Blog

Cybersecurity Threat Advisory 0062-21: Threat Actors Disguise Malicious Word Files as Windows 11 Documentation

Threat Update Security researchers have discovered recent attempts by threat actors to infect machines with malicious Word documents containing VBA macros and JavaScript to plant a backdoor and create persistence. These Word documents are disguised as documentation or information related to the new Windows 11 Alpha release to entice users into interacting. Recommendations to remediate…
Read more

Cybersecurity Threat Advisory 0061-21: Office 365 Zero-Day Attacks

Threat Update Microsoft has released a mitigation for a vulnerability which exists on Windows 10 and can be exploited against Office 365 and Office 2019. Identified as CVE-2021-40444, this vulnerability could allow attackers to execute arbitrary code on a device if exploited. Because Microsoft Office is used and trusted by millions worldwide, attackers could potentially…
Read more

Cybersecurity Threat Advisory 0060-21: Atlassian Confluence Critical Vulnerability

Threat Update The Australian company Atlassian’s public bug bounty program has discovered a critical vulnerability in Confluence, a corporate web-based wiki developed by Atlassian. Confluence is used and trusted by companies worldwide to host internal Wiki sites that employees can use to access different information and data within their organization. Altassian announced that they have…
Read more

Cybersecurity Threat Advisory 0059-21: Microsoft Power Apps Lead to Exposure of 38 Million Records of Sensitive Data

Threat Update Recent reports indicate that a Microsoft Power Apps misconfiguration may lead to exposure of extremely sensitive data to public sources. SKOUT recommends reviewing your configuration of your Microsoft Power Apps, and performing the Portal Checker diagnostic provided by Microsoft. We also recommend being on the lookout for phishing attempts, as threat actors may…
Read more

Cybersecurity Threat Advisory 0058-21: Lockbit Ransomware Is On The Rise

Threat Update Global consulting firm Accenture was recently hit by a ransomware attack that was allegedly carried by the ransomware group, LockBit. In response, SKOUT has updated their threat intelligence to include key indicators of compromised and developed custom rules to detect LockBit ransomware. Technical Detail & Additional Information WHAT IS THE THREAT? LockBit ransomware…
Read more

Cybersecurity Threat Advisory 0057-21: Cisco Releases Patches for Multiple Security Vulnerabilities

Threat Update Cisco has provided fixes for multiple security vulnerabilities varying from medium to critical severity, which an unauthenticated attacker could exploit. Cisco Small Business RV340, RV340W, RV345, RV345P Dual WAN Gigabit, RV160, RV160W, RV260, RV260P, and RV260W VPN routers have multiple vulnerabilities in the web-based management interface. Cisco also released a patch for a…
Read more

Cybersecurity Threat Advisory 0056-21: Root Access by Way of Linux Kernel Bug

Threat Update Qualys’ research team has discovered a pair of vulnerabilities in the Linux operating system. While one is a local privilege escalation (LPE) vulnerability, the other vulnerability is a stack exhaustion denial-of-service (DOS) vulnerability in the system. Both of these can be exploited by an unprivileged user. Both vulnerabilities affect an integral part of…
Read more

Cybersecurity Threat Advisory 0055-21: Ransomware Campaign Targets Unpatched, End-of-Life (EOL) SonicWall Firmware

Threat Update A ransomware campaign using stolen credentials is actively targeting networking device maker SonicWall’s Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware. The exploitation targets a known vulnerability that has been patched in newer versions of the firmware. Depending on the product, readers…
Read more

Cybersecurity Threat Advisory 0054-21: Patch Released for Critical FortiManager and FortiAnalyzer Vulnerability

Threat Update A patch has been released by Fortinet for their FortiManager & FortiAnalyzer platforms. This critical patch resolves a Use After Free vulnerability (CWE-416) that allowed attackers to execute code as administrators on the targeted device. SKOUT recommends that organizations apply the patch immediately, or follow the mitigation steps provided by Fortinet to ensure…
Read more

Cybersecurity Threat Advisory 0053-21: Windows Print Spooler Elevation of Privilege Vulnerability

Threat Update Last week, SKOUT released a security advisory regarding the “PrintNightmare” Zero-Day vulnerability exploited via the Windows Print Spooler service. This past weekend, on July 16th, Microsoft identified another vulnerability within the Print Spooler service that allows for local privilege escalation. It has yet to be patched. SKOUT recommends disabling the Print Spooler service on all…
Read more

Cybersecurity Threat Advisory 0052-21: SolarWinds Serv-U Zero-day Exploit

Threat Update SolarWinds, an IT management and remote monitoring software developer that fell victim to the Sunburst supply chain attack, has been exploited again. However, the Serv-U zero day exploit is limited to targeted customer impact according to Microsoft. A patch has been released by SolarWinds in the Serv-U version 15.2.3 hotfix (HF) 2 update.…
Read more

Cybersecurity Threat Advisory 0051-21: “PrintNightmare” Zero-Day Vulnerability in Windows Print Spooler

Threat Update Last week, security researchers accidentally published proof-of-concept (PoC) exploit code which has now been dubbed “PrintNightmare”. The vulnerability exploits a critical flaw in Microsoft’s Print Spooler service. Microsoft has issued out-of-band security updates to address the flaw and has rated it as critical as attackers can remotely execute code with system-level privileges on…
Read more