Threat Advisory

New intelligence is available from the United Kingdom's National Cyber Security Centre (NCSC) on two tools used by the Turla group to target the UK, known as Neuron and Nautilus. The malware, often used in conjunction with the Snake rootkit, could allow attackers to gain remote access to and control of the target environments. The report, available here, contains indicators of... Read More

Herjavec Group continues to closely monitor the news and activity around Hidden Cobra. Managed Security Services customers can rest assured that should there be an escalation in your environment related to Hidden Cobra, the alert shared with you via HG’s Analytics Platform will be enriched with threat intelligence to indicate the applicable Threat Actors.  The static and dynamic IPs outlined... Read More

This is an update to Herjavec Group’s initial Bad Rabbit Ransomware threat advisory. Additional Bad Rabbit Information Initial analysis from various AV vendors show that the Bad Rabbit malware it is a variant of the NotPetya sample. It is not known yet if there is actual code re-use or if the tactics and strings were simply copied from analyzed versions... Read More

There have been multiple reports of a new ransomware, dubbed "Bad Rabbit," infecting computers in many countries around the world. This suspected variant of Petya ransomware is malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. As always, Herjavec Group advises against paying the ransom, as this does not... Read More

Several key vulnerabilities have been found in the Wi-Fi Protected Access II (WPA2) security protocol that may allow cybercriminals to eavesdrop on Wi-Fi traffic between computers and access points. If exploited, attackers may take control of affected systems to conduct attacks such as packet replay, TCP connection hijacking, HTTP content injection, arbitrary packet decryption, and more.    The following vulnerabilities... Read More

The Palo Alto Networks Support Team circulated the update below last night relating to the Palo Alto Networks URL Filtering service: A new category has been created for your Palo Alto Networks URL Filtering service.  This newly established category, “command-and-control,” previously fell within the malware category in the service.  We created this standalone command-and-control category to provide you with more... Read More

New Security Advisories  PAN-SA-2017-0023 - Cross-Site Scripting in PAN-OS  A vulnerability exists in PAN-OS’s GlobalProtect external interface that could allow for a cross-site scripting (XSS) attack. PAN-OS does not properly validate specific request parameters  * Medium Severity  * Fixed in PAN-OS 6.1.18, PAN-OS 7.0.17, PAN-OS 7.1.12 and PAN-OS 8.0.3  * CVE-2017-12416 PAN-SA-2017-0024 - XML External Entity (XXE) in PAN-OS  A... Read More

Herjavec Group advises to be cautious of any emails with subject lines, hyperlinks or attachments related to Hurricane Harvey relief efforts. Cybercriminal activity tends to increase significantly following a natural disaster of this magnitude. For example, fraudulent emails that mimic reputable charitable organizations requesting donations, often contain malicious links or attachments that direct users to malware-infected websites. Herjavec Group would... Read More

Multiple sources have reported the spread of the “Petya” ransomware in countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users' access to the infected machine until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee that access will be... Read More