General

Threat Advisory: Palo Alto PAN-OS Authentication Bypass in SAML Vulnerability

Threat Advisory: Palo Alto PAN-OS Authentication Bypass in SAML Vulnerability

On June 29, 2020, Palo Alto Networks released a security advisory relating to a critical authentication bypass vulnerability within PAN-OS Security Assertion Markup Language (SAML) authentication. Currently, the affected products include: GlobalProtect Gateway GlobalProtect Portal GlobalProtect Clientless VPN Authentication and Captive Portal PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces Prisma Access The vulnerability affects PAN-OS versions 9.1, 9.0,... Read More
June 30, 2020
Cybersecurity CEO: As COVID-19 Surged, So Did Demand for Cybercrime Fighters

Cybersecurity CEO: As COVID-19 Surged, So Did Demand for Cybercrime Fighters

The cybersecurity labor market bucks the trend. Los Angeles, Calif. – June 17, 2020 With unemployment rates plummeting globally, it’s hard to fathom a spike in demand for talent. But that’s exactly what the cybersecurity industry witnessed in the first half of 2020. A recent study by Gartner revealed that as the number of cases of COVID-19 spiked globally, so... Read More
June 22, 2020
Threat Advisory: Sandworm Actors Exploiting Exim Vulnerability

Threat Advisory: Sandworm Actors Exploiting Exim Vulnerability

A critical remote code execution vulnerability is actively being scanned for and exploited across the Internet. Herjavec Group initially published a Threat Advisory for CVE-2019-10149, known as “Return of the WIZard”, when it was discovered in June 2019. Recently, the NSA published an updated advisory regarding Sandworm threat group operators exploiting the same vulnerability in the Exim Mail Transfer Agent... Read More
May 29, 2020
Cybersecurity CEO: Identity Management is Here to Stay

Cybersecurity CEO: Identity Management is Here to Stay

Los Angeles, Calif. – May 25, 2020 Not long ago if you had asked any security pro about how they protect their perimeter, they would have said - firewalls. In fact, when I started Herjavec Group over 15 years ago, we were the first firewall reseller in Canada!   Today, the security landscape looks a lot different – especially with entire workforces forced to work remotely... Read More
May 25, 2020
Threat Advisory: Citrix ADC/Netscaler Breach Activity

Threat Advisory: Citrix ADC/Netscaler Breach Activity

Herjavec Group has been investigating a spike in Citrix ADC/NetScaler breaches as a result of recently published zero-day exploits for CVE-2019-19781 affecting Citrix Application Delivery Controller (ADC), formerly known as NetScaler ADC, Citrix Gateway, and NetScaler Gateway. The scope of this vulnerability includes Citrix ADC and Citrix Gateway Virtual Appliances (VPX) hosted on any of Citrix Hypervisor (formerly XenServer), ESX, Hyper-V,... Read More
May 19, 2020
CISA Alert: Top 10 Routinely Exploited Vulnerabilities, 2016-2019

CISA Alert: Top 10 Routinely Exploited Vulnerabilities, 2016-2019

Recently, the Cybersecurity & Infrastructure Security Agency (CISA), the FBI, and US government published an alert on the Top 10 Routinely Exploited Vulnerabilities identified by the US government between 2016 to 2019. The alert aims to provide organizations with a list of vulnerabilities, most of which are Common Vulnerabilities and Exposures (CVEs), that are being exploited repeatedly by cyber criminals.... Read More
May 13, 2020
Threat Advisory: Phantom in the Command Shell Campaigns Target Financial Industry

Threat Advisory: Phantom in the Command Shell Campaigns Target Financial Industry

Researchers at Prevailion have reported a new operation called Phantom in the Command Shell. The operations have been targeting financial firms across the globe using the Evilnum malware, which is being distributed to victims using a Google Drive share link. Clicking on the Google Drive share link downloads a malicious zip archive file to the host. When decompressed, the file... Read More
May 8, 2020
Threat Advisory Update: Emotet Botnet Shows Signs of Life & COVID-19 Phishing Campaigns Target Healthcare

Threat Advisory Update: Emotet Botnet Shows Signs of Life & COVID-19 Phishing Campaigns Target Healthcare

The Emotet botnet has begun to show signs of life after months of inactivity. The E2 portion has started deploying credential and email stealing modules. It is believed that this could be a preparation step for a new spam campaign. During the downtime, the operators behind Emotet have redesigned it and some of the modules it uses. New features include... Read More
April 22, 2020
Threat Advisory: NSA, ASD Release Guidance for Mitigating Web Shell Malware

Threat Advisory: NSA, ASD Release Guidance for Mitigating Web Shell Malware

The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) have jointly released a Cybersecurity Information Sheet (CSI) on mitigating web shell malware. Malicious cyber actors are increasingly deploying web shell malware on victim web servers to execute arbitrary system commands. By deploying web shell malware, cyber attackers can gain persistent access to compromised networks. The CSI provides... Read More
Security Best Practices for Your Organization’s Video Conferencing Platform

Security Best Practices for Your Organization’s Video Conferencing Platform

As COVID-19 shifts organizations globally to remote work, there has been an inevitable increase in the use of video conferencing and team collaboration tools such as Zoom, Skype, Microsoft Teams, and WebEx. Threat actors are exploiting publicly known vulnerabilities in these remote work collaboration & communication tools to spread malware and gain access to restricted, private meetings. The Federal Bureau... Read More
April 17, 2020