Threat Advisory

Threat Update | Leap Second June 30, 2015

The term “Leap Second” was coined to reflect that the last minute of June 30th will be one second longer than a standard minute, meaning that June 30, 2015 23:59:60 will be a valid and correct time. This time could cause potential issues across various IT infrastructures. It has been speculated that the Leap Second could cause a server hang... Read More
June 1, 2015

Threat Update | Logjam Vulnerability

What is Logjam? Logjam is a browser and website encryption vulnerability that allows attackers to view encrypted content by downgrading security connections. How does this vulnerability work? When websites and mail servers attempt to communicate security with end users many of them do what is known as a Diffie-Hellman key exchange in an attempt to establish an encrypted connection. The... Read More
May 20, 2015

Threat Update | VENOM Vulnerability

May 13, 2015 CrowdStrike has disclosed a vulnerability that impacts a large number of virtual machine (VM) products. CrowdStrike named this vulnerability, tracked as CVE-2015-3456, VENOM, which stands for Virtualized Environment Neglected Operations Manipulation. CrowdStrike Intelligence is not aware of any in-the-wild exploitation of this vulnerability. The specific issue is a buffer overflow vulnerability exposed due to a race-condition in... Read More
May 13, 2015

Threat Update | Simda Botnet

April 15, 2015 US-Cert has reported the compromise of more than 770,000 computers running Microsoft Windows worldwide through the Simda botnet. The details below have been released to provide further information along with prevention recommendations. Simda malware may re-route user’s Internet traffic to websites under criminal control or can be used to install malware. The malicious actors control the network of... Read More
April 15, 2015
Threat Update | SuperFish

Threat Update | SuperFish

Lenovo products shipped between September 2014 and February 2015 have come with preloaded software known as “SuperFish”. It is very common for manufacturers and OEMs to preload applications onto the Operating System; however, what makes SuperFish “unique” is that it is designed to intercept all HTTP and HTTPS communication. SuperFish is designed to provide analytics to better enhance the user’s... Read More
February 25, 2015

Threat Update| “JASBUG"

On February 10th, 2015, Microsoft released two critical patches for “JASBUG” – MS15-011 and MS15-014. The design flaws were indirectly discovered by JAS Global Advisors LLC with assistance from simMachines’s analytics. The patches have been published by Microsoft in order to resolve design flaws found in Active Directory Group Policies. The two vulnerabilities – or rather, design flaws – occur... Read More
February 11, 2015

Threat Update | GNU C Library (glibc) Vulnerability: "GHOST"

A new UNIX vulnerability has been published - CVE-2015-0235. This is a critical vulnerability within the GNU C library (glibc) that allows an attacker the ability to execute malicious code. The vulnerability lies within the “_gethostbyname” function call, hence the name GHOST. This vulnerability is present in nearly all versions of glibc as far back as glibc-2.2 (Released in November... Read More
January 28, 2015

Threat Update | Network Time Protocol Vulnerabilities

Network Time Protocol (NTP) is used to synchronize time between systems. Keeping time synchronized is important in the operation and logging information between systems. There are multiple vulnerabilities in NTP in versions prior to 4.2.8. These vulnerabilities could allow an attacker to run software with privileges of the NTP software. It is recommended that versions of NTP software be upgraded... Read More
December 22, 2014

Threat Update | X.Org Security Advisory

This advisory outlines vulnerabilities affecting servers running "X Windows", a graphical user interface common in Unix, Linux and related platforms, and less commonly on MS Windows computers when installed by end-users. This is rated CRITICAL due to the possibility of denial of service attacks or the possibility of allowing unauthorized and undesirable programs to execute. There are effective controls and... Read More

Threat Update: BASH Vulnerability

What is the vulnerability? Akamai security researcher, Stephane Chazelashas, has discovered a critical vulnerability in the command-line shell known as BASH, or GNU Bourne-again Shell, the most widely deployed shell for Unix-based systems. The vulnerability has had several variations and now uses CVE identifiers CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187 and is being referred to as "Shellshock". While BASH... Read More
October 6, 2014