Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: FritzFrog P2P Botnet
Advisory Overview Researchers at Guardicore have identified a peer-to-peer (P2P) botnet, dubbed FritzFrog, brute-forcing SSH servers since January. Once breached, a worm is executed to run malicious payloads which can further expand the botnet by compromising additional devices as well...
Cybersecurity Threat Advisory: Team Viewer Vulnerability
Advisory Overview A vulnerability has been discovered in remote desktop connection application “TeamViewer” that can allow an attacker to steal the login information (username and hashed password) of a user. This can allow the attacker to crack the stolen password...
Cybersecurity Threat Advisory: Two Microsoft Zero-Day Vulnerabilities
Advisory Overview Microsoft has addressed two zero-day vulnerabilities in this week’s rollout of security patches. One of the zero-day vulnerabilities could allow an attacker to bypass security features intended to prevent improperly signed files from being loaded; the other zero-day...
Cybersecurity Threat Advisory: Pulse Secure VPN Server Data Leak
Advisory Overview Over 900+ Pulse VPN servers were breached and had their data leaked online. The data includes plaintext username, passwords, IP addresses, user session cookies, administrator details and private encryption keys. Technical detail and additional information What is the...
Cybersecurity Threat Advisory: iDRAC Local File Inclusion Vulnerability
Advisory Overview Dell EMC iDRAC has been updated to address a path traversal vulnerability in iDRAC versions prior to 4.20.20.20. The vulnerability that was discovered in the Integrated Dell Remote Access Controller (iDRAC) could allow cyber criminals to obtain control...
Cybersecurity Threat Advisory: Windows DNS Server RCE (CVE-2020-1350)
Advisory Overview A Remote Code Execution (RCE) vulnerability exists affecting Windows Domain Name System (DNS) Servers when they improperly handle requests. Successful exploitation of this vulnerability could allow attackers to execute code with SYSTEM level privileges. SKOUT recommends all organizations...
Cybersecurity Threat Advisory: Cisco Small Business Switches RCE (CVE-2020-3297)
Advisory Overview Cisco Systems is warning its customers about a Remote Code Execution (RCE) vulnerability in its line of small business switches. Please be aware that end of life (EOL) products will not be patched (see table below). SKOUT advises...
Cybersecurity Threat Advisory: Citrix Vulnerabilities Affecting ADC, Gateway, and SD-WAN
Advisory Overview Citrix has issued a security patch for multiple gateway devices that were found to have security flaws. These security issues are reportedly unrelated to the previously released CVE-2019-19781. SKOUT advises updating any affected devices to the latest version....
Cybersecurity Threat Advisory: Spear-Phishing Campaign Spreading Hakbit Ransomware
Advisory Overview A spear-phishing campaign targeting various industries is utilizing malicious Microsoft Excel attachments to infect users with the “GuLoader” backdoor trojan. The threat actors then proceed to use GuLoader to download “Hakbit” ransomware onto the infected device. Recommendations to...
Cybersecurity Threat Advisory: F5 Critical Vulnerability Exploited in Wild (CVE-2020-5902)
Advisory Overview A Remote Code Execution (RCE) vulnerability exists in the BIG-IP application delivery controller (ADC) software’s Traffic Management User Interface (TMUI). The vulnerability could allow an attacker to execute remote commands or arbitrary code without the need for authentication,...
