Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: ZyXEL NAS RCE Vulnerability (CVE-2020-9054)
Advisory Overview Several ZyXEL NAS devices are vulnerable to Remote Code Execution (RCE). The vulnerability could potentially allow an attacker to execute remote commands as root. A patch has been released, but many devices are at an end of life...
Cybersecurity Threat Advisory: Coronavirus Related Phishing Campaigns
Advisory Overview There has been a rise in phishing campaigns related to Coronavirus. The campaigns vary in exact messaging, but many have imitated the World Health Organization or HR departments issuing warnings and work-from-home guidelines. SKOUT advises taking extra precaution...
Cybersecurity Threat Advisory: Remote Code Execution on Microsoft Exchange Server
Advisory Overview All unpatched versions of Microsoft Exchange Server are vulnerable to a remote code execution bug. The attack requires successful authentication to an Exchange Server. Attackers are scanning the internet for unpatched servers and attempting to authenticate with leaked...
Cybersecurity Threat Advisory: CDPwn Vulnerabilities Impact Cisco Devices
Advisory Overview Five vulnerabilities were discovered in Cisco devices, exploiting the Cisco Discovery Protocol. The vulnerabilities are grouped under the name CDPwn and were reported by the cybersecurity firm Armis. Using this exploit, hackers could take control over Cisco routers,...
Cybersecurity Threat Advisory: Jenkins UDP DDoS Attack (CVE 2020-2100)
Advisory Overview Jenkins is an open source automation server used to build, test and deploy software projects. Attackers are rendering two services that are enabled by default in Jenkins (UDP multicast/broadcast and DNS multicast) unusable with Distributed Denial of Service...
Cybersecurity Threat Advisory: Cisco Firepower Management Center Vulnerability
Advisory Overview Security researchers discovered a critical flaw in the web interface of the Cisco Firepower management center (FMC). Cisco Firepower management center is a platform for managing Cisco network security solutions such as firewalls, application control, intrusion prevention, URL...
Cybersecurity Threat Advisory: RCE in OpenSMTPD library (CVE-2020-7247)
Advisory Overview There is a critical remote code execution vulnerability in the OpenSMTPD library, impacting BSD and Linux Distros. Exploitation could allow an attacker to execute commands as root. A link to the patch is included in the recommendation section...
Cybersecurity Threat Advisory: Iranian Hacking Campaign Targets European Energy Company
Advisory Overview Researchers have reported increased cyber activity within the European energy sector by a high-profile hacking group. The increased activity is possibly linked to Iranian state sponsored attacks. The hackers conducted cyber espionage and gained remote access using the...
Cybersecurity Threat Advisory: Security Vulnerabilities Identified in ConnectWise Control
Advisory Overview Multiple security vulnerabilities in ConnectWise Control were recently disclosed. Anyone using the MSP focused software should immediately update to the newest version and be on the lookout for future updates. ConnectWise has responded to the disclosure and issued...
Cybersecurity Threat Advisory: Sodinokibi Ransomware
Advisory Overview We have previously issued advisories on Sodinokibi Ransomware in Threat Advisory 0034-19 and Threat Advisory 0021-19. The same strand recently hit a Colorado Based MSP Synoptek and the foreign currency exchange Travelex. Sodinokibi has been particularly damaging and...
