Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Microsoft Azure OMIGOD Vulnerability
Threat Update Microsoft’s September 2021 Patch Tuesday addressed four major vulnerabilities that impact users of Microsoft’s Azure platform. They are tracked as CVE-2021-38647 and CVE-2021-38648. They are referred to as OMIGOD, referencing “Open Management Infrastructure,” the agent which makes Azure...
Cybersecurity Threat Advisory: BulletProofLink Phishing-as-a-Service (PhaaS) Campaign
Threat Update Microsoft recently released the results and analysis from its deep dive into BulletProofLink, a large-scale phishing-as-a-service (PHaaS) operation that follows a software-as-a-service (SaaS) business model. This model allows threat actors to purchase phishing kits and email templates in...
Cybersecurity Threat Advisory: AWS Workspaces Remote Code Execution
Threat Update Rhino Security Labs has discovered a vulnerability in the AWS WorkSpaces desktop client, tracked as CVE-2021-38112, which allows commands to be executed if a victim opens a malicious WorkSpaces URI from their browser. Since the report’s release, Amazon...
Cybersecurity Threat Advisory: Malicious Word Files Disguised as Windows 11 Documentation
Threat Update Security researchers have discovered recent attempts by threat actors to infect machines with malicious Word documents containing VBA macros and JavaScript to plant a backdoor and create persistence. These Word documents are disguised as documentation or information related...
Cybersecurity Threat Advisory: Atlassian Confluence Critical Vulnerability
Threat Update The Australian company Atlassian’s public bug bounty program has discovered a critical vulnerability in Confluence, a corporate web-based wiki developed by Atlassian. Confluence is used and trusted by companies worldwide to host internal Wiki sites that employees can...
Cybersecurity Threat Advisory: Microsoft Power Apps Expose 38 Million Records of Data
Threat Update Recent reports indicate that a Microsoft Power Apps misconfiguration may lead to exposure of extremely sensitive data to public sources. SKOUT recommends reviewing your configuration of your Microsoft Power Apps, and performing the Portal Checker diagnostic provided by...
Cybersecurity Threat Advisory: Cisco Releases Patches for Multiple Security Vulnerabilities
Threat Update Cisco has provided fixes for multiple security vulnerabilities varying from medium to critical severity, which an unauthenticated attacker could exploit. Cisco Small Business RV340, RV340W, RV345, RV345P Dual WAN Gigabit, RV160, RV160W, RV260, RV260P, and RV260W VPN routers...
Cybersecurity Threat Advisory: Root Access by Way of Linux Kernel Bug
Threat Update Qualys’ research team has discovered a pair of vulnerabilities in the Linux operating system. While one is a local privilege escalation (LPE) vulnerability, the other vulnerability is a stack exhaustion denial-of-service (DOS) vulnerability in the system. Both of...
Cybersecurity Threat Advisory: Ransomware Targets Unpatched, End-of-Life SonicWall Firmware
Threat Update A ransomware campaign using stolen credentials is actively targeting networking device maker SonicWall’s Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware. The exploitation targets a known vulnerability...
Cybersecurity Threat Advisory: Patch for FortiManager and FortiAnalyzer Vulnerability
Threat Update A patch has been released by Fortinet for their FortiManager & FortiAnalyzer platforms. This critical patch resolves a Use After Free vulnerability (CWE-416) that allowed attackers to execute code as administrators on the targeted device. SKOUT recommends that...
