Cybersecurity Threat Advisory: Threat Actors Abusing Windows RDP Servers
Threat Update The RDP service for Windows devices operating on UDP port 3389 can currently be used in an amplified attack resulting in the potential DDoS of a target. A system which is either involved in or the target of...
Cybersecurity Threat Advisory: Updates on Global Intrusion Campaign
Threat Update Government and private sector organizations are constantly releasing updates on all manner of topics relating to the SolarWinds Orion compromise. In this article, we have detailed recently released information related to the incident. Technical Detail & Additional Information...
Cybersecurity Threat Advisory: WordPress Plugin Critical Vulnerability
Threat Update Security researchers have discovered two vulnerabilities present in a WordPress plugin called Orbit Fox. One vulnerability is rated 9.9 on the CVSS scale and allows for privilege escalation and remote code injection; The second is rated 6.4 on...
Cybersecurity Threat Advisory: SonicWall NetExtender VPN Client and SMA 100 Zero-Day
*Update 1/25: From SonicWall, “While we previously communicated NetExtender 10.X as potentially having a zero-day, that has now been ruled out. It may be used with all SonicWall products. No action is required from customers or partners. Current SMA 100...
Cybersecurity Threat Advisory: The Aviation Sector a Target for Ransomware
Threat Update The most recent sector to fall prey to ransomware and other cyber attacks is aviation. At least two prominent organizations (Embraer and Dassault Falcon Jet) were struck by ransomware, resulting in the loss of capital, labor efficiency, and...
Cybersecurity Threat Advisory: Assorted Updates to Global Intrusion Campaign
Threat Update Government and private sector organizations are constantly releasing updates on all manner of topics relating to the SolarWinds Orion compromise. In this article, we have detailed a number of important SolarWinds-related developments. Technical Detail & Additional Information DEPARTMENT...
Cybersecurity Threat Advisory: December 2020 Global Intrusion Campaign
Summary On December 8th, 2020, an extremely pervasive and serious global intrusion campaign was detected and communicated to the broader cybersecurity community and the media. The actors behind this campaign gained access to numerous public and private organizations around the...
Cybersecurity Threat Advisory: Cisco Update to Global Intrusion Campaign
Advisory Overview Cisco has reported that internal machines were compromised within one of their lab environments as a result of the vulnerability found in SolarWinds Orion. There were approximately two dozen computers compromised internally, which have reportedly already been identified...
Cybersecurity Threat Advisory: Multiple Vulnerabilities in SolarWinds N-Central
Advisory Overview The Center for Internet Security has announced that multiple vulnerabilities have been discovered in SolarWinds N-Central. The SolarWinds N-Central vulnerabilities are not associated with the SolarWinds Orion security incident. SolarWinds has released patches for the vulnerabilities and all...
Cybersecurity Threat Advisory: Microsoft Update to Global Intrusion Campaign
Advisory Overview Microsoft has released additional information from their investigation into the SolarWinds Orion incident. Part of their investigation revealed that the threat actors execute multiple levels of privilege escalation and authentication theft after initial compromise through the Orion application....
