Blog

Cybersecurity Threat Advisory 0068-20: FireEye Breach

Advisory Overview FireEye, a major cybersecurity organization, has reported a compromise that resulted in the theft of their suite of Red Team tools. While these tools do not contain any zero-day vulnerabilities, only widely known and documented methods, the theft of them still poses a risk to organizations of all sizes. FireEye is coordinating with…
Read more

Cybersecurity Threat Advisory 0067-20: Egregor Ransomware

Advisory Overview The Ransomware as a Service variant “Egregor” is spiking across the Cybersecurity and IT landscape after the shutdown of the notorious Maze ransomware campaign. Some major organizations have fallen victim to the malware including Kmart, Cencosud (a retail giant in South America), Randstad NV (the world’s largest staffing company and owner of Monster.com),…
Read more

Cybersecurity Threat Advisory 0066-20: POS Malware Targeting Restaurants

Advisory Overview Cybersecurity researchers have discovered a modular backdoor known as ModPipe targeting point-of-sale (POS) systems in the hospitality sector. This malware can potentially allow unauthorized retrieval of payment information. SKOUT recommends maintaining updates and patches for all POS systems to ensure security features are applied. Technical detail and additional information What is the threat?…
Read more

Cybersecurity Threat Advisory 0065-20: Apple MacOS Big Sur Vulnerabilities

Advisory Overview Apple has deprecated its support for its Network Kernel Extensions (NKE) which are the services that supported local firewalls on previous Mac systems. This change has allowed macOS Big Sur and roughly 50 other applications in Apple’s app suite to bypass security controls such as firewalls and VPNs and route their traffic straight…
Read more

Cybersecurity Threat Advisory 0064-20: Second Patch Released for VMWare Vulnerability (CVE-2020-3992)

Advisory Overview A previously discovered remote code execution vulnerability for VMware ESXi has received a second patch from VMware, which should now correctly stop exploitation of the OpenSLP service issue. If an attacker were to attempt to exploit an unpatched machine, they could potentially compromise not only that host, but any VMware instances that are…
Read more

Cybersecurity Threat Advisory 0063-20: Ryuk Ransomware Activity Targeting the Healthcare and Public Health Sector

ADVISORY OVERVIEW The SKOUT Security Operation Center is closely following the increase of ransomware activity targeting the healthcare sector. Threat actors are infecting critical healthcare providers/facilities networks with the ransomware variant, Ryuk. A successful attack could disable critical healthcare infrastructure as well as expose sensitive data including patient health records. SKOUT has observed this ransomware…
Read more

Cybersecurity Threat Advisory 0062-20: Cisco Webex Teams for Windows DLL Hijacking

Advisory Overview A vulnerability has been discovered which affects the Cisco Webex Teams client for Windows which can allow an authenticated, local attacker to execute arbitrary code at potentially increased privilege through DLL hijacking. This can allow an attacker to execute the potentially malicious code contained in their specially crafted DLL at increased privileges, which…
Read more

Cybersecurity Threat Advisory 0061-20: Cyber Threats Affecting The United States Presidential Election

Advisory Overview With the United States Presidential Election coming up, cyber-criminal and hacktivist activity has grown. Recent phishing and disinformation campaigns may pose a threat to the election’s validity on a large scale, as well as voter personal identifiable information (PII) remaining secure. Technical detail and additional information What is the threat? With only a…
Read more