Category: Security

Cybersecurity Threat Advisory 0054-21: Patch Released for Critical FortiManager and FortiAnalyzer Vulnerability

Threat Update A patch has been released by Fortinet for their FortiManager & FortiAnalyzer platforms. This critical patch resolves a Use After Free vulnerability (CWE-416) that allowed attackers to execute code as administrators on the targeted device. SKOUT recommends that organizations apply the patch immediately, or follow the mitigation steps provided by Fortinet to ensure…
Read more

Cybersecurity Threat Advisory 0053-21: Windows Print Spooler Elevation of Privilege Vulnerability

Threat Update Last week, SKOUT released a security advisory regarding the “PrintNightmare” Zero-Day vulnerability exploited via the Windows Print Spooler service. This past weekend, on July 16th, Microsoft identified another vulnerability within the Print Spooler service that allows for local privilege escalation. It has yet to be patched. SKOUT recommends disabling the Print Spooler service on all…
Read more

Cybersecurity Threat Advisory 0052-21: SolarWinds Serv-U Zero-day Exploit

Threat Update SolarWinds, an IT management and remote monitoring software developer that fell victim to the Sunburst supply chain attack, has been exploited again. However, the Serv-U zero day exploit is limited to targeted customer impact according to Microsoft. A patch has been released by SolarWinds in the Serv-U version 15.2.3 hotfix (HF) 2 update.…
Read more

Cybersecurity Threat Advisory 0051-21: “PrintNightmare” Zero-Day Vulnerability in Windows Print Spooler

Threat Update Last week, security researchers accidentally published proof-of-concept (PoC) exploit code which has now been dubbed “PrintNightmare”. The vulnerability exploits a critical flaw in Microsoft’s Print Spooler service. Microsoft has issued out-of-band security updates to address the flaw and has rated it as critical as attackers can remotely execute code with system-level privileges on…
Read more

Cybersecurity Threat Advisory 0050-21: 07-06-2021 Kaseya VSA Follow-Up Threat Advisory

Threat Update This Threat Advisory acts as a follow-up to our previously released Advisories “0048-21” and “0049-21”. Kaseya has scheduled an urgent patch for July 6, 2021, between 4:00PM EDT – 7:00PM EDT. The Kaseya VSA vulnerabilities are still un-remediated at the time of publication and is it advised that any on-prem instances of the…
Read more

Cybersecurity Threat Advisory 0049-21: Kaseya VSA Ransomware Update

NOTE TO CLARIFY ON AN EARLIER COMMUNICATION: SKOUT Cybersecurity’s product offerings do not use Kaseya in any means and are not impacted by this incident. if you have any questions, please contact the Security Operations Center. View the original post here Threat Update Kaseya has publicly announced that they believe the attack is limited to…
Read more

Cybersecurity Threat Advisory 0048-21: Kaseya VSA Supply Chain Exploit Actively Distributing Ransomware

Threat Update On July 2nd, 2021, Kaseya’s Remote Monitoring and Management Platform “Kaseya VSA” was exploited with signs of a sophisticated Supply Chain attack. Kaseya VSA is now actively being used by threat actors to distribute ransomware. Kaseya has taken down all cloud servers dedicated to VSA. It is recommended that any organizations with the…
Read more

Cybersecurity Threat Advisory 0047-21: Buffer Overflow in HTTP Request Header Leads to Partial Memory Leak (SonicWall)

Threat Update On June 23, security researchers reported that SonicWall’s stack-based Buffer Overflow vulnerability from late last year was only partially patched, yielding another attack vector for unpatched systems. A threat actor can send malicious requests to the firewall to execute code remotely and gain a foothold into an unpatched environment through partial memory leaks.…
Read more

Cybersecurity Threat Advisory 0046-21: Wormable Ransomware Targeting Linux and Docker instances

Threat Update A new ransomware built in Bash has been discovered targeting Linux and Docker cloud containers. This malware is built in Bash and has been given the name “DarkRadiation”. There is no currently known information about the delivery methods of this attack. This strain is currently undergoing active development and even includes a worm…
Read more

Cybersecurity Threat Advisory 0045-21: Critical XXE Vulnerability Discovered in ConnectWise Automate

Threat Update This month, it was discovered that ConnectWise Automate versions 2021.6.131 and prior are vulnerable to exploits that allow threat actors to remotely execute code and access confidential data by performing XML external entity (XXE) injection attacks. The severity of this vulnerability is considered critical and should be patched immediately on all affected systems.…
Read more

Cybersecurity Threat Advisory 0044-21: Botnets Version Hunting Perimeter Devices

Threat Update Threat actors have been seen in the wild scanning for perimeter devices which are running vulnerable firmware and have not been updated to allow for vulnerabilities to be patched. Perimeter devices (such as firewalls, intrusion detection/prevention systems, and more) are an important layer of security for any network. If attackers can gain access…
Read more

Cybersecurity Threat Advisory 0043-21: ThroughTek P2P Supply Chain Vulnerability

Threat Update ThroughTek, a massive original equipment manufacturer (OEM) supplier, has been made aware of a software vulnerability involving the IP cameras with P2P connections. The vulnerability could potentially allow unauthorized access to sensitive information via camera audio/video feeds. SKOUT recommends disabling the P2P functionality of the camera to prevent unauthorized capture of audio/video content.…
Read more