Blog

Threat Update Security researchers have discovered recent attempts by threat actors to infect machines with malicious Word documents containing VBA macros and JavaScript to plant a backdoor and create persistence. These Word documents are disguised as documentation or information related to the new Windows 11 Alpha release to entice users into interacting. Recommendations to remediate…
Read more

Threat Update Microsoft has released a mitigation for a vulnerability which exists on Windows 10 and can be exploited against Office 365 and Office 2019. Identified as CVE-2021-40444, this vulnerability could allow attackers to execute arbitrary code on a device if exploited. Because Microsoft Office is used and trusted by millions worldwide, attackers could potentially…
Read more

Threat Update The Australian company Atlassian’s public bug bounty program has discovered a critical vulnerability in Confluence, a corporate web-based wiki developed by Atlassian. Confluence is used and trusted by companies worldwide to host internal Wiki sites that employees can use to access different information and data within their organization. Altassian announced that they have…
Read more

Threat Update Recent reports indicate that a Microsoft Power Apps misconfiguration may lead to exposure of extremely sensitive data to public sources. SKOUT recommends reviewing your configuration of your Microsoft Power Apps, and performing the Portal Checker diagnostic provided by Microsoft. We also recommend being on the lookout for phishing attempts, as threat actors may…
Read more

Threat Update Global consulting firm Accenture was recently hit by a ransomware attack that was allegedly carried by the ransomware group, LockBit. In response, SKOUT has updated their threat intelligence to include key indicators of compromised and developed custom rules to detect LockBit ransomware. Technical Detail & Additional Information WHAT IS THE THREAT? LockBit ransomware…
Read more

Threat Update Cisco has provided fixes for multiple security vulnerabilities varying from medium to critical severity, which an unauthenticated attacker could exploit. Cisco Small Business RV340, RV340W, RV345, RV345P Dual WAN Gigabit, RV160, RV160W, RV260, RV260P, and RV260W VPN routers have multiple vulnerabilities in the web-based management interface. Cisco also released a patch for a…
Read more

Threat Update Qualys’ research team has discovered a pair of vulnerabilities in the Linux operating system. While one is a local privilege escalation (LPE) vulnerability, the other vulnerability is a stack exhaustion denial-of-service (DOS) vulnerability in the system. Both of these can be exploited by an unprivileged user. Both vulnerabilities affect an integral part of…
Read more

Threat Update A ransomware campaign using stolen credentials is actively targeting networking device maker SonicWall’s Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware. The exploitation targets a known vulnerability that has been patched in newer versions of the firmware. Depending on the product, readers…
Read more

Threat Update A patch has been released by Fortinet for their FortiManager & FortiAnalyzer platforms. This critical patch resolves a Use After Free vulnerability (CWE-416) that allowed attackers to execute code as administrators on the targeted device. SKOUT recommends that organizations apply the patch immediately, or follow the mitigation steps provided by Fortinet to ensure…
Read more

Threat Update Last week, SKOUT released a security advisory regarding the “PrintNightmare” Zero-Day vulnerability exploited via the Windows Print Spooler service. This past weekend, on July 16th, Microsoft identified another vulnerability within the Print Spooler service that allows for local privilege escalation. It has yet to be patched. SKOUT recommends disabling the Print Spooler service on all…
Read more

Threat Update SolarWinds, an IT management and remote monitoring software developer that fell victim to the Sunburst supply chain attack, has been exploited again. However, the Serv-U zero day exploit is limited to targeted customer impact according to Microsoft. A patch has been released by SolarWinds in the Serv-U version 15.2.3 hotfix (HF) 2 update.…
Read more

Threat Update Last week, security researchers accidentally published proof-of-concept (PoC) exploit code which has now been dubbed “PrintNightmare”. The vulnerability exploits a critical flaw in Microsoft’s Print Spooler service. Microsoft has issued out-of-band security updates to address the flaw and has rated it as critical as attackers can remotely execute code with system-level privileges on…
Read more