Threat Advisory

Threat Advisory: HIDDEN COBRA FASTCash Campaign

Threat Advisory: HIDDEN COBRA FASTCash Campaign

Systems Affected Retail Payment Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Department of the Treasury (Treasury), and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS, Treasury, and FBI identified malware and other indicators of compromise (IOCs) used by the North Korean government... Read More
October 3, 2018
Threat Advisory: HIDDEN COBRA FASTCash-Related Malware

Threat Advisory: HIDDEN COBRA FASTCash-Related Malware

Herjavec Group circulates US – Cert advisories as this notification warrants attention and may have significance to your Enterprise network environment. If the following advisory is applicable to your environment, Herjavec Group recommends your IT team review the technical details included and monitor your environment for any susceptible systems. Herjavec Group’s analysts are working with applicable vendor partners to apply... Read More
Threat Advisory: Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution

Threat Advisory: Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. Herjavec Group encourages users and administrators to review MS-ISAC Advisory 2018-101 and the PHP Downloads page and apply the necessary updates. Additional Context: PHP lives in almost every environment in today’s... Read More
September 17, 2018
Threat Advisory: HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm

Threat Advisory: HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with two families of malware used by the North Korean government: a remote access tool... Read More
May 29, 2018
Threat Advisory: Office 365 Zero-Day Used in Real-World Phishing Campaigns

Threat Advisory: Office 365 Zero-Day Used in Real-World Phishing Campaigns

Security researchers have revealed that a zero-day vulnerability found in the SafeLinks feature of Microsoft Office 365 may allow hackers to send malicious emails that bypass security systems on Office 365 accounts. SafeLinks is included in the Office 365 software as as part of Microsoft's Advanced Threat Protection (APT) solution, originally designed to protect users from malware and phishing attacks,... Read More
May 9, 2018
Threat Advisory: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

Threat Advisory: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

A joint alert issued by the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom's National Cyber Security Centre (NCSC) warns that Russian state-sponsored cyber actors are actively targeting home and enterprise routers. Since 2015, the U.S. Government received information from multiple sources—including private and public sector cybersecurity research organizations and allies—that cyber actors... Read More
April 17, 2018
Threat Update: Cisco ASA VPN Feature Allows Remote Code Execution (CVE-2018-0101)

Threat Update: Cisco ASA VPN Feature Allows Remote Code Execution (CVE-2018-0101)

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco... Read More
January 30, 2018
Oracle WebLogic Vulnerability Being Exploited by Bitcoin Miners

Oracle WebLogic Vulnerability Being Exploited by Bitcoin Miners

In October 2017, Oracle disclosed CVE-2017-10271—a critical vulnerability in WebLogic's 'WLS Security' component which utilizes Java. A patch was released to address the issue. It's been widely reported that Bitcoin miners have been exploiting this vulnerability to gain access to and compromise systems.  Actors have been targeting a high number of WebLogic servers being hosted on public cloud servers. Scanned ports by... Read More
January 12, 2018
Threat Update: Meltdown and Spectre Side-Channel Vulnerabilities

Threat Update: Meltdown and Spectre Side-Channel Vulnerabilities

Herjavec Group is aware of a set of security vulnerabilities—known as Meltdown and Spectre—that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information. Users and administrators are encouraged to review Vulnerability Note VU#584653, Microsoft's Advisory, and Mozilla's blog post for additional information and refer to their OS vendor for appropriate patches. Firefox... Read More
January 4, 2018

Threat Update: Turla Group Malware Targets UK

New intelligence is available from the United Kingdom's National Cyber Security Centre (NCSC) on two tools used by the Turla group to target the UK, known as Neuron and Nautilus. The malware, often used in conjunction with the Snake rootkit, could allow attackers to gain remote access to and control of the target environments. The report, available here, contains indicators of... Read More
November 30, 2017