Blog

Cybersecurity Threat Advisory 0030-21: HPE Edgeline Infrastructure Manager Authentication Bypass Vulnerability

Threat Update The organization Hewlett Packard/HP provides many different technologies that are used on both a personal and business level. A vulnerability was recently discovered in one of their commonly used tools, HPE Edgeline Infrastructure manager. The vulnerability could allow for attackers to bypass authentication, and gain access to HPE Edgeline administrator accounts. This could…
Read more

Cybersecurity Threat Advisory 0029-21: Critical Flaws in SD-WAN vManage and HyperFlex Fixed by Cisco

Threat Update Cisco has released patches to address flaws in their SD-WAN vManage and HyperFlex HX software that could allow unauthenticated users create admin accounts as a root user. Threat actors could utilize these flaws, if unpatched, to gain access to the application and execute arbitrary code. It is recommended to patch these applications as…
Read more

Cybersecurity Threat Advisory 0028-21: Many Email Servers Impacted by 21Nails Vulnerabilities

Threat Update Developers behind Exim, a highly adopted mail transfer agent (MTA) solution have released a path to resolve 21 vulnerabilities. The developers have pushed this patch out in order to prevent threat actors from taking over servers using multiple attack vectors. It is imperative that this update is installed as soon as possible to…
Read more

Cybersecurity Threat Advisory 0027-21: Pulse Secure Zero-Day Authentication Bypass

Threat Update A zero-day vulnerability has been discovered in Pulse Secure VPN appliances and has resulted in the compromise of several U.S governmental organizations and agencies. This vulnerability allows an attacker to bypass multi-factor authentication by modifying legitimate Pulse Secure files, and results in attacker access to a device and the creation of a webshell…
Read more

Cybersecurity Threat Advisory 0026-21: Windows RPC Protocol RemotePotato0 Exploit

Threat Update A new privilege escalation vulnerability has been discovered inside of the Windows RPC protocol. This vulnerability, known as RemotePotato0, is a NTLM relay attack which could allow attackers to escalate their privileges from a normal User all the way up to a Domain admin. Microsoft has announced that they will not be providing…
Read more

Cybersecurity Threat Advisory 0025-21: Exchange Vulnerabilities Being Exploited by Botnet

Threat Update The botnet “Prometei”, discovered in 2020, has been targeting Exchange servers across the United States using the vulnerabilities recently targeted by HAFNIUM. Technical Detail & Additional Information WHAT IS THE THREAT? The Prometei botnet, previously used for mining the cryptocurrency ‘Monero’, has recently been targeting Exchange Servers across the United States by exploiting…
Read more

Cybersecurity Threat Advisory 0024-21: Threat Actors Exploiting a Bug in Trend Micro Security Products

Threat Update On April 21st, US-Japanese cybersecurity company Trend Micro disclosed that a threat actor are exploiting a known vulnerability in several of its antivirus products (Apex One, Apex One as a Service, OfficeScan XG SP1, Worry-Free Business Security, and Worry-Free Business Security Services) aimed at enterprise customers in order to gain administrator privileges on…
Read more

Cybersecurity Threat Advisory 0023-21: Over 1 Million Windows RDP Credentials Leaked

Threat Update Hacker group UAS has had 1.3 million RDP credentials for Windows servers leaked by security researchers. The compromised credentials could possibly allow a malicious actor to log into a compromised RDP server. It is imperative to keep best security practices when handling Windows RDP servers, as it could allow an attacker to access…
Read more

Cybersecurity Threat Advisory 0022-21: SonicWall Zero-Day Vulnerabilities

Threat Update SonicWall, a security hardware manufacturer, has released patches to address a set of three zero-day vulnerabilities. These vulnerabilities affect both on-premises and hosted Email Security products. These vulnerabilities could allow for attackers to create administrative accounts, upload arbitrary files, and read arbitrary files. These vulnerabilities have allegedly been exploited, and SonicWall is urging…
Read more

Cybersecurity Threat Advisory 0021-21: 4/13/21 Microsoft Exchange Patches 2.0

Threat Update Due to the rise in targeted attacks on on-prem Microsoft Exchange servers, Microsoft, security vendors, and threat actors across the world have been looking for vulnerabilities within Microsoft Exchange services. This past Tuesday (4/13/2021), Microsoft has issued another round of patches for additional critical vulnerabilities in versions of Exchange Server. Technical Detail &…
Read more

Cybersecurity Threat Advisory 0020-21: Critical Vulnerability in the VMware Carbon Black Cloud Workload

Threat Update A critical vulnerability was recently discovered in the VMWare Carbon Black Workload appliance that could allow an attacker to take control of a vulnerable system. A successful exploit would give an attacker the ability to obtain a valid authentication token and in turn be granted administrative rights on the affected system. SKOUT recommends…
Read more

Cybersecurity Threat Advisory 0019-21: APTs Exploiting FortiOS Vulnerabilities

Threat Update The FBI and CISA released a joint cybersecurity advisory documenting that a number of APTs have been seen in the wild scanning for three FortiOS vulnerabilities (CVE-2018-13379, CVE-2019-5591 and CVE-2020-12812). These vulnerabilities, if exploited, can allow unauthorized remote access to a network, which is particularly dangerous when APTs are involved. It is highly…
Read more