Threat Advisory

Threat Advisory: Kwampirs Trojan Campaign Continues

Threat Advisory: Kwampirs Trojan Campaign Continues

The FBI's Cyber Division has re-released a January Flash report for the Kwampirs Remote Access Trojan (RAT). The primary target industries are healthcare, software supply chain, energy, and engineering industries, and the secondary targets are financial institutions and law firms. Kwampirs employs a two-phase approach. According to the FBI's Private Industry Notification, "the first phase establishes a broad and persistent... Read More
April 7, 2020
Threat Advisory: Updates Regarding COVID-19 Related Cyber Attacks

Threat Advisory: Updates Regarding COVID-19 Related Cyber Attacks

Overview  Malware-based phishing campaigns have been on the rise since early March. The campaigns appear to be from a trusted source, such as healthcare organizations, educational institutions, government agencies, or other official sources. The associated emails often contain a link that promises key information, relevant data, or tracking information regarding the Coronavirus. A number of these emails appear to originate... Read More
April 6, 2020
Threat Advisory: Phishing Campaigns Using the Zoom Video Conferencing Platform

Threat Advisory: Phishing Campaigns Using the Zoom Video Conferencing Platform

With the global situation around COVID-19 shifting organizations to remote work, the number of users utilizing audio/video conferencing tools has greatly increased. Given this increase in usage, Zoom, a popular video conferencing platform, is being targeted to execute conference hijacking attacks and is being utilized as an infection vector for malware. Additionally, there has also been a large increase in... Read More
April 2, 2020
Threat Advisory: Critical Patch Released for ‘Wormable’ SMBv3 Vulnerability

Threat Advisory: Critical Patch Released for ‘Wormable’ SMBv3 Vulnerability

Overview Days after Microsoft’s March 2020 patch Tuesday, they have released a patch for a recent SMBv3 vulnerability (CVE-2020-0796). The Server Message Block (SMB) is a protocol used by file sharing, network browsing, printing services, and interprocess communication over a network. SMB-based exploits have previously been used in high-profile ransomware infections such as WannaCry and NotPetya. Technical Details This vulnerability... Read More
March 13, 2020
Threat Advisory: Mitigating Cyber Attacks Using Coronavirus Pandemic

Threat Advisory: Mitigating Cyber Attacks Using Coronavirus Pandemic

Overview  Recently, there has been a significant increase in cyber attacks that take advantage of the global COVID-19 (Coronavirus) pandemic. Threat actors are leveraging additional information on COVID-19 to spread malware infections through phishing emails. These emails, particularly the subject lines, are designed to contain valuable information about the current status of the outbreak to lure victims into opening attachments... Read More
March 12, 2020
Threat Advisory: Six Malware Families Used by State-Sponsored Hacking Group

Threat Advisory: Six Malware Families Used by State-Sponsored Hacking Group

The US Cyber Command, the Department of Homeland Security, and the Federal Bureau of Investigations have released security advisories detailing six new malware families that are currently being used by hackers believed to be connected with the government-backed, North Korean hacking group known as Hidden Cobra or Lazars Group. There is also the seventh report of an updated version of... Read More
February 14, 2020
Threat Advisory: Vulnerabilities Found in Cisco Discovery Protocol

Threat Advisory: Vulnerabilities Found in Cisco Discovery Protocol

Multiple vulnerabilities in the Cisco Discovery Protocol implementation of Cisco products were recently discovered by the Cisco Product Security Incident Response Team. These vulnerabilities are collectively known as "CDPwn".  According to Cisco, the Cisco Discovery Protocol "facilitates the management of Cisco devices by discovering these devices, determining how they are configured, and allowing systems using different network-layer protocols to learn... Read More
February 6, 2020
Herjavec Group’s Threat Summary Analysis – Q4 2019

Herjavec Group’s Threat Summary Analysis – Q4 2019

Herjavec Group’s Threat Management Team leverages this Quarterly Threat Summary to provide an overview of the most common threats and vulnerabilities seen in customer environments in recent months. In our Q3 2019 Threat Summary, our team addressed Emotet, Remote Desktop Service Vulnerabilities, and Web Compromise via Drupal. In Q4 2019, the HG Threat team noted a rise in ransomware attacks, major... Read More
February 3, 2020
Threat Advisory: HG Updates on Citrix vulnerability – CVE-2019-19781

Threat Advisory: HG Updates on Citrix vulnerability – CVE-2019-19781

Over the past month, Herjavec Group has been supporting clients impacted by the vulnerability (CVE-2019-19781) impacting multiple versions of Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP.  CVE-2019-19781 is a directory traversal exploit that involves adversaries initiating a large scan upon discovery of a successful connection, then dropping files onto the infected system. This establishes a backdoor... Read More
January 24, 2020
Threat Advisory: Increased Emotet Malware Activity Detected

Threat Advisory: Increased Emotet Malware Activity Detected

The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory on the increasing use of targeted Emotet malware attacks. Emotet is a Trojan used by threat actors to act as a downloader, or dropper, of other malware. The most common delivery method for Emotet is via the use of spam emails that have a malicious Microsoft Word or Excel... Read More
January 23, 2020