Threat Advisory

Beware of Hurricane Harvey Phishing Scams

Herjavec Group advises to be cautious of any emails with subject lines, hyperlinks or attachments related to Hurricane Harvey relief efforts. Cybercriminal activity tends to increase significantly following a natural disaster of this magnitude. For example, fraudulent emails that mimic reputable charitable organizations requesting donations, often contain malicious links or attachments that direct users to malware-infected websites. Herjavec Group would... Read More
August 29, 2017
Threat Advisory: “Petya” Ransomware Update

Threat Advisory: “Petya” Ransomware Update

Multiple sources have reported the spread of the “Petya” ransomware in countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users' access to the infected machine until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee that access will be... Read More
June 27, 2017

WannaCry Fact Sheet

Herjavec Group published its first threat advisory on the WannaCry attack on Friday May 12th. In response to WannaCry, Herjavec Group’s Security Operations Centers immediately heightened awareness internally for IOCs, and MD5 hashes which were attributed to the execution and symptoms of the attack.  Over the 48 hours that followed, HG security engineers developed and deployed rules to all Managed... Read More
May 18, 2017

Threat Update: Microsoft Releases Critical Security Update

Microsoft has released a critical out-of-band security update addressing a vulnerability in the Microsoft Malware Protection Engine. A remote attacker could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review Microsoft Security Advisory 4022344 for details and apply the necessary update. To view the original US-CERT advisory, please click here. Herjavec Group circulates US... Read More
May 9, 2017

Threat Update: Intel Firmware Vulnerability (Updated)

Intel has released recommendations to address a recent vulnerability in the firmware of the following Intel products: Active Management Technology, Standard Manageability, and Small Business Technology firmware versions 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, 11.5, and 11.6. This vulnerability does not affect Intel-based consumer PCs. An attacker could exploit this vulnerability to take control of an affected system. Users and... Read More
May 8, 2017

Threat Update: Intel Firmware Vulnerability

Intel has released recommendations to address a vulnerability in the firmware of the following Intel products: Active Management Technology, Standard Manageability, and Small Business Technology, firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6. This vulnerability does not affect Intel-based consumer PCs. An attacker could exploit this vulnerability to take control of an affected system. Herjavec Group aligns... Read More
May 2, 2017

Threat Update: Microsoft Releases April 2017 Security Updates

Microsoft has released 61 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of a system. This Security Update addresses a Microsoft Office vulnerability that is actively being exploited to spread malicious code. Herjavec Group aligns with US Cert’s recommendation for users and administrators to review Vulnerability Note #VU921560 and Microsoft's April... Read More
April 12, 2017

Threat Update: HTTPS Interception Weakens TLS Security

Many organizations use HTTPS interception products for several purposes, including detecting malware that uses HTTPS connections to malicious servers. In a recent report, The Security Impact of HTTPS Interception highlighted several security concerns with HTTPS inspection products including: Many HTTPS inspection products do not properly verify the certificate chain of the server before re-encrypting and forwarding client data, allowing the possibility... Read More
March 16, 2017

Threat Advisory: Key Vulnerability Found In Cisco’s WebEx Chrome Extension

A critical vulnerability has recently been uncovered in the Chrome extension of Cisco WebEx, a web conferencing software widely used by enterprise businesses, leaving 20 million users susceptible to attack. Windows Chrome users are in danger of getting hacked if unknowingly visiting a malicious website. The malicious websites host a file or other resource that contains the string "cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html" in the URL. This string... Read More
January 25, 2017

Threat Advisory: More Than 1 Million Google Accounts Breached by Gooligan

Checkpoint has recently released information on a new malware campaign named Gooligan. Gooligan has already breached the security of over one million Google accounts and it is believed that more than 13,000 devices will be compromised daily. The Gooligan malware roots infected devices and steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos,... Read More
November 30, 2016