Blog

Cybersecurity Threat Advisory 0010-21: Critical VMware Vulnerabilities

Threat Update VMware has released an advisory detailing newly discovered vulnerabilities across multiple products, namely ESXI, vCenter Server and Cloud Foundation. The severity of these vulnerabilities varies but included among them is a remote code execution vulnerability that has received a “Critical” 9.8 CVSS score. VMware has at this time released patches for these vulnerabilities,…
Read more

Cybersecurity Threat Advisory 0009-21: Oldsmar, Florida Water Treatment Facility Compromised

Threat Update A water treatment facility in Oldsmar, Florida had their SCADA systems breached by an unidentified hacker. The hacker attempted to modify chemical levels to effectively poison the local water supply. The hacker’s intrusion was swiftly detected and contained resulting in no tainted water being delivered to the local populous. Technical Detail & Additional…
Read more

Cybersecurity Threat Advisory 0008-21: Ransomware Groups Exploiting Critical VMWare ESXi Vulnerabilities

Threat Update There are two critical remote code execution vulnerabilities (CVE-2019-5544 and CVE-2020-3992) within VMWare ESXi which allow attackers to effectively gain control of a virtual machine (VM), deploy ransomware, and encrypt ESXi virtual disk drives. These vulnerabilities are reported to have been exploited in the wild. SKOUT recommends updating the software to the fixed…
Read more

Cybersecurity Threat Advisory 0007-21: Apple iOS Zero-Day Vulnerabilities Exploited in Wild

Threat Update Apple has announced that they have learned of three zero-day vulnerabilities affecting their iOS operating system. One of the vulnerabilities (CVE-2021-1782) affects the system kernel, allowing for privilege escalation; while the other two (CVE-2021-1870, CVE-2021-1871) are present within the system’s WebKit Safari browser allowing for remote code execution (RCE). According to Apple, all…
Read more

Cybersecurity Threat Advisory 0006-21: Threat Actors Abusing Windows RDP Servers

Threat Update The RDP service for Windows devices operating on UDP port 3389 can currently be used in an amplified attack resulting in the potential DDoS of a target. A system which is either involved in or the target of an attack such as this could experience partial or total degradation in usability. It is…
Read more

Cybersecurity Threat Advisory 0005-21: Updates on Global Intrusion Campaign

Threat Update Government and private sector organizations are constantly releasing updates on all manner of topics relating to the SolarWinds Orion compromise. In this article, we have detailed recently released information related to the incident. Technical Detail & Additional Information WHAT IS THE THREAT? HARDENING ACTIVE DIRECTORYA recent article from CSO Online on hardening Active…
Read more

Cybersecurity Threat Advisory 0004-21: WordPress Plugin Critical Vulnerability

Threat Update Security researchers have discovered two vulnerabilities present in a WordPress plugin called Orbit Fox. One vulnerability is rated 9.9 on the CVSS scale and allows for privilege escalation and remote code injection; The second is rated 6.4 on the CVSS scale and allows for cross-site scripting. SKOUT recommends updating the Orbit Fox plugin…
Read more

Cybersecurity Threat Advisory 0003-21: SonicWall NetExtender VPN Client and SMA 100 Zero-Day

*Update 1/25: From SonicWall, “While we previously communicated NetExtender 10.X as potentially having a zero-day, that has now been ruled out. It may be used with all SonicWall products. No action is required from customers or partners. Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series. We have determined that…
Read more

Cybersecurity Threat Advisory 0002-21: Threat Actors Target the Aviation Sector with Ransomware and Information Stealing Attacks

Threat Update The most recent sector to fall prey to ransomware and other cyber attacks is aviation. At least two prominent organizations (Embraer and Dassault Falcon Jet) were struck by ransomware, resulting in the loss of capital, labor efficiency, and potentially operational secrets. Additionally, a startling report from NCC and Fox-IT detailed a campaign by…
Read more

Cybersecurity Threat Advisory 0001-21: Assorted Updates to Global Intrusion Campaign

Threat Update Government and private sector organizations are constantly releasing updates on all manner of topics relating to the SolarWinds Orion compromise. In this article, we have detailed a number of important SolarWinds-related developments. Technical Detail & Additional Information DEPARTMENT OF JUSTICE EMAIL COMPROMISEOn Wednesday, January 6th, the U.S. Department of Justice (DOJ) issued a…
Read more

Cybersecurity Threat Advisory 0074-20: Assorted Updates to Global Intrusion Campaign

Threat Update Government and private sector organizations are constantly releasing updates on all manner of topics relating to the SolarWinds Orion compromise. In this article, we have detailed a number of important SolarWinds-related developments. Technical Detail & Additional Information DEPARTMENT OF JUSTICE EMAIL COMPROMISEOn Wednesday, January 6th, the U.S. Department of Justice (DOJ) issued a…
Read more

Cybersecurity Threat Advisory 0073-20: December 2020 Global Intrusion Campaign

Summary On December 8th, 2020, an extremely pervasive and serious global intrusion campaign was detected and communicated to the broader cybersecurity community and the media. The actors behind this campaign gained access to numerous public and private organizations around the world and are suspected to be foreign state related. Evidence of this campaign can be…
Read more