Threat Advisory

Threat Advisory: Highly Exploitable Vulnerabilities in Samba

Threat Advisory: Highly Exploitable Vulnerabilities in Samba

Overview On January 31st, 2022, three vulnerabilities CVE-2021-44141, CVE-2022-0336, CVE-2021-44142 in Samba were publicly disclosed. Samba is a free and open-source software (FOSS) package that provides SMB/CIFS capability for Linux/Unix devices[1]. CVE-2022-0336 is a vulnerability in Samba Active Directory which allows an attacker to bypass service principal name (SPN) checking, allowing an attacker to intercept traffic and impersonate existing services[2].... Read More
February 3, 2022
Threat Advisory: CVE-2021-4034: ‘PwnKit’

Threat Advisory: CVE-2021-4034: ‘PwnKit’

Overview On Tuesday, January 25th, researchers from Qualys disclosed the discovery of a local privilege escalation vulnerability in Linux’s pkexec tool - CVE-2021-4034, which they have dubbed PwnKit. Pkexec is part of the PolKit package and is commonly used within systemd-based Linux distributions[1].  Qualys have confirmed the default installations of Ubuntu, Debian, Fedora, and CentOS contain this vulnerability, but all... Read More
January 27, 2022
Threat Advisory: Geopolitical Update – Russia Ukrainian Tensions

Threat Advisory: Geopolitical Update – Russia Ukrainian Tensions

Overview On Friday, January 14, the Ukrainian government experienced multiple cyberattacks that resulted in the defacement of 70 government-owned websites[1]. The defacement replaced all original content with messages in Russian, Polish, and Ukrainian with the aim to create and spread dissent between different ethnic groups[2]. According to cybersecurity researcher Gary Warner of DarkTower Threat intelligence, the message specifically targets native... Read More
January 20, 2022
Threat Advisory: CVE-2021-22045: VMware Heap-Overflow

Threat Advisory: CVE-2021-22045: VMware Heap-Overflow

Overview On January 4th, VMware released security advisory VMSA-2022-0001/CVE-2021-22045 addressing a heap-based overflow vulnerability in several VMware-based technologies[1]. VMware states, "a malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine” [1]. Successful exploitation of CVE-2021-22045... Read More
January 6, 2022
Threat Advisory: Detection & Hardening Guide for CVE-2021-4428 Log4Shell

Threat Advisory: Detection & Hardening Guide for CVE-2021-4428 Log4Shell

Overview On December 10th, 2021, Herjavec Group’s Threat and Vulnerability Management team released a threat notification to our customers detailing LunaSec’s discovery of CVE-2021-44228, a critical vulnerability in the Apache logging library (log4j). The team has done a thorough review of Herjavec Group systems, including statements from our principal data processors and sub-processors, and have concluded that there is no... Read More
December 13, 2021
State-Sponsored Cyber Activity Report 2021

State-Sponsored Cyber Activity Report 2021

The cybercrime landscape has continued to evolve rapidly and the threats we now face are sophisticated, global, and in many cases, backed by nation-states. With this comes an increase in risk to critical infrastructure. As we've seen this past year from some of the largest cyberattacks in our history, breaches on critical infrastructure result in disruption and downtime that trickles... Read More
December 2, 2021
Threat Advisory: Active Exploitation of new Microsoft Windows Vulnerabilities

Threat Advisory: Active Exploitation of new Microsoft Windows Vulnerabilities

Overview On November 9, 2021, Microsoft released its monthly security update KB5007186 for its Windows family of products [1]. Among these, Microsoft’s security intelligence center (MSTIC) flagged two vulnerabilities as being actively exploited in the wild: CVE-2021-42321, a post-authentication Microsoft Exchange Server vulnerability includes servers used by customers in Exchange Hybrid Mode. Microsoft further stated, “We are aware of limited targeted... Read More
November 11, 2021
Herjavec Group BlackMatter Ransomware Profile

Herjavec Group BlackMatter Ransomware Profile

BlackMatter Ransomware is a breakout ransomware group that became operational shortly after the shutdown of the REvil Ransomware and DarkSide Ransomware operations in late Summer 2021. Like DarkSide, this group has been very vocal and expressive with the press about their operation. Furthermore, they have openly claimed that BlackMatter is the product of reproducing the “best parts” of previous ransomware operations[1]. Black Matter has... Read More
September 24, 2021
Herjavec Group LockBit 2.0 Ransomware Profile

Herjavec Group LockBit 2.0 Ransomware Profile

LockBit ransomware was initially discovered in September 2019. Since then, the malware has been used in ransomware attacks against a range of industries located across the globe. With the evolution of ransomware operators and their tactics over the past few years, groups like the LockBit gang have implemented successful tactics from other groups to increase their success and/or profits. In... Read More
August 23, 2021
Herjavec Group’s March 2021 Threat Summary Analysis

Herjavec Group’s March 2021 Threat Summary Analysis

Herjavec Group’s Threat Management Team leverages the Threat Summary to provide an overview of the most common threats and vulnerabilities seen in customer environments in recent months. This summary will include further information on supply chain compromises, malware attacks, and targeted phishing attacks. Download the Threat Summary below.  GET THE HG THREAT SUMMARY ANALYSIS For more information on Herjavec Group's... Read More
March 30, 2021