Category: Security

Threat Update A new privilege escalation vulnerability has been discovered inside of the Windows RPC protocol. This vulnerability, known as RemotePotato0, is a NTLM relay attack which could allow attackers to escalate their privileges from a normal User all the way up to a Domain admin. Microsoft has announced that they will not be providing…
Read more

Threat Update The botnet “Prometei”, discovered in 2020, has been targeting Exchange servers across the United States using the vulnerabilities recently targeted by HAFNIUM. Technical Detail & Additional Information WHAT IS THE THREAT? The Prometei botnet, previously used for mining the cryptocurrency ‘Monero’, has recently been targeting Exchange Servers across the United States by exploiting…
Read more

Threat Update On April 21st, US-Japanese cybersecurity company Trend Micro disclosed that a threat actor are exploiting a known vulnerability in several of its antivirus products (Apex One, Apex One as a Service, OfficeScan XG SP1, Worry-Free Business Security, and Worry-Free Business Security Services) aimed at enterprise customers in order to gain administrator privileges on…
Read more

Threat Update Hacker group UAS has had 1.3 million RDP credentials for Windows servers leaked by security researchers. The compromised credentials could possibly allow a malicious actor to log into a compromised RDP server. It is imperative to keep best security practices when handling Windows RDP servers, as it could allow an attacker to access…
Read more

Threat Update SonicWall, a security hardware manufacturer, has released patches to address a set of three zero-day vulnerabilities. These vulnerabilities affect both on-premises and hosted Email Security products. These vulnerabilities could allow for attackers to create administrative accounts, upload arbitrary files, and read arbitrary files. These vulnerabilities have allegedly been exploited, and SonicWall is urging…
Read more

Threat Update Due to the rise in targeted attacks on on-prem Microsoft Exchange servers, Microsoft, security vendors, and threat actors across the world have been looking for vulnerabilities within Microsoft Exchange services. This past Tuesday (4/13/2021), Microsoft has issued another round of patches for additional critical vulnerabilities in versions of Exchange Server. Technical Detail &…
Read more

Threat Update A critical vulnerability was recently discovered in the VMWare Carbon Black Workload appliance that could allow an attacker to take control of a vulnerable system. A successful exploit would give an attacker the ability to obtain a valid authentication token and in turn be granted administrative rights on the affected system. SKOUT recommends…
Read more

Threat Update The FBI and CISA released a joint cybersecurity advisory documenting that a number of APTs have been seen in the wild scanning for three FortiOS vulnerabilities (CVE-2018-13379, CVE-2019-5591 and CVE-2020-12812). These vulnerabilities, if exploited, can allow unauthorized remote access to a network, which is particularly dangerous when APTs are involved. It is highly…
Read more

Threat Update The Purple Fox rootkit has recently improved propagation capabilities which makes it easier to spread through a network. This could make it easier for threat actors to steal data from or potentially infect compromised machines with other types of malware, such as ransomware. Malicious actors could also utilize these machines to establish persistence…
Read more

Threat Update A malicious version of the macOS development environment Xcode has been spotted in the wild. Dubbed “XcodeSpy,” its main function is to use a custom Run Script to connect to a C&C server when a compromised application is launched. This will download a version of the “EggShell” backdoor and function as a trojan.…
Read more

Threat Update Over 50,000 patient records at a Utah-based COVID-19 testing service were exposed due to a common AWS S3 cloud security misconfiguration. This mishap led to a severe breach of patient data confidentiality, giving malicious actors an opportunity to steal patient data and representing a tedious and costly compliance violation failure for the testing…
Read more

Threat Update Wordfence has advised that all users of the popular WordPress website builder plugin Elementor update to the latest version available (currently version 3.1.4), including users of either the Free version or Pro version. There is a stored XSS vulnerability affecting Elementor that can be used to steal administrator credentials, which could lead to…
Read more