Threat Advisory

Threat Advisory: TrickBot Malware

Threat Advisory: TrickBot Malware

The Multi-State Information Sharing and Analysis Center (MS-ISAC) recently released a security primer on TrickBot. Originally developed in 2016 as a Windows-based banking Trojan, TrickBot has recently seen advancements in its capabilities. The developers behind it have continued to add more features via modules to this potent trojan. With its modular structure, it is able to download new modules from... Read More
March 15, 2019
Herjavec Group’s Quarterly Threat Summary Analysis: Q4 2018

Herjavec Group’s Quarterly Threat Summary Analysis: Q4 2018

Herjavec Group circulates Threat Advisories on a regular basis to share threat intelligence and security recommendations. Our Threat Management Team has provided an overview of the most common threats and vulnerabilities communicated over the last quarter. Phishing, Ransomware, Crypto-Jacking and IoT Vulnerabilities were prominent in Q4 of 2018. A summary of each threat type, as well as their potential impact... Read More
January 31, 2019
Threat Advisory: CERT/CC Reports Critical Vulnerabilities in Microsoft Windows, Server

Threat Advisory: CERT/CC Reports Critical Vulnerabilities in Microsoft Windows, Server

The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting versions of Microsoft Windows and Windows Server. A remote attacker could exploit these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review CERT/CC’s Vulnerability Notes VU#289907 and VU#531281 and Microsoft’s security... Read More
January 4, 2019
Threat Advisory: SamSam Ransomware

Threat Advisory: SamSam Ransomware

The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) have recently issued a US-CERT alert on the SamSam ransomware. SamSam has targeted multiple industries since its initial release, including critical infrastructure.  According to the US-CERT, the SamSam ransomware exploits Windows servers to gain persistent access to a victim’s network... Read More
December 4, 2018
Threat Advisory: Suspicious Scanning Activity

Threat Advisory: Suspicious Scanning Activity

Details Herjavec Group has detected significant malicious scanning attempts across multiple client environments, including entertainment, finance and legal organizations. These scans, mostly targeting web applications and other external facing devices, do not appear to be targeted in nature but rather part of a general, large scale attempt to discover vulnerabilities within networks. Herjavec Group has observed several IPs scanning new clients daily,... Read More
November 7, 2018
Threat Advisory: HIDDEN COBRA FASTCash Campaign

Threat Advisory: HIDDEN COBRA FASTCash Campaign

Systems Affected Retail Payment Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Department of the Treasury (Treasury), and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS, Treasury, and FBI identified malware and other indicators of compromise (IOCs) used by the North Korean government... Read More
October 3, 2018
Threat Advisory: HIDDEN COBRA FASTCash-Related Malware

Threat Advisory: HIDDEN COBRA FASTCash-Related Malware

Herjavec Group circulates US – Cert advisories as this notification warrants attention and may have significance to your Enterprise network environment. If the following advisory is applicable to your environment, Herjavec Group recommends your IT team review the technical details included and monitor your environment for any susceptible systems. Herjavec Group’s analysts are working with applicable vendor partners to apply... Read More
Threat Advisory: Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution

Threat Advisory: Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. Herjavec Group encourages users and administrators to review MS-ISAC Advisory 2018-101 and the PHP Downloads page and apply the necessary updates. Additional Context: PHP lives in almost every environment in today’s... Read More
September 17, 2018
Threat Advisory: HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm

Threat Advisory: HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with two families of malware used by the North Korean government: a remote access tool... Read More
May 29, 2018
Threat Advisory: Office 365 Zero-Day Used in Real-World Phishing Campaigns

Threat Advisory: Office 365 Zero-Day Used in Real-World Phishing Campaigns

Security researchers have revealed that a zero-day vulnerability found in the SafeLinks feature of Microsoft Office 365 may allow hackers to send malicious emails that bypass security systems on Office 365 accounts. SafeLinks is included in the Office 365 software as as part of Microsoft's Advanced Threat Protection (APT) solution, originally designed to protect users from malware and phishing attacks,... Read More
May 9, 2018