Incident Response

Threat Advisory: HG Updates on Citrix vulnerability – CVE-2019-19781

Threat Advisory: HG Updates on Citrix vulnerability – CVE-2019-19781

Over the past month, Herjavec Group has been supporting clients impacted by the vulnerability (CVE-2019-19781) impacting multiple versions of Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP.  CVE-2019-19781 is a directory traversal exploit that involves adversaries initiating a large scan upon discovery of a successful connection, then dropping files onto the infected system. This establishes a backdoor... Read More
January 24, 2020
Threat Advisory: Increased Emotet Malware Activity Detected

Threat Advisory: Increased Emotet Malware Activity Detected

The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory on the increasing use of targeted Emotet malware attacks. Emotet is a Trojan used by threat actors to act as a downloader, or dropper, of other malware. The most common delivery method for Emotet is via the use of spam emails that have a malicious Microsoft Word or Excel... Read More
January 23, 2020
Threat Advisory Update: US National Terrorism Advisory System

Threat Advisory Update: US National Terrorism Advisory System

Herjavec Group is aware of elevated concern around Iranian state-sponsored cyber threat actors. We continue to remain vigilant and will report any suspicious activity across our Managed Security Services Enterprise Base. As always, we will work with our partners to share and notify you with any new threat information as it is made available. Our operations team will continue to... Read More
January 6, 2020
Protect IT: Keep Incident Response Top of Mind When Designing Your Backup and Data Log Recovery

Protect IT: Keep Incident Response Top of Mind When Designing Your Backup and Data Log Recovery

Cybersecurity Awareness Month (CSAM) is a global initiative created by the Department of Homeland Security 16 years ago to recognize the importance of digital security for consumers and organizations alike. Enterprises, employees, and end-users alike need to band together to #BeCyberSmart. Herjavec Group is proud to be a CSAM Champion! Contributed by Matt Anthony, VP of Incident Response, Herjavec Group... Read More
October 21, 2019
Herjavec Group Announces Partnership with Chronicle, Now Part of Google Cloud, to Bring Advanced Security Solutions to Market in Canada

Herjavec Group Announces Partnership with Chronicle, Now Part of Google Cloud, to Bring Advanced Security Solutions to Market in Canada

Herjavec Group adds Chronicle to vast security portfolio to advance managed security services, threat hunting and speed of incident investigation. Herjavec Group, the leader in global cybersecurity operations, specializing in Managed Security Services and Incident Response, is the first service provider across Canada to leverage and be certified in Chronicle’s security intelligence products: Backstory and VirusTotal. Herjavec Group is the... Read More
August 27, 2019
Threat Advisory: URGENT/11 Zero-Day Vulnerability

Threat Advisory: URGENT/11 Zero-Day Vulnerability

News of the URGENT/11 zero-day vulnerabilities has begun to emerge.  These vulnerabilities affect the VxWorks real-time operating system created by Wind River and may allow a remote attacker to gain full control over an impacted device.  The VxWorks operating system is used by over 2 billion Internet of Things (IoT) devices globally including printers, VOIP phones, firewalls, routers, medical equipment,... Read More
July 30, 2019
Threat Advisory: OAuth Phishing Awareness

Threat Advisory: OAuth Phishing Awareness

Traditional phishing messages often target users to deliver malware or obtain credentials. New tools are being released that also enable OAuth abuse in phishing attacks. OAuth has become the de-facto protocol used by companies such as Google, Facebook, Amazon, and Microsoft to manage access to user data across their platforms.   However, this creates an opportunity for an attacker to... Read More
July 24, 2019
HG Q2 2019 Threat Summary Analysis

HG Q2 2019 Threat Summary Analysis

Stay ahead of the threat curve Most organizations developing a Threat Management program strive to stay ahead of the threat curve. At Herjavec Group, we partner with enterprises to map attack verticals, drive threat modelling, and conduct Red Team exercises. Herjavec Group’s Threat Management Team circulates a Quarterly Threat Summary to provide an overview of the most common threats and... Read More
July 21, 2019
Threat Advisory: New Vulnerability Affecting Exim Servers

Threat Advisory: New Vulnerability Affecting Exim Servers

A critical remote code execution vulnerability is actively being scanned for and exploited across the Internet. Known as "Return of the WIZard", the vulnerability (tracked under CVE-2019-10149) affects the Exim mail transfer relays (versions 4.87-4.91), which currently operate on more than half of all mail servers on the Internet. The vulnerability was exploited as early as June 9, 2019. While... Read More
June 13, 2019
How To Prevent and Manage a Ransomware Attack

How To Prevent and Manage a Ransomware Attack

A new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021 (Cybersecurity Ventures). Ransomware is constantly evolving and as long as adversaries can keep up with the latest defense tactics, the result is always the same. When infected by ransomware, users get a message informing them, “Your files have been encrypted”, followed... Read More
June 6, 2019