Threat Advisory

Threat Update: Intel Firmware Vulnerability (Updated)

Intel has released recommendations to address a recent vulnerability in the firmware of the following Intel products: Active Management Technology, Standard Manageability, and Small Business Technology firmware versions 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, 11.5, and 11.6. This vulnerability does not affect Intel-based consumer PCs. An attacker could exploit this vulnerability to take control of an affected system. Users and... Read More
May 8, 2017

Threat Update: Intel Firmware Vulnerability

Intel has released recommendations to address a vulnerability in the firmware of the following Intel products: Active Management Technology, Standard Manageability, and Small Business Technology, firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6. This vulnerability does not affect Intel-based consumer PCs. An attacker could exploit this vulnerability to take control of an affected system. Herjavec Group aligns... Read More
May 2, 2017

Threat Update: Microsoft Releases April 2017 Security Updates

Microsoft has released 61 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of a system. This Security Update addresses a Microsoft Office vulnerability that is actively being exploited to spread malicious code. Herjavec Group aligns with US Cert’s recommendation for users and administrators to review Vulnerability Note #VU921560 and Microsoft's April... Read More
April 12, 2017

Threat Update: HTTPS Interception Weakens TLS Security

Many organizations use HTTPS interception products for several purposes, including detecting malware that uses HTTPS connections to malicious servers. In a recent report, The Security Impact of HTTPS Interception highlighted several security concerns with HTTPS inspection products including: Many HTTPS inspection products do not properly verify the certificate chain of the server before re-encrypting and forwarding client data, allowing the possibility... Read More
March 16, 2017

Threat Advisory: Key Vulnerability Found In Cisco’s WebEx Chrome Extension

A critical vulnerability has recently been uncovered in the Chrome extension of Cisco WebEx, a web conferencing software widely used by enterprise businesses, leaving 20 million users susceptible to attack. Windows Chrome users are in danger of getting hacked if unknowingly visiting a malicious website. The malicious websites host a file or other resource that contains the string "cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html" in the URL. This string... Read More
January 25, 2017

Threat Advisory: More Than 1 Million Google Accounts Breached by Gooligan

Checkpoint has recently released information on a new malware campaign named Gooligan. Gooligan has already breached the security of over one million Google accounts and it is believed that more than 13,000 devices will be compromised daily. The Gooligan malware roots infected devices and steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos,... Read More
November 30, 2016

Threat Advisory: Dirty COW Linux Kernel Vulnerability

A 9-year-old critical vulnerability in the Linux kernel, dubbed 'Dirty COW' (CVE-2016-5195) has recently surfaced and is being actively exploited. The vulnerability, named from the copy-on-write (COW) mechanism in the Linux kernel, could allow a malicious actor to tamper with read-only, root-owned executable files. In other words, exploitation of this vulnerability may allow an attacker to take complete control of... Read More
October 21, 2016

Threat Update: US-CERT Confirms Heightened DDoS Threat Posed by Mirai and Other Botnets

Herjavec Group circulates US – CERT advisories as this notification warrants attention and may have significance to your Enterprise network environment. If the following advisory is applicable to your environment, Herjavec Group recommends your IT team review the technical details included and monitor your environment for any susceptible systems. Herjavec Group’s analysts are working with applicable vendor partners to apply... Read More
October 17, 2016

Threat Update: WPAD Name Collision Vulnerability

Web Proxy Auto-Discovery (WPAD) Domain Name System (DNS) queries that are intended for resolution on private or enterprise DNS servers have been observed reaching public DNS servers [1]. In combination with the New generic Top Level Domain (gTLD) program’s incorporation of previously undelegated gTLDs for public registration, leaked WPAD queries could result in domain name collisions with internal network naming... Read More
May 24, 2016

Threat Update: SAP Business Applications

It has been reported that over 35 organizations worldwide running outdated or misconfigured software are affected by an SAP vulnerability. Security researchers from Onapsis discovered indicators of exploitation against these organizations’ SAP business applications. The observed indicators relate to the abuse of the Invoker Servlet, a built-in functionality in SAP NetWeaver Application Server Java systems (SAP Java platforms). The Invoker... Read More
May 11, 2016