Threat Advisory

Herjavec Group’s Threat Summary Analysis – Q2 2020

Herjavec Group’s Threat Summary Analysis – Q2 2020

Herjavec Group’s Threat Management Team leverages this Quarterly Threat Summary to provide an overview of the most common threats and vulnerabilities seen in customer environments in recent months. In our Q1 2020 Threat Summary, our team noted a rise in ransomware attacks, major vulnerabilities across security technologies, and threat group activity. In Q2 2020, the HG Threat team noted a significant... Read More
August 7, 2020
Threat Advisory: Microsoft Releases Patch for DNS Server Vulnerability (CVE-2020-1350)

Threat Advisory: Microsoft Releases Patch for DNS Server Vulnerability (CVE-2020-1350)

Microsoft has released a patch for a critical vulnerability in its DNS server that affects Windows versions back to Server 2003. This vulnerability has received a CVSS score of 10 and allows for a full system compromise without authentication. The exploit can also be used to spread across a network without user interaction. Affected Windows servers include any server with... Read More
July 17, 2020
Threat Advisory: Critical Vulnerability in SAP NetWeaver AS Java (CVE-2020-6287)

Threat Advisory: Critical Vulnerability in SAP NetWeaver AS Java (CVE-2020-6287)

SAP has released a security update to address the critical vulnerability, CVE-2020-6287, discovered in the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. This vulnerability is found in SAP applications running NetWeaver AS Java 7.3 up to 7.5. Since the SAP NetWeaver AS for Java supports the SAP Portal component (which is commonly exposed to the Internet), it... Read More
Threat Advisory: Palo Alto PAN-OS Authentication Bypass in SAML Vulnerability

Threat Advisory: Palo Alto PAN-OS Authentication Bypass in SAML Vulnerability

On June 29, 2020, Palo Alto Networks released a security advisory relating to a critical authentication bypass vulnerability within PAN-OS Security Assertion Markup Language (SAML) authentication. Currently, the affected products include: GlobalProtect Gateway GlobalProtect Portal GlobalProtect Clientless VPN Authentication and Captive Portal PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces Prisma Access The vulnerability affects PAN-OS versions 9.1, 9.0,... Read More
June 30, 2020
Threat Advisory: Sandworm Actors Exploiting Exim Vulnerability

Threat Advisory: Sandworm Actors Exploiting Exim Vulnerability

A critical remote code execution vulnerability is actively being scanned for and exploited across the Internet. Herjavec Group initially published a Threat Advisory for CVE-2019-10149, known as “Return of the WIZard”, when it was discovered in June 2019. Recently, the NSA published an updated advisory regarding Sandworm threat group operators exploiting the same vulnerability in the Exim Mail Transfer Agent... Read More
May 29, 2020
Threat Advisory: Citrix ADC/Netscaler Breach Activity

Threat Advisory: Citrix ADC/Netscaler Breach Activity

Herjavec Group has been investigating a spike in Citrix ADC/NetScaler breaches as a result of recently published zero-day exploits for CVE-2019-19781 affecting Citrix Application Delivery Controller (ADC), formerly known as NetScaler ADC, Citrix Gateway, and NetScaler Gateway. The scope of this vulnerability includes Citrix ADC and Citrix Gateway Virtual Appliances (VPX) hosted on any of Citrix Hypervisor (formerly XenServer), ESX, Hyper-V,... Read More
May 19, 2020
Threat Advisory: Phantom in the Command Shell Campaigns Target Financial Industry

Threat Advisory: Phantom in the Command Shell Campaigns Target Financial Industry

Researchers at Prevailion have reported a new operation called Phantom in the Command Shell. The operations have been targeting financial firms across the globe using the Evilnum malware, which is being distributed to victims using a Google Drive share link. Clicking on the Google Drive share link downloads a malicious zip archive file to the host. When decompressed, the file... Read More
May 8, 2020
Threat Advisory Update: Emotet Botnet Shows Signs of Life & COVID-19 Phishing Campaigns Target Healthcare

Threat Advisory Update: Emotet Botnet Shows Signs of Life & COVID-19 Phishing Campaigns Target Healthcare

The Emotet botnet has begun to show signs of life after months of inactivity. The E2 portion has started deploying credential and email stealing modules. It is believed that this could be a preparation step for a new spam campaign. During the downtime, the operators behind Emotet have redesigned it and some of the modules it uses. New features include... Read More
April 22, 2020
Threat Advisory: NSA, ASD Release Guidance for Mitigating Web Shell Malware

Threat Advisory: NSA, ASD Release Guidance for Mitigating Web Shell Malware

The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) have jointly released a Cybersecurity Information Sheet (CSI) on mitigating web shell malware. Malicious cyber actors are increasingly deploying web shell malware on victim web servers to execute arbitrary system commands. By deploying web shell malware, cyber attackers can gain persistent access to compromised networks. The CSI provides... Read More
Threat Advisory: Re-Emergence of the Maze Ransomware

Threat Advisory: Re-Emergence of the Maze Ransomware

Herjavec Group continues to track COVID-19 related cyberattacks. We have a complete threat advisory tracking various threats, malware types, as well as a summary of IOCs and domains specific to COVID-19. The full advisory can be found here. The Maze ransomware was initially discovered in May 2019, and since then the attack frequency has increased and the group behind it... Read More
April 20, 2020