Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Windows Print Spooler Elevation of Privilege Vulnerability
Threat Update Last week, SKOUT released a security advisory regarding the “PrintNightmare” Zero-Day vulnerability exploited via the Windows Print Spooler service. This past weekend, on July 16th, Microsoft identified another vulnerability within the Print Spooler service that allows for local...
Cybersecurity Threat Advisory: SolarWinds Serv-U Zero-day Exploit
Threat Update SolarWinds, an IT management and remote monitoring software developer that fell victim to the Sunburst supply chain attack, has been exploited again. However, the Serv-U zero day exploit is limited to targeted customer impact according to Microsoft. A...
Cybersecurity Threat Advisory: Zero-Day Vulnerability in Windows Print Spooler
Threat Update Last week, security researchers accidentally published proof-of-concept (PoC) exploit code which has now been dubbed “PrintNightmare”. The vulnerability exploits a critical flaw in Microsoft’s Print Spooler service. Microsoft has issued out-of-band security updates to address the flaw and...
Cybersecurity Threat Advisory: 07-06-2021 Kaseya VSA Follow-Up Threat Advisory
Threat Update This Threat Advisory acts as a follow-up to our previously released Advisories “0048-21” and “0049-21”. Kaseya has scheduled an urgent patch for July 6, 2021, between 4:00PM EDT – 7:00PM EDT. The Kaseya VSA vulnerabilities are still un-remediated...
Cybersecurity Threat Advisory: Kaseya VSA Ransomware Update
NOTE TO CLARIFY ON AN EARLIER COMMUNICATION: SKOUT Cybersecurity’s product offerings do not use Kaseya in any means and are not impacted by this incident. If you have any questions, please contact the Security Operations Center. Threat Update Kaseya has...
Cybersecurity Threat Advisory: Kaseya VSA Supply Chain Exploit Distributing Ransomware
Threat Update On July 2nd, 2021, Kaseya’s Remote Monitoring and Management Platform “Kaseya VSA” was exploited with signs of a sophisticated Supply Chain attack. Kaseya VSA is now actively being used by threat actors to distribute ransomware. Kaseya has taken...
Cybersecurity Threat Advisory: Buffer Overflow Leads to Partial Memory Leak
Threat Update On June 23, security researchers reported that SonicWall’s stack-based Buffer Overflow vulnerability from late last year was only partially patched, yielding another attack vector for unpatched systems. A threat actor can send malicious requests to the firewall to...
Cybersecurity Threat Advisory: Wormable Ransomware Targeting Linux and Docker instances
Threat Update A new ransomware built in Bash has been discovered targeting Linux and Docker cloud containers. This malware is built in Bash and has been given the name “DarkRadiation”. There is no currently known information about the delivery methods...
Cybersecurity Threat Advisory: Critical XXE Vulnerability Discovered in ConnectWise Automate
Threat Update This month, it was discovered that ConnectWise Automate versions 2021.6.131 and prior are vulnerable to exploits that allow threat actors to remotely execute code and access confidential data by performing XML external entity (XXE) injection attacks. The severity...
Cybersecurity Threat Advisory: Botnets Version Hunting Perimeter Devices
Threat Update Threat actors have been seen in the wild scanning for perimeter devices which are running vulnerable firmware and have not been updated to allow for vulnerabilities to be patched. Perimeter devices (such as firewalls, intrusion detection/prevention systems, and...
