Threat Advisory: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

April 17, 2018
HTTPS interception

A joint alert issued by the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC) warns that Russian state-sponsored cyber actors are actively targeting home and enterprise routers. Since 2015, the U.S. Government received information from multiple sources—including private and public sector cybersecurity research […]

Read More

Threat Update: Cisco ASA VPN Feature Allows Remote Code Execution (CVE-2018-0101)

January 30, 2018
HTTPS interception

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a region of memory when the webvpn feature […]

Read More

Oracle WebLogic Vulnerability Being Exploited by Bitcoin Miners

January 12, 2018
HTTPS interception

In October 2017, Oracle disclosed CVE-2017-10271—a critical vulnerability in WebLogic’s ‘WLS Security’ component which utilizes Java. A patch was released to address the issue. It’s been widely reported that Bitcoin miners have been exploiting this vulnerability to gain access to and compromise systems.  Actors have been targeting a high number of WebLogic servers being hosted on public […]

Read More

Threat Update: Meltdown and Spectre Side-Channel Vulnerabilities

January 4, 2018
HTTPS interception

Herjavec Group is aware of a set of security vulnerabilities—known as Meltdown and Spectre—that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information. Users and administrators are encouraged to review Vulnerability Note VU#584653, Microsoft’s Advisory, and Mozilla’s blog post for additional information and refer to their OS […]

Read More

Threat Update: Turla Group Malware Targets UK

November 30, 2017
HTTPS interception

New intelligence is available from the United Kingdom’s National Cyber Security Centre (NCSC) on two tools used by the Turla group to target the UK, known as Neuron and Nautilus. The malware, often used in conjunction with the Snake rootkit, could allow attackers to gain remote access to and control of the target environments. The report, […]

Read More

Threat Update: Hidden Cobra – Volgmer Trojan

November 15, 2017
HTTPS interception

Herjavec Group continues to closely monitor the news and activity around Hidden Cobra. Managed Security Services customers can rest assured that should there be an escalation in your environment related to Hidden Cobra, the alert shared with you via HG’s Analytics Platform will be enriched with threat intelligence to indicate the applicable Threat Actors.  The […]

Read More

Threat Advisory: Bad Rabbit Ransomware Update

October 25, 2017
HTTPS interception

This is an update to Herjavec Group’s initial Bad Rabbit Ransomware threat advisory. Additional Bad Rabbit Information Initial analysis from various AV vendors show that the Bad Rabbit malware it is a variant of the NotPetya sample. It is not known yet if there is actual code re-use or if the tactics and strings were […]

Read More

New Ransomware Infection “Bad Rabbit” Reported Around the World

HTTPS interception

There have been multiple reports of a new ransomware, dubbed “Bad Rabbit,” infecting computers in many countries around the world. This suspected variant of Petya ransomware is malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. As always, Herjavec Group advises against paying the […]

Read More

Several Key Vulnerabilities Found in WPA2 Security Protocol

October 16, 2017
HTTPS interception

Several key vulnerabilities have been found in the Wi-Fi Protected Access II (WPA2) security protocol that may allow cybercriminals to eavesdrop on Wi-Fi traffic between computers and access points. If exploited, attackers may take control of affected systems to conduct attacks such as packet replay, TCP connection hijacking, HTTP content injection, arbitrary packet decryption, and […]

Read More

Important Palo Alto Networks URL Filtering Service Announcement

October 11, 2017
HTTPS interception

The Palo Alto Networks Support Team circulated the update below last night relating to the Palo Alto Networks URL Filtering service: A new category has been created for your Palo Alto Networks URL Filtering service.  This newly established category, “command-and-control,” previously fell within the malware category in the service.  We created this standalone command-and-control category […]

Read More