Threat Advisory

Threat Update: Cisco ASA VPN Feature Allows Remote Code Execution (CVE-2018-0101)

Threat Update: Cisco ASA VPN Feature Allows Remote Code Execution (CVE-2018-0101)

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco... Read More
January 30, 2018
Oracle WebLogic Vulnerability Being Exploited by Bitcoin Miners

Oracle WebLogic Vulnerability Being Exploited by Bitcoin Miners

In October 2017, Oracle disclosed CVE-2017-10271—a critical vulnerability in WebLogic's 'WLS Security' component which utilizes Java. A patch was released to address the issue. It's been widely reported that Bitcoin miners have been exploiting this vulnerability to gain access to and compromise systems.  Actors have been targeting a high number of WebLogic servers being hosted on public cloud servers. Scanned ports by... Read More
January 12, 2018
Threat Update: Meltdown and Spectre Side-Channel Vulnerabilities

Threat Update: Meltdown and Spectre Side-Channel Vulnerabilities

Herjavec Group is aware of a set of security vulnerabilities—known as Meltdown and Spectre—that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information. Users and administrators are encouraged to review Vulnerability Note VU#584653, Microsoft's Advisory, and Mozilla's blog post for additional information and refer to their OS vendor for appropriate patches. Firefox... Read More
January 4, 2018

Threat Update: Turla Group Malware Targets UK

New intelligence is available from the United Kingdom's National Cyber Security Centre (NCSC) on two tools used by the Turla group to target the UK, known as Neuron and Nautilus. The malware, often used in conjunction with the Snake rootkit, could allow attackers to gain remote access to and control of the target environments. The report, available here, contains indicators of... Read More
November 30, 2017

Threat Update: Hidden Cobra – Volgmer Trojan

Herjavec Group continues to closely monitor the news and activity around Hidden Cobra. Managed Security Services customers can rest assured that should there be an escalation in your environment related to Hidden Cobra, the alert shared with you via HG’s Analytics Platform will be enriched with threat intelligence to indicate the applicable Threat Actors.  The static and dynamic IPs outlined... Read More
November 15, 2017

Threat Advisory: Bad Rabbit Ransomware Update

This is an update to Herjavec Group’s initial Bad Rabbit Ransomware threat advisory. Additional Bad Rabbit Information Initial analysis from various AV vendors show that the Bad Rabbit malware it is a variant of the NotPetya sample. It is not known yet if there is actual code re-use or if the tactics and strings were simply copied from analyzed versions... Read More
October 25, 2017

Several Key Vulnerabilities Found in WPA2 Security Protocol

Several key vulnerabilities have been found in the Wi-Fi Protected Access II (WPA2) security protocol that may allow cybercriminals to eavesdrop on Wi-Fi traffic between computers and access points. If exploited, attackers may take control of affected systems to conduct attacks such as packet replay, TCP connection hijacking, HTTP content injection, arbitrary packet decryption, and more.    The following vulnerabilities... Read More
October 16, 2017

Important Palo Alto Networks URL Filtering Service Announcement

The Palo Alto Networks Support Team circulated the update below last night relating to the Palo Alto Networks URL Filtering service: A new category has been created for your Palo Alto Networks URL Filtering service.  This newly established category, “command-and-control,” previously fell within the malware category in the service.  We created this standalone command-and-control category to provide you with more... Read More
October 11, 2017

Palo Alto Networks Publishes 2 New and 1 Updated Security Advisory Addressing 3 Security Issues

New Security Advisories  PAN-SA-2017-0023 - Cross-Site Scripting in PAN-OS  A vulnerability exists in PAN-OS’s GlobalProtect external interface that could allow for a cross-site scripting (XSS) attack. PAN-OS does not properly validate specific request parameters  * Medium Severity  * Fixed in PAN-OS 6.1.18, PAN-OS 7.0.17, PAN-OS 7.1.12 and PAN-OS 8.0.3  * CVE-2017-12416 PAN-SA-2017-0024 - XML External Entity (XXE) in PAN-OS  A... Read More
August 31, 2017