group circulates US – CERT advisories as this notification warrants attention and may have significance to your Enterprise network environment. If the following advisory is applicable to your environment, Herjavec Group recommends your IT team review the technical details included and monitor your environment for any susceptible systems. Herjavec Group’s analysts are working with […]

Read More

Threat Update: WPAD Name Collision Vulnerability

May 24, 2016
HTTPS interception

Web Proxy Auto-Discovery (WPAD) Domain Name System (DNS) queries that are intended for resolution on private or enterprise DNS servers have been observed reaching public DNS servers [1]. In combination with the New generic Top Level Domain (gTLD) program’s incorporation of previously undelegated gTLDs for public registration, leaked WPAD queries could result in domain name […]

Read More

Threat Update: SAP Business Applications

May 11, 2016
HTTPS interception

It has been reported that over 35 organizations worldwide running outdated or misconfigured software are affected by an SAP vulnerability. Security researchers from Onapsis discovered indicators of exploitation against these organizations’ SAP business applications. The observed indicators relate to the abuse of the Invoker Servlet, a built-in functionality in SAP NetWeaver Application Server Java systems […]

Read More

Ransomware and Recent Variants

April 7, 2016
ransomware blog

The United States Department of Homeland Security (DHS), in collaboration with Canadian Cyber Incident Response Centre (CCIRC), released the following alert to provide further information on ransomware including its main characteristics, its prevalence, variants that may be proliferating, and how users can prevent and mitigate against it. Herjavec Group is circulating the advisory below as this information warrants attention […]

Read More

Threat Advisory: Tracking the Badlock Vulnerability

March 28, 2016
HTTPS interception

There have been a number of posts and news releases relating to the Badlock vulnerability, for which patches are expected to be available April 12. The “marketing efforts” and media attention surrounding the vulnerability have received backlash given that no solutions are readily available. The Badlock vulnerability is expected to impact Windows networking services which will […]

Read More