Category: For Business

Cybersecurity Threat Advisory 0026-21: Windows RPC Protocol RemotePotato0 Exploit

Threat Update A new privilege escalation vulnerability has been discovered inside of the Windows RPC protocol. This vulnerability, known as RemotePotato0, is a NTLM relay attack which could allow attackers to escalate their privileges from a normal User all the way up to a Domain admin. Microsoft has announced that they will not be providing…
Read more

Cybersecurity Threat Advisory 0025-21: Exchange Vulnerabilities Being Exploited by Botnet

Threat Update The botnet “Prometei”, discovered in 2020, has been targeting Exchange servers across the United States using the vulnerabilities recently targeted by HAFNIUM. Technical Detail & Additional Information WHAT IS THE THREAT? The Prometei botnet, previously used for mining the cryptocurrency ‘Monero’, has recently been targeting Exchange Servers across the United States by exploiting…
Read more

Cybersecurity Threat Advisory 0024-21: Threat Actors Exploiting a Bug in Trend Micro Security Products

Threat Update On April 21st, US-Japanese cybersecurity company Trend Micro disclosed that a threat actor are exploiting a known vulnerability in several of its antivirus products (Apex One, Apex One as a Service, OfficeScan XG SP1, Worry-Free Business Security, and Worry-Free Business Security Services) aimed at enterprise customers in order to gain administrator privileges on…
Read more

Cybersecurity Threat Advisory 0023-21: Over 1 Million Windows RDP Credentials Leaked

Threat Update Hacker group UAS has had 1.3 million RDP credentials for Windows servers leaked by security researchers. The compromised credentials could possibly allow a malicious actor to log into a compromised RDP server. It is imperative to keep best security practices when handling Windows RDP servers, as it could allow an attacker to access…
Read more

Cybersecurity Threat Advisory 0022-21: SonicWall Zero-Day Vulnerabilities

Threat Update SonicWall, a security hardware manufacturer, has released patches to address a set of three zero-day vulnerabilities. These vulnerabilities affect both on-premises and hosted Email Security products. These vulnerabilities could allow for attackers to create administrative accounts, upload arbitrary files, and read arbitrary files. These vulnerabilities have allegedly been exploited, and SonicWall is urging…
Read more

Cybersecurity Threat Advisory 0021-21: 4/13/21 Microsoft Exchange Patches 2.0

Threat Update Due to the rise in targeted attacks on on-prem Microsoft Exchange servers, Microsoft, security vendors, and threat actors across the world have been looking for vulnerabilities within Microsoft Exchange services. This past Tuesday (4/13/2021), Microsoft has issued another round of patches for additional critical vulnerabilities in versions of Exchange Server. Technical Detail &…
Read more

Cybersecurity Threat Advisory 0020-21: Critical Vulnerability in the VMware Carbon Black Cloud Workload

Threat Update A critical vulnerability was recently discovered in the VMWare Carbon Black Workload appliance that could allow an attacker to take control of a vulnerable system. A successful exploit would give an attacker the ability to obtain a valid authentication token and in turn be granted administrative rights on the affected system. SKOUT recommends…
Read more

Cybersecurity Threat Advisory 0019-21: APTs Exploiting FortiOS Vulnerabilities

Threat Update The FBI and CISA released a joint cybersecurity advisory documenting that a number of APTs have been seen in the wild scanning for three FortiOS vulnerabilities (CVE-2018-13379, CVE-2019-5591 and CVE-2020-12812). These vulnerabilities, if exploited, can allow unauthorized remote access to a network, which is particularly dangerous when APTs are involved. It is highly…
Read more

Cybersecurity Threat Advisory 0018-21: Purple Fox Rootkit

Threat Update The Purple Fox rootkit has recently improved propagation capabilities which makes it easier to spread through a network. This could make it easier for threat actors to steal data from or potentially infect compromised machines with other types of malware, such as ransomware. Malicious actors could also utilize these machines to establish persistence…
Read more

Cybersecurity Threat Advisory 0017-21: MacOS Malware XcodeSpy

Threat Update A malicious version of the macOS development environment Xcode has been spotted in the wild. Dubbed “XcodeSpy,” its main function is to use a custom Run Script to connect to a C&C server when a compromised application is launched. This will download a version of the “EggShell” backdoor and function as a trojan.…
Read more

Cybersecurity Threat Advisory 0016-21: AWS S3 Bucket Exposure Causes Patient Data Breach

Threat Update Over 50,000 patient records at a Utah-based COVID-19 testing service were exposed due to a common AWS S3 cloud security misconfiguration. This mishap led to a severe breach of patient data confidentiality, giving malicious actors an opportunity to steal patient data and representing a tedious and costly compliance violation failure for the testing…
Read more

Cybersecurity Threat Advisory 0015-21: WordPress Elementor Vulnerability

Threat Update Wordfence has advised that all users of the popular WordPress website builder plugin Elementor update to the latest version available (currently version 3.1.4), including users of either the Free version or Pro version. There is a stored XSS vulnerability affecting Elementor that can be used to steal administrator credentials, which could lead to…
Read more