Threat Advisory

Threat Update: Hidden Cobra – Volgmer Trojan

Herjavec Group continues to closely monitor the news and activity around Hidden Cobra. Managed Security Services customers can rest assured that should there be an escalation in your environment related to Hidden Cobra, the alert shared with you via HG’s Analytics Platform will be enriched with threat intelligence to indicate the applicable Threat Actors.  The static and dynamic IPs outlined... Read More
November 15, 2017

Threat Advisory: Bad Rabbit Ransomware Update

This is an update to Herjavec Group’s initial Bad Rabbit Ransomware threat advisory. Additional Bad Rabbit Information Initial analysis from various AV vendors show that the Bad Rabbit malware it is a variant of the NotPetya sample. It is not known yet if there is actual code re-use or if the tactics and strings were simply copied from analyzed versions... Read More
October 25, 2017

Several Key Vulnerabilities Found in WPA2 Security Protocol

Several key vulnerabilities have been found in the Wi-Fi Protected Access II (WPA2) security protocol that may allow cybercriminals to eavesdrop on Wi-Fi traffic between computers and access points. If exploited, attackers may take control of affected systems to conduct attacks such as packet replay, TCP connection hijacking, HTTP content injection, arbitrary packet decryption, and more.    The following vulnerabilities... Read More
October 16, 2017

Important Palo Alto Networks URL Filtering Service Announcement

The Palo Alto Networks Support Team circulated the update below last night relating to the Palo Alto Networks URL Filtering service: A new category has been created for your Palo Alto Networks URL Filtering service.  This newly established category, “command-and-control,” previously fell within the malware category in the service.  We created this standalone command-and-control category to provide you with more... Read More
October 11, 2017

Palo Alto Networks Publishes 2 New and 1 Updated Security Advisory Addressing 3 Security Issues

New Security Advisories  PAN-SA-2017-0023 - Cross-Site Scripting in PAN-OS  A vulnerability exists in PAN-OS’s GlobalProtect external interface that could allow for a cross-site scripting (XSS) attack. PAN-OS does not properly validate specific request parameters  * Medium Severity  * Fixed in PAN-OS 6.1.18, PAN-OS 7.0.17, PAN-OS 7.1.12 and PAN-OS 8.0.3  * CVE-2017-12416 PAN-SA-2017-0024 - XML External Entity (XXE) in PAN-OS  A... Read More
August 31, 2017

Beware of Hurricane Harvey Phishing Scams

Herjavec Group advises to be cautious of any emails with subject lines, hyperlinks or attachments related to Hurricane Harvey relief efforts. Cybercriminal activity tends to increase significantly following a natural disaster of this magnitude. For example, fraudulent emails that mimic reputable charitable organizations requesting donations, often contain malicious links or attachments that direct users to malware-infected websites. Herjavec Group would... Read More
August 29, 2017

Threat Advisory: “Petya” Ransomware Update

Multiple sources have reported the spread of the “Petya” ransomware in countries around the world.Ransomware is a type of malicious software that infects a computer and restricts users' access to the infected machine until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee that access will be restored.... Read More
June 27, 2017

WannaCry Fact Sheet

Herjavec Group published its first threat advisory on the WannaCry attack on Friday May 12th. In response to WannaCry, Herjavec Group’s Security Operations Centers immediately heightened awareness internally for IOCs, and MD5 hashes which were attributed to the execution and symptoms of the attack.  Over the 48 hours that followed, HG security engineers developed and deployed rules to all Managed... Read More
May 18, 2017

Threat Update: Microsoft Releases Critical Security Update

Microsoft has released a critical out-of-band security update addressing a vulnerability in the Microsoft Malware Protection Engine. A remote attacker could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review Microsoft Security Advisory 4022344 for details and apply the necessary update. To view the original US-CERT advisory, please click here. Herjavec Group circulates US... Read More
May 9, 2017