Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Windows GDI+ RCE Vulnerability (CVE-2020-0881)
Advisory Overview Multiple versions of Windows are affected by a new RCE vulnerability. Supported operating systems like Widows 8, 10, Server 2012, and Server 2016 were issued a patch normally on March 10th, but Windows 7 and Server 2008 were...
Cybersecurity Threat Advisory: Healthcare Facilities Targeted During COVID-19 Outbreak
Advisory Overview One of the Czech Republic’s biggest hospitals has been hit with a cyber-attack amid COVID-19 testing. Healthcare facilities, especially hospitals are advised to be on high alert. SKOUT recommends all organizations to be extra cautious during this time...
Cybersecurity Threat Advisory: COVID-19 Live Map Downloads Delivering Malware
Threat Overview There has been an increase in cyber criminals weaponizing fears concerning the Coronavirus to deliver malware. Delivery of this malware is done largely through spam email campaigns where users receive emails with deceptive text and attached files (usually...
Cybersecurity Threat Advisory: SMBGhost (CVE-2020-0796)
Advisory Overview Microsoft has released a patch outside their regular cycle for Microsoft Windows 10 & Windows Server within SMB, a commonly utilized Windows protocol. The vulnerability allows a threat actor to execute code on the target server or client...
Cybersecurity Threat Advisory: ManageEngine RCE (CVE-2020-10189)
Advisory Overview Zoho ManageEngine Desktop Central is vulnerable to Remote Code Execution (RCE). The vulnerability could potentially allow an attacker to execute arbitrary code as SYSTEM or root, without the need for authentication. SKOUT recommends updating ManageEngine Desktop Central to...
Cybersecurity Threat Advisory: ZyXEL NAS RCE Vulnerability (CVE-2020-9054)
Advisory Overview Several ZyXEL NAS devices are vulnerable to Remote Code Execution (RCE). The vulnerability could potentially allow an attacker to execute remote commands as root. A patch has been released, but many devices are at an end of life...
Cybersecurity Threat Advisory: Coronavirus Related Phishing Campaigns
Advisory Overview There has been a rise in phishing campaigns related to Coronavirus. The campaigns vary in exact messaging, but many have imitated the World Health Organization or HR departments issuing warnings and work-from-home guidelines. SKOUT advises taking extra precaution...
Cybersecurity Threat Advisory: Remote Code Execution on Microsoft Exchange Server
Advisory Overview All unpatched versions of Microsoft Exchange Server are vulnerable to a remote code execution bug. The attack requires successful authentication to an Exchange Server. Attackers are scanning the internet for unpatched servers and attempting to authenticate with leaked...
Cybersecurity Threat Advisory: CDPwn Vulnerabilities Impact Cisco Devices
Advisory Overview Five vulnerabilities were discovered in Cisco devices, exploiting the Cisco Discovery Protocol. The vulnerabilities are grouped under the name CDPwn and were reported by the cybersecurity firm Armis. Using this exploit, hackers could take control over Cisco routers,...
Cybersecurity Threat Advisory: Jenkins UDP DDoS Attack (CVE 2020-2100)
Advisory Overview Jenkins is an open source automation server used to build, test and deploy software projects. Attackers are rendering two services that are enabled by default in Jenkins (UDP multicast/broadcast and DNS multicast) unusable with Distributed Denial of Service...