Threat Advisory

Threat Advisory | VMware Security Updates

VMware has released security updates to address vulnerabilities in vCenter and ESXi. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.  Users and administrators are encouraged to review VMware Security Advisory VMSA-2015-0007 and apply the necessary updates.   Herjavec Group circulates US – Cert advisories as this notification warrants attention and may have... Read More
October 2, 2015

Threat Advisory | FireEye HX 2.1 Vulnerability Update

FireEye has confirmed a vulnerability affecting its HX product version 2.1 (a legacy version, but still in use by some customers). The current release of FireEye’s HX product offering is version 2.6. FireEye has acknowledged that this vulnerability cannot be executed remotely, nor can it be exploited by an unauthenticated user.It is recommended that customers utilizing the HX product version... Read More
September 8, 2015

Threat Advisory | UDP-Based Amplification Attacks

Original release date by US Cert: January 17, 2014 | Last revised: August 19, 2015 A Distributed Reflective Denial of Service (DRDoS) attack is a form of Distributed Denial of Service (DDoS) that relies on the use of publicly accessible UDP servers, as well as bandwidth amplification factors, to overwhelm a victim system with UDP traffic. UDP, by design, is... Read More
August 20, 2015

Threat Advisory | Microsoft Font Driver Vulnerability

Microsoft Windows has reported a critical vulnerability that could allow remote execution if a user opens documents or visits untrusted webpages that contain embedded OpenType fonts. A security update has been made available and will correct how the Windows Adobe Type Manager Library handles OpenType fonts. For more information about this update, see Microsoft Knowledge Base Article 3079904. Most clients... Read More
July 21, 2015

Threat Advisory | Critical OpenSSL Patch Coming Today

Herjavec Group is currently monitoring the developments around an expected high severity vulnerability. It is believed the Open SSL project team will release a critical patch that could require a lengthy upgrade process. We are in the process of patching all managed client devices as updates are released by impacted vendors. This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and... Read More
July 9, 2015

Threat Advisory | Palo Alto Networks Emergency Path Update

Palo Alto Networks has released an emergency content update to add additional coverage for a recent 0-day vulnerability impacting Adobe Flash (CVE-2015-5119). This exploit can lead to arbitrary remote code execution by the attacker upon successful delivery and exploitation via a specially crafted Adobe Flash swf file, typically via a malicious website. Please review the note below and ensure the... Read More

Threat Update | Leap Second June 30, 2015

The term “Leap Second” was coined to reflect that the last minute of June 30th will be one second longer than a standard minute, meaning that June 30, 2015 23:59:60 will be a valid and correct time. This time could cause potential issues across various IT infrastructures. It has been speculated that the Leap Second could cause a server hang... Read More
June 1, 2015

Threat Update | Logjam Vulnerability

What is Logjam? Logjam is a browser and website encryption vulnerability that allows attackers to view encrypted content by downgrading security connections. How does this vulnerability work? When websites and mail servers attempt to communicate security with end users many of them do what is known as a Diffie-Hellman key exchange in an attempt to establish an encrypted connection. The... Read More
May 20, 2015

Threat Update | VENOM Vulnerability

May 13, 2015 CrowdStrike has disclosed a vulnerability that impacts a large number of virtual machine (VM) products. CrowdStrike named this vulnerability, tracked as CVE-2015-3456, VENOM, which stands for Virtualized Environment Neglected Operations Manipulation. CrowdStrike Intelligence is not aware of any in-the-wild exploitation of this vulnerability. The specific issue is a buffer overflow vulnerability exposed due to a race-condition in... Read More
May 13, 2015

Threat Update | Simda Botnet

April 15, 2015 US-Cert has reported the compromise of more than 770,000 computers running Microsoft Windows worldwide through the Simda botnet. The details below have been released to provide further information along with prevention recommendations. Simda malware may re-route user’s Internet traffic to websites under criminal control or can be used to install malware. The malicious actors control the network of... Read More
April 15, 2015