Blog

Cybersecurity Threat Advisory 0042-21: Malware Targeting Kubernetes Clusters and Windows Server Containers

Threat Update A new malware first discovered in March dubbed ‘Siloscape’ is actively targeting Kubernetes clusters via Windows containers. This malware has the potential to compromise an entire Kubernetes cluster. SKOUT recommends ensuring all clusters are updated with the latest security patches. Technical Detail & Additional Information WHAT IS THE THREAT? ‘Siloscape’ has been targeting…
Read more

Cybersecurity Threat Advisory 0041-21: Recent Security Updates for SAP

Threat Update Critical security updates for Adobe Acrobat and Adobe Reader have recently been released for both Mac OS and Windows. These updates are extremely important, as they could lead to potential machine and network compromise. SKOUT recommends applying the updates, which were published on June 8, 2021. Technical Detail & Additional Information WHAT IS…
Read more

Cybersecurity Threat Advisory 0040-21: Recent Security Updates for Adobe Acrobat and Reader

Threat Update Critical security updates for many Adobe products have recently been released for both Mac OS and Windows. These updates are extremely important as they could lead to potential machine and network compromise. The most popular Adobe products, Acrobat and Reader, have particularly critical vulnerabilities. SKOUT recommends applying the updates for every Adobe product,…
Read more

Cybersecurity Threat Advisory 0039-21: RCE Vulnerability in Siemens PLCs

Threat Update An unauthenticated remote code execution vulnerability has been detected in several Siemens PLC devices. An unauthenticated remote attacker with access to TCP port 102 could exploit this to read or write arbitrary code to protected memory areas. This can allow them to add, remove, or change data that is in those protected memory…
Read more

Cybersecurity Threat Advisory 0038-21: Microsoft Monitors Increased Spear Phishing Activity of Nobelium Group

Threat Update Microsoft has actively been tracking a surge in spear phishing activity conducted by ‘Nobelium,’ the group behind the SUNBURST backdoor, TEARDROP and GoldMax malware. Technical Detail & Additional Information WHAT IS THE THREAT? The threat group ‘Nobelium’ has historically targeted government organizations, think tanks, the military, IT service providers, telecom providers, and health…
Read more

Cybersecurity Threat Advisory 0037-21: Critical Zero-Day in HPE SIM Patched

Threat Update An extremely critical zero-day vulnerability has been found in Hewlett Packard Enterprise’s Systems Insight Manager for Windows. This exploit allows attackers to remotely execute code without being authenticated to the software. SKOUT recommends that companies apply the latest HPE SIM patch, or perform the workaround released by HPE to prevent this attack. Technical…
Read more

Cybersecurity Threat Advisory 0036-21: Critical Zero-Day in WordPress Plugin Fancy Product Designer Under Attack

Threat Update On May 31, 2021, a critical file upload vulnerability in Fancy Product Designer—a WordPress plugin installed on over 17,000 websites—was discovered to be under active exploitation by threat actors. Technical Detail & Additional Information WHAT IS THE THREAT? Fancy Product Designer is a WordPress plugin that enables customers to upload images and PDF…
Read more

Cybersecurity Threat Advisory 0035-21: VMWare vCenter Critical RCE Vulnerability

Threat Update VMware is a virtualization and cloud computing vendor which is used worldwide by many different companies. Recently, VMware announced that they were informed of two vulnerabilities which affect certain versions of its vCenter service. Successful exploitation of these vulnerabilities could allow an attacker to obtain remote control of a device. SKOUT recommends ensuring…
Read more

Cybersecurity Threat Advisory 0034-21: Increase in Activity from Sophisticated Threat Actors

Threat Update A large increase of activity has been seen from malicious threat actors. Many different vectors have been combined to facilitate targeted and widespread attacks. Considering the technical difficulty of these methods, these attackers are highly sophisticated and organizations should be especially vigilant about the attack surface of their company. SKOUT recommends having proper…
Read more

Cybersecurity Threat Advisory 0033-21: Malicious Call Centers Spreading BazarLoader Malware

Threat Update Security researchers have released their latest findings on BazarLoader, malware that provides backdoor access to an infected Windows host. Threat actors will use this malware to infect and infiltrate a victim’s system, send follow-up malware and exploit other vulnerable hosts. Reports show that BazarLoader threat actors send malicious emails under the guise of…
Read more

Cybersecurity Threat Advisory 0032-21: DarkSide Ransomware Group Strikes Again

Threat Update The ransomware group responsible for the Colonial Pipeline attack has struck again – this time affecting European subsidiaries of Toshiba. Some of Toshiba’s networks were shut down in response, demonstrating how effective ransomware is becoming as a method for malicious actors to steal revenue from businesses of all sizes. SKOUT recommends that companies…
Read more

Cybersecurity Threat Advisory 0031-21: Microsoft Patch Tuesday, May 2021

Threat Update Microsoft’s Patch Tuesday release for May 2021 comes with a Windows update that will remediate a multitude of vulnerabilities. The update will patch 55 vulnerabilities, one of which is critical, 50 important, and one moderate. It also includes patches for three zero-day vulnerabilities; CVE-2021-31204 – .NET and Visual Studio Elevation of Privilege Vulnerability,…
Read more