Category: Security

Threat Update The most recent sector to fall prey to ransomware and other cyber attacks is aviation. At least two prominent organizations (Embraer and Dassault Falcon Jet) were struck by ransomware, resulting in the loss of capital, labor efficiency, and potentially operational secrets. Additionally, a startling report from NCC and Fox-IT detailed a campaign by…
Read more

Threat Update Government and private sector organizations are constantly releasing updates on all manner of topics relating to the SolarWinds Orion compromise. In this article, we have detailed a number of important SolarWinds-related developments. Technical Detail & Additional Information DEPARTMENT OF JUSTICE EMAIL COMPROMISEOn Wednesday, January 6th, the U.S. Department of Justice (DOJ) issued a…
Read more

Threat Update Government and private sector organizations are constantly releasing updates on all manner of topics relating to the SolarWinds Orion compromise. In this article, we have detailed a number of important SolarWinds-related developments. Technical Detail & Additional Information DEPARTMENT OF JUSTICE EMAIL COMPROMISEOn Wednesday, January 6th, the U.S. Department of Justice (DOJ) issued a…
Read more

Summary On December 8th, 2020, an extremely pervasive and serious global intrusion campaign was detected and communicated to the broader cybersecurity community and the media. The actors behind this campaign gained access to numerous public and private organizations around the world and are suspected to be foreign state related. Evidence of this campaign can be…
Read more

Advisory Overview Cisco has reported that internal machines were compromised within one of their lab environments as a result of the vulnerability found in SolarWinds Orion. There were approximately two dozen computers compromised internally, which have reportedly already been identified and mitigated. While Cisco has reported that there is currently no known impact to their…
Read more

Advisory Overview The Center for Internet Security has announced that multiple vulnerabilities have been discovered in SolarWinds N-Central. The SolarWinds N-Central vulnerabilities are not associated with the SolarWinds Orion security incident. SolarWinds has released patches for the vulnerabilities and all users are advised to update as soon as possible. Technical detail and additional information What…
Read more

Advisory Overview Microsoft has released additional information from their investigation into the SolarWinds Orion incident. Part of their investigation revealed that the threat actors execute multiple levels of privilege escalation and authentication theft after initial compromise through the Orion application. Technical detail and additional information What is the threat? As part of their investigation into…
Read more

Advisory Overview SolarWinds Orion, a prominent IT monitoring and management solution, has been compromised with a backdoor by a sophisticated state-sponsored threat actor. The application has been discovered communicating with unknown third-party servers through traffic deliberately designed to mimic normal activity. This compromise was highly sophisticated and affects many public and private organizations across the…
Read more

Advisory Overview FireEye, a major cybersecurity organization, has reported a compromise that resulted in the theft of their suite of Red Team tools. While these tools do not contain any zero-day vulnerabilities, only widely known and documented methods, the theft of them still poses a risk to organizations of all sizes. FireEye is coordinating with…
Read more

Advisory Overview The Ransomware as a Service variant “Egregor” is spiking across the Cybersecurity and IT landscape after the shutdown of the notorious Maze ransomware campaign. Some major organizations have fallen victim to the malware including Kmart, Cencosud (a retail giant in South America), Randstad NV (the world’s largest staffing company and owner of Monster.com),…
Read more

ADVISORY OVERVIEW The SKOUT Security Operation Center is closely following the increase of ransomware activity targeting the healthcare sector. Threat actors are infecting critical healthcare providers/facilities networks with the ransomware variant, Ryuk. A successful attack could disable critical healthcare infrastructure as well as expose sensitive data including patient health records. SKOUT has observed this ransomware…
Read more

Advisory Overview A vulnerability has been discovered which affects the Cisco Webex Teams client for Windows which can allow an authenticated, local attacker to execute arbitrary code at potentially increased privilege through DLL hijacking. This can allow an attacker to execute the potentially malicious code contained in their specially crafted DLL at increased privileges, which…
Read more