Threat Advisory Archives - Page 2 of 12

Threat Advisory: Attackers leveraging compromised Microsoft Exchange Servers to deploy DEARCRY Ransomware

Attackers have been observed deploying DEARCRY ransomware on compromised Microsoft Exchange Servers via the ProxyLogon exploit first observed on March 9th, 2021. Security professionals have been busy working on Microsoft Exchange Server vulnerability issues since the beginning of March 2021. Unfortunately, security professionals saw successful exploitation of the vulnerabilities (ProxyLogon vulnerabilities, i.e. CVE-2021-26855) on March 9th, 2021 and ransomware installation... Read More

March 12, 2021 Threat Advisory

Threat Advisory: F5 Patches Multiple Critical Vulnerabilities in its Big-IP Suite

On Wednesday, March 10, 2021, application services and network delivery firm F5 announced the release of patches for seven related vulnerabilities in its BIG-IP product, including four with a "critical" CVSS rating. As of the release of this notification, no exploitation in the wild has been reported. According to F5’s advisory "The vulnerability allows for unauthenticated attackers with network access... Read More

March 10, 2021 Threat Advisory

Threat Advisory: Risk Based Security Researchers Report DriveSure Data Exposure

Security researchers from Risk Based Security, an organization that analyzes data breaches, have released a summary regarding a data exposure they discovered in early January. The data originates from drivesure.com databases and contained over 20 gigabytes of data.[1] DriveSure provides car dealerships with services to assist them with employee training and customer retention programs. The data was shared on the... Read More

February 12, 2021 Threat Advisory

Threat Advisory: Subway Restaurants Serving TrickBot with New TrickBoot Module

On December 12, 2020, Subway UK disclosed that its system used for marketing campaigns was compromised and was used for a phishing campaign distributing TrickBot. The phishing campaign spoofed a Subway order confirmation and targeted customers from the United Kingdom. An investigation into the incident determined that no guest accounts were breached and Subway has begun the process of notifying... Read More

December 17, 2020 Threat Advisory

Threat Advisory: SolarWinds Orion versions 2019.4 -2020.2.1 Software Supply Chain Attack

During the evening of December 13th, 2020 it was announced that for several months, emails and other sensitive materials on the SolarWinds Orion network have been exfiltrated by sophisticated, nation-state hackers [1]. Mandiant has classified the attack with a neutral tag of UNC2452 (Uncategorized 2452) while other sources are alleging this activity is attributable to APT29/Cozy Bear and have reason... Read More

December 14, 2020 Threat Advisory

Threat Advisory: Russian State-Sponsored Malicious Cyber Actors Exploiting CVE-2020-4006

The NSA recently released an advisory on Russian state-sponsored malicious actors exploiting CVE-2020-4006, a command-injection vulnerability in several VMWare Access and VMWare Identity Management Products. VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector have been identified containing a command injection vulnerability. If successful, the exploit allows a potential malicious actor, with network access to the administrative... Read More

December 8, 2020 Threat Advisory

Herjavec Group’s Threat Summary Analysis – Q2 2020

Herjavec Group’s Threat Management Team leverages this Quarterly Threat Summary to provide an overview of the most common threats and vulnerabilities seen in customer environments in recent months. In our Q1 2020 Threat Summary, our team noted a rise in ransomware attacks, major vulnerabilities across security technologies, and threat group activity. In Q2 2020, the HG Threat team noted a significant... Read More

August 7, 2020 Threat Advisory, Thought Leadership

Threat Advisory: Microsoft Releases Patch for DNS Server Vulnerability (CVE-2020-1350)

Microsoft has released a patch for a critical vulnerability in its DNS server that affects Windows versions back to Server 2003. This vulnerability has received a CVSS score of 10 and allows for a full system compromise without authentication. The exploit can also be used to spread across a network without user interaction. Affected Windows servers include any server with... Read More

July 17, 2020 Threat Advisory

Threat Advisory: Critical Vulnerability in SAP NetWeaver AS Java (CVE-2020-6287)

SAP has released a security update to address the critical vulnerability, CVE-2020-6287, discovered in the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. This vulnerability is found in SAP applications running NetWeaver AS Java 7.3 up to 7.5. Since the SAP NetWeaver AS for Java supports the SAP Portal component (which is commonly exposed to the Internet), it... Read More

Threat Advisory

Threat Advisory: Palo Alto PAN-OS Authentication Bypass in SAML Vulnerability

On June 29, 2020, Palo Alto Networks released a security advisory relating to a critical authentication bypass vulnerability within PAN-OS Security Assertion Markup Language (SAML) authentication. Currently, the affected products include: GlobalProtect Gateway GlobalProtect Portal GlobalProtect Clientless VPN Authentication and Captive Portal PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces Prisma Access The vulnerability affects PAN-OS versions 9.1, 9.0,... Read More

June 30, 2020 Threat Advisory